listen on WAN interface when I have a local 0.0.0.0:443 LISTENING ?
I thought I knew what I was doing here, but I am perplexed..
ERR_CONNECTION_REFUSED in chrome, odd..
So I went straight to the host and ran;
netstat -pln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 7692/docker-proxy
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 4456/sshd [listener
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 7681/docker-proxy
tcp 0 0 :::22 :::* LISTEN 4456/sshd [listener
Looks good, why is the browser giving that ERR_CONNECTION_REFUSED?
On the problem PC
drill www.langton.cloud
(like dig but better)
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 5645
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; www.langton.cloud. IN A
;; ANSWER SECTION:
www.langton.cloud. 300 IN A 172.105.188.231
Looks fine.. interesting..
Check what ports are open, moved to another computer, a linux workstation
sudo nmap --privileged \
-A \
-sV 172.105.188.231
and get
Starting Nmap 7.80 ( https://nmap.org ) at 2021-09-13 13:40 AEST
Nmap scan report for li2136-231.members.linode.com (172.105.188.231)
Host is up (0.013s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.4 (protocol 2.0)
80/tcp open http nginx 1.19.8
|_http-server-header: nginx/1.19.8
|_http-title: Welcome to nginx!
Aggressive OS guesses: Linux 2.6.32 (92%), Linux 2.6.32 or 3.10 (92%), Linux 4.4 (92%), Linux 2.6.32 - 2.6.35 (90%), Linux 2.6.32 - 2.6.39 (90%), Linux 2.6.32 - 3.0 (89%), Linux 4.0 (89%), Linux 3.11 - 4.1 (89%), Linux 3.2 - 3.8 (89%), Linux 2.6.18 (88%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 8 hops
TRACEROUTE (using port 21/tcp)
HOP RTT ADDRESS
1 0.44 ms _gateway (192.168.1.1)
2 13.55 ms loop180150280.bng.syd.aussiebb.net (180.150.28.1)
3 13.21 ms HundredGigE0-0-0-8.core2.nextdc-s1.syd.aussiebb.net (180.150.1.152)
4 14.74 ms as63949.syd.edgeix.net.au (202.77.88.77)
5 14.04 ms 10.216.32.0
6 13.35 ms 10.216.32.11
7 13.35 ms 10.216.0.14
8 13.43 ms li2136-231.members.linode.com (172.105.188.231)
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 14.33 seconds
So it seems 443 is not actually an open port?
I have no cloud firewall in the way, it's just the linode instance on the internet there and both port 20, and 80 are open..
Any tips and advice would be greatly appreciated, i'm stuck!
3 Replies
I have no cloud firewall in the way, it's just the linode instance on the internet there and both port 20, and 80 are open..
Check if you have a local firewall. If so, make sure port 443 is open. Typically when you set up a local firewall, ports are closed by default until you open them explicitly.
Look at the output of
iptables -nL
and filter out all the chaff except the rules for 'https' and/or '443'. If you find any blocking rules, you need to remove them.
-- sw
Yeah I did look at the firewall on the host, didn't post it because it's pretty bare and clean without any issues that I can see. I guess i'll add that to help the debug effort here
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0
DOCKER-ISOLATION-STAGE-1 all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (3 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 172.21.0.3 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 172.21.0.3 tcp dpt:80
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- 0.0.0.0/0 0.0.0.0/0
DOCKER-ISOLATION-STAGE-2 all -- 0.0.0.0/0 0.0.0.0/0
DOCKER-ISOLATION-STAGE-2 all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (3 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Thanks for the pointer, any other ideas?
Is your web server configured to respond to requests? Is port 443 accessible from localhost?
I just did an nmap scan from a server in my flat in Oregon on your IP address. Here's some of the results:
80/tcp open http nginx 1.19.8
|_http-server-header: nginx/1.19.8
|_http-title: Welcome to nginx!
443/tcp open ssl/http nginx
|_http-title: Trivial Security - Service Monitoring
| ssl-cert: Subject: commonName=status.trivialsec.com
| Subject Alternative Name: DNS:status.trivialsec.com
| Not valid before: 2021-09-13T02:20:56
|_Not valid after: 2021-12-12T02:20:55
I get the same results when I do the same scan from my Linode in California.
— sw