1

I am running Ubuntu 20.04.3 server as a virtual server. My virtual server was virtualized with VMware and the delivery was automatic. I'm going to set it to use outline and I have to open ports 443 and 8080.

I tried to do this in the firewall but I still have an error.

We installed the docker program, which is one of the outline requirements, and the program is active, but we have not been able to use this server yet due to the problem of not opening the port or disrupting it.

I put the codes that show the network profile and ufw information of my server.

If you need more information, please let me know.

What is your suggestion to solve this problem?

Sample error:

Host (myip) Port 8080
Testing...

Test assumes port 443 on (myip) refuses all requests

Your network does not block port 8080

Port 8080 on Host (myip) is blocked by packet dropping or server is down

Done!

Host (myip) Port 443 Testing...

Test assumes port 80 on (myip) refuses all requests

Your network does not block port 443

Port 443 on host (myip) is blocked by packed dropping

Done!

Reports :

root@server:~# sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ufw-before-logging-input all -- anywhere anywhere
ufw-before-input all -- anywhere anywhere
ufw-after-input all -- anywhere anywhere
ufw-after-logging-input all -- anywhere anywhere
ufw-reject-input all -- anywhere anywhere
ufw-track-input all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere multiport dports h ttp-alt,https ctstate NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt

Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all -- anywhere anywhere DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ES TABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ufw-before-logging-forward all -- anywhere anywhere ufw-before-forward all -- anywhere anywhere ufw-after-forward all -- anywhere anywhere ufw-after-logging-forward all -- anywhere anywhere ufw-reject-forward all -- anywhere anywhere ufw-track-forward all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- anywhere anywhere ufw-before-output all -- anywhere anywhere ufw-after-output all -- anywhere anywhere ufw-after-logging-output all -- anywhere anywhere ufw-reject-output all -- anywhere anywhere ufw-track-output all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere multiport dports h ttp-alt,https ctstate ESTABLISHED

Chain DOCKER (1 references) target prot opt source destination

Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination

DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere RETURN all -- anywhere anywhere

Chain DOCKER-ISOLATION-STAGE-2 (1 references) target prot opt source destination DROP all -- anywhere anywhere RETURN all -- anywhere anywhere

Chain DOCKER-USER (1 references) target prot opt source destination RETURN all -- anywhere anywhere

Chain ufw-after-forward (1 references) target prot opt source destination

Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc ufw-skip-to-policy-input all -- anywhere anywhere ADD RTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min b urst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min b urst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references) target prot opt source destination

Chain ufw-after-output (1 references) target prot opt source destination

Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ES TABLISHED ACCEPT icmp -- anywhere anywhere icmp destination-u nreachable ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-pro blem ACCEPT icmp -- anywhere anywhere icmp echo-request ufw-user-forward all -- anywhere anywhere

Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ES TABLISHED ufw-logging-deny all -- anywhere anywhere ctstate INV ALID DROP all -- anywhere anywhere ctstate INVALID ACCEPT icmp -- anywhere anywhere icmp destination-u nreachable ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-pro blem ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT udp -- anywhere anywhere udp spt:bootps dpt :bootpc ufw-not-local all -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900 ufw-user-input all -- anywhere anywhere

Chain ufw-before-logging-forward (1 references) target prot opt source destination

Chain ufw-before-logging-input (1 references) target prot opt source destination

Chain ufw-before-logging-output (1 references) target prot opt source destination

Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ES TABLISHED ufw-user-output all -- anywhere anywhere

Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min b urst 10 LOG level warning prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- anywhere anywhere ctstate INVALID li mit: avg 3/min burst 10 LOG all -- anywhere anywhere limit: avg 3/min b urst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- anywhere anywhere ADDRTYPE match dst -type LOCAL RETURN all -- anywhere anywhere ADDRTYPE match dst -type MULTICAST RETURN all -- anywhere anywhere ADDRTYPE match dst -type BROADCAST ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10 DROP all -- anywhere anywhere

