How do i open ports in Linode?

I have allowed port 443 in ufw, iptables, tried Linode's Firewall, but no matter what I can't get port 443 to open:

root@localhost:~# nmap 104.200.20.129 --top-ports 10
Starting Nmap 7.80 ( https://nmap.org ) at 2022-07-08 18:04 UTC
Nmap scan report for 104-200-20-129.ip.linodeusercontent.com (104.200.20.129)
Host is up (0.000024s latency).

PORT STATE SERVICE
21/tcp closed ftp
22/tcp open ssh
23/tcp closed telnet
25/tcp closed smtp
80/tcp closed http
110/tcp closed pop3
139/tcp closed netbios-ssn
443/tcp closed https
445/tcp closed microsoft-ds
3389/tcp closed ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds

Has anyone solved this?

5 Replies

Did you restart the local firewall service on your Linode?

— sw

If you are talking about ufw disable/enable, yes. If you mean the firewall on the Linode Firewalls section, I created one added the rules and rebooted it. I deleted that one. If there's another one then I don't have the expertise to turn it on.

This is ufw:
root@localhost:~# sudo ufw status
Status: active

To Action From
-- ------ ----
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
443 ALLOW Anywhere
80 ALLOW Anywhere
80,443/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
80,443/tcp (v6) ALLOW Anywhere (v6)

But nmap:
root@localhost:~# nmap 104.200.20.129 --top-ports 10
Starting Nmap 7.80 ( https://nmap.org ) at 2022-07-08 20:06 UTC
Nmap scan report for 104-200-20-129.ip.linodeusercontent.com (104.200.20.129)
Host is up (0.000023s latency).

PORT STATE SERVICE
21/tcp closed ftp
22/tcp open ssh
23/tcp closed telnet
25/tcp closed smtp
80/tcp closed http
110/tcp closed pop3
139/tcp closed netbios-ssn
443/tcp closed https
445/tcp closed microsoft-ds
3389/tcp closed ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds

Not ufwiptables. ufw is just a fancy interface for iptables…the real firewall. Only Canonical knows what it does.

sudo systemctl restart iptables 
sudo systemctl restart ip6tables

— sw

The ports are likely open. For example, with ufw totally disabled and no Linode firewall running these ports still appear as closed to nmap when I scan my server through Nordvpn:

PORT STATE SERVICE
21/tcp closed ftp
22/tcp closed ssh
23/tcp closed telnet
25/tcp filtered smtp
80/tcp open http
110/tcp closed pop3
139/tcp closed netbios-ssn
443/tcp open https
445/tcp closed microsoft-ds
3389/tcp closed ms-wbt-server

All ports are actually open.

You can confirm the ports are open by starting a packet capture on the Linode and seeing if your Linode responds with a tcp RST, ACK packet for each port using that same nmap scan. I will provide the capture on my current test linode that has an ip of 170.187.159.205:

31 21.739776149 5.180.208.67 → 170.187.159.205 TCP 58 4056 → 22 [SYN] Seq=0 Win=1024 Len=0 MSS=1460
32 21.739812831 170.187.159.205 → 5.180.208.67 TCP 54 22 → 4056 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
33 21.741345790 5.180.208.67 → 170.187.159.205 TCP 58 4056 → 23 [SYN] Seq=0 Win=1024 Len=0 MSS=1460
34 21.741383561 170.187.159.205 → 5.180.208.67 TCP 54 23 → 4056 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
35 21.743217344 5.180.208.67 → 170.187.159.205 TCP 58 4056 → 110 [SYN] Seq=0 Win=1024 Len=0 MSS=1460
36 21.743222505 170.187.159.205 → 5.180.208.67 TCP 54 110 → 4056 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
37 21.745459746 5.180.208.67 → 170.187.159.205 TCP 58 4056 → 139 [SYN] Seq=0 Win=1024 Len=0 MSS=1460
38 21.745464686 170.187.159.205 → 5.180.208.67 TCP 54 139 → 4056 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
39 21.746188929 5.180.208.67 → 170.187.159.205 TCP 58 4056 → 445 [SYN] Seq=0 Win=1024 Len=0 MSS=1460
40 21.746191019 170.187.159.205 → 5.180.208.67 TCP 54 445 → 4056 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
41 21.746607878 5.180.208.67 → 170.187.159.205 TCP 58 4056 → 21 [SYN] Seq=0 Win=1024 Len=0 MSS=1460
42 21.746610128 170.187.159.205 → 5.180.208.67 TCP 54 21 → 4056 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
43 21.748167668 5.180.208.67 → 170.187.159.205 TCP 58 4056 → 3389 [SYN] Seq=0 Win=1024 Len=0 MSS=1460
44 21.748170808 170.187.159.205 → 5.180.208.67 TCP 54 3389 → 4056 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

If these ports were actually closed my Linode would not send the [RST, ACK] packets.

It is likely a firewall closer to your end. For example your ISP could be blocking the responses. Just like how Nordvpn blocked every response from my linode except from ports 80, 443, and 25 in my case despite all 65535 ports being open.

In the future it helps to do packet captures so that you can actually look under the hood and see what's really happening.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct