Port 7080 blocked, why?
Hi all,
So I enabled port 7080 in Linode firewall panel, however, when I type ufw status, it does not show that 7080 is allowed traffic.
My Linode firewall for port 7080 settings is as followed:
Label: accept-inbound-HTTP
Protocol: TCP
Ports: Custom
Custom Port Range: 7080
Sources: All IPv4, All IPv6
Action: Accept
This is confusing, do I need to ufw allow 7080 then disable once done? What's the point of the firewall in Linode panel if I set it up but still not allowing traffic?
Thank you…
2 Replies
✓ Best Answer
ufw isn't made by Linode but can come with some Linux distributions. That's a firewall front-end for iptables on the vps itself (not all of the distros have ufw automatically installed though).
ufw allow 7080
should open the port.
The Linode firewall is outside of the vps and is capable of much more efficient filtering. If it drops packets they won't reach your server at all.
So you have two firewalls. Incoming packets would first reach the Linode firewall and if accepted then to your server's ufw/iptables firewall.
Unlike iptables itself, ufw will default to automatically dropping any non-established connections (IPs your server didn't send a packet too first). So an incoming packet to the vps accepted through the Linode firewall will reach ufw and by default still get dropped unless you either allow it through ufw/iptables or stop ufw.
You can view iptables rules with:
iptables -S
There's also:
iptables -t raw -S
iptables -t mangle -S
iptables -t nat -S
If you really want to look under the hood and see if the packets are being dropped or not I would recommend a packet capture tool such as tshark or tcpdump.
Then you can do this to watch packets in the terminal. I don't recommend this if your server has a lot of traffic:
tshark -i eth0
If you don't see any packet(s) to port 7080 reach the server that would indicate the Linode firewall is blocking them. If they do reach reach the server but it doesn't respond at all to them then the packets are being dropped by ufw/iptables. If it responds to tcp with tcp RST ACK the port is open and packets are reaching it, it's just that nothing is actually using it so the OS itself indicates to close the connection.