Chain ufw-reject-forward (1 references) target prot opt source destination

Chain ufw-reject-input (1 references) target prot opt source destination

Chain ufw-reject-output (1 references) target prot opt source destination

Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- anywhere anywhere

Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- anywhere anywhere

Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere

Chain ufw-track-forward (1 references) target prot opt source destination

Chain ufw-track-input (1 references) target prot opt source destination

Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere ctstate NEW ACCEPT udp -- anywhere anywhere ctstate NEW

Chain ufw-user-forward (1 references) target prot opt source destination

Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ACCEPT tcp -- anywhere anywhere tcp dptsh ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt ACCEPT udp -- anywhere anywhere udp dpt:8080 ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt ACCEPT udp -- anywhere anywhere udp dpt:8080

Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min b urst 5 LOG level warning prefix "[UFW LIMIT BLOCK] " REJECT all -- anywhere anywhere reject-with icmp-p ort-unreachable

Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere

Chain ufw-user-logging-forward (0 references) target prot opt source destination

Chain ufw-user-logging-input (0 references) target prot opt source destination

Chain ufw-user-logging-output (0 references) target prot opt source destination

Chain ufw-user-output (1 references) target prot opt source destination

root@server:~# ^C root@server:~# sudo ufw status Status: active

To Action From


80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 21/tcp ALLOW Anywhere 20/tcp ALLOW Anywhere 22/tcp ALLOW Anywhere 3306/tcp ALLOW Anywhere 8080/tcp ALLOW Anywhere 8080/udp ALLOW Anywhere 8080 ALLOW Anywhere 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) 21/tcp (v6) ALLOW Anywhere (v6) 20/tcp (v6) ALLOW Anywhere (v6) 22/tcp (v6) ALLOW Anywhere (v6) 3306/tcp (v6) ALLOW Anywhere (v6) 8080/tcp (v6) ALLOW Anywhere (v6) 8080/udp (v6) ALLOW Anywhere (v6) 8080 (v6) ALLOW Anywhere (v6)

----------------------------------------------------------------------3

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 37.187.28.254 0.0.0.0 UG 0 0 0 ens32 37.187.28.254 0.0.0.0 255.255.255.255 UH 0 0 0 ens32 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0

------------------------------------------------------------------------4

root@server:~# curl -v 145.239.***.2:443

  • Trying 145.239.***.2:443...
  • TCP_NODELAY set
  • Connected to 145.239.*.2 (145.239.*.2) port 443 (#0)

> GET / HTTP/1.1 > Host: 145.239.**.2:443 > User-Agent: curl/7.68.0 > Accept: /*

>

^C

root@server:~# curl -v 145.239.***.2:8080/

  • Trying 145.239.***.2:8080...
  • TCP_NODELAY set
  • Connected to 145.239.*.2 (145.239.*.2) port 8080 (#0)

> GET / HTTP/1.1 > Host: 145.239.**.2:8080 > User-Agent: curl/7.68.0 > Accept: /*

>

  • Empty reply from server
  • Connection #0 to host 145.239.***.2 left intact

curl: (52) Empty reply from server


  • Firewall settings are set according to this page
  • Outline installation is set according to this page
  • 2
    The way the data is presented is a bit ambiguous. Without any formatting and without any description of where this information is coming from and how it is relevant, it's hard to use the info. We can't tell where one thing starts and ends, nor can we distinguish a data dump from descriptions that you added. There's also not an explanation of what you mean by "I tried to do this in the firewall". I suggest that you use edit to overhaul to your question and make sure that it is properly formatted so that we can parse the information you are providing. – Nmath Dec 22 '21 at 21:53
  • Hello dear Thanks for your reply. I added more details. I just have a problem adding a port to the server – pezhman masoumi Dec 23 '21 at 14:14
  • Does this answer your question? How can I open port 443? – Nmath Dec 24 '21 at 06:03
  • if you were dealing with docker the make sure the IPFORWARDING enabled, and if you getting continuous error for that particular port after enabled via "ufw" you could try to add that port permanently allowed in firewall or once try with disabling the firewall for host. – Brijesh Sondarva Dec 24 '21 at 12:06

0 Answers0