Unable to connect to a listening tcp port 80, Iptables is not blocking it

1 vote

0 answers

1609 views

I am trying to see if tcp port 80 is open on a debian 11 server. I logged into it using SSH and did curl -v telnet://localhost:80. It says connection refused. If I do the same with port 22, it shows that I am connected to SSH service. Machine doesn't have telnet or netstat installed locally. It has ss and nc The IP of the interface is 10.31.45.82 and the output of sudo ss -antp is: Proto State Recv-Q Send-Q Local Address:Port Peer Address:Port tcp LISTEN 0 32 10.31.45.82:80 0.0.0.0:* users:(("openvpn",pid=709,fd=7)) curl -v telnet://10.31.45.82:80 is showing connection refused. Same with nc 10.31.45.82 80 I am not sure what is blocking the port. IP tables input chain has policy ACCEPT so that's not blocking the port. Any ideas? I am confused as to why localhost port 80 is showing as refused. Can an external firewall block telnet on localhost? I used nc localhost 22 and it's connecting to SSH and it shows ESTAB in ss -antp. But nc localhost 80 is showing connection refused. sudo iptables-save -c output:

*filter
:INPUT ACCEPT [4958147:1463832998]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [4920575:611816160]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
[185417:9902718] -A FORWARD -j DOCKER-USER
[185417:9902718] -A FORWARD -j DOCKER-ISOLATION-STAGE-1
[0:0] -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -o docker0 -j DOCKER
[0:0] -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
[0:0] -A FORWARD -i docker0 -o docker0 -j ACCEPT
[184273:9850974] -A FORWARD -o br-55d0dcfbc5d8 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[256:13280] -A FORWARD -o br-55d0dcfbc5d8 -j DOCKER
[888:38464] -A FORWARD -i br-55d0dcfbc5d8 ! -o br-55d0dcfbc5d8 -j ACCEPT
[4:240] -A FORWARD -i br-55d0dcfbc5d8 -o br-55d0dcfbc5d8 -j ACCEPT
[4:176] -A DOCKER -d 172.22.0.3/32 ! -i br-55d0dcfbc5d8 -o br-55d0dcfbc5d8 -p tcp -m tcp --dport 9001 -j ACCEPT
[248:12864] -A DOCKER -d 172.10.0.3/32 ! -i br-55d0dcfbc5d8 -o br-55d0dcfbc5d8 -p tcp -m tcp --dport 1883 -j ACCEPT
[0:0] -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
[888:38464] -A DOCKER-ISOLATION-STAGE-1 -i br-55d0dcfbc5d8 ! -o br-55d0dcfbc5d8 -j DOCKER-ISOLATION-STAGE-2
[185417:9902718] -A DOCKER-ISOLATION-STAGE-1 -j RETURN
[0:0] -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
[0:0] -A DOCKER-ISOLATION-STAGE-2 -o br-55d0dcfbc5d8 -j DROP
[888:38464] -A DOCKER-ISOLATION-STAGE-2 -j RETURN
[185417:9902718] -A DOCKER-USER -j RETURN
COMMIT
# Completed on Sat Aug 13 16:58:44 2022
# Generated by iptables-save v1.8.7 on Sat Aug 13 16:58:44 2022
*nat
:PREROUTING ACCEPT [43383:2953292]
:INPUT ACCEPT [43379:2953052]
:OUTPUT ACCEPT [137397:7281952]
:POSTROUTING ACCEPT [137648:7294828]
:DOCKER - [0:0]
[0:0] -A PREROUTING -d 10.31.45.83/32 -p udp -m udp --dport 80 -j REDIRECT --to-ports 123
[39282:2267543] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
[8:448] -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
[0:0] -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
[6:456] -A POSTROUTING -s 172.22.0.0/16 ! -o br-55d0dcfbc5d8 -j MASQUERADE
[0:0] -A POSTROUTING -s 172.22.0.3/32 -d 172.22.0.3/32 -p tcp -m tcp --dport 9001 -j MASQUERADE
[0:0] -A POSTROUTING -s 172.22.0.3/32 -d 172.22.0.3/32 -p tcp -m tcp --dport 1883 -j MASQUERADE
[0:0] -A DOCKER -i docker0 -j RETURN
[0:0] -A DOCKER -i br-55d0dcfbc5d8 -j RETURN
[5:228] -A DOCKER ! -i br-55d0dcfbc5d8 -p tcp -m tcp --dport 9001 -j DNAT --to-destination 172.22.0.3:9001
[248:12864] -A DOCKER ! -i br-55d0dcfbc5d8 -p tcp -m tcp --dport 1883 -j DNAT --to-destination 172.22.0.3:1883
COMMIT

And nftables not installed: -bash: nftables: command not found

Asked by Cruise5 (546 rep)

Aug 13, 2022, 09:03 PM
Last activity: Aug 13, 2022, 11:21 PM

Unable to connect to a listening tcp port 80, Iptables is not blocking it

Related Questions