1

I am running Ubuntu 20.04.3 server as a virtual server. My virtual server was virtualized with VMware and the delivery was automatic. I'm going to set it to use outline and I have to open ports 443 and 8080.

I tried to do this in the firewall but I still have an error.

We installed the docker program, which is one of the outline requirements, and the program is active, but we have not been able to use this server yet due to the problem of not opening the port or disrupting it.

I put the codes that show the network profile and ufw information of my server.

If you need more information, please let me know.

What is your suggestion to solve this problem?

Sample error:

Host (myip) Port 8080
Testing...

Test assumes port 443 on (myip) refuses all requests


Your network does not block port 8080


Port 8080 on Host (myip) is blocked by packet dropping or server is down


Done!


Host (myip) Port 443
Testing...


Test assumes port 80 on (myip) refuses all requests


Your network does not block port 443


Port 443 on host (myip) is blocked by packed dropping


Done!

Reports :

root@server:~# sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ufw-before-logging-input all -- anywhere anywhere
ufw-before-input all -- anywhere anywhere
ufw-after-input all -- anywhere anywhere
ufw-after-logging-input all -- anywhere anywhere
ufw-reject-input all -- anywhere anywhere
ufw-track-input all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere multiport dports h ttp-alt,https ctstate NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt

Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ES TABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ufw-before-logging-forward all -- anywhere anywhere
ufw-before-forward all -- anywhere anywhere
ufw-after-forward all -- anywhere anywhere
ufw-after-logging-forward all -- anywhere anywhere
ufw-reject-forward all -- anywhere anywhere
ufw-track-forward all -- anywhere anywhere


Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw-before-logging-output all -- anywhere anywhere
ufw-before-output all -- anywhere anywhere
ufw-after-output all -- anywhere anywhere
ufw-after-logging-output all -- anywhere anywhere
ufw-reject-output all -- anywhere anywhere
ufw-track-output all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere multiport dports h ttp-alt,https ctstate ESTABLISHED


Chain DOCKER (1 references)
target prot opt source destination


Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination


DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere


Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere


Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere


Chain ufw-after-forward (1 references)
target prot opt source destination


Chain ufw-after-input (1 references)
target prot opt source destination
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm
ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn
ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc
ufw-skip-to-policy-input all -- anywhere anywhere ADD RTYPE match dst-type BROADCAST


Chain ufw-after-logging-forward (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min b urst 10 LOG level warning prefix "[UFW BLOCK] "


Chain ufw-after-logging-input (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min b urst 10 LOG level warning prefix "[UFW BLOCK] "


Chain ufw-after-logging-output (1 references)
target prot opt source destination


Chain ufw-after-output (1 references)
target prot opt source destination


Chain ufw-before-forward (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ES TABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-u nreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-pro blem
ACCEPT icmp -- anywhere anywhere icmp echo-request
ufw-user-forward all -- anywhere anywhere


Chain ufw-before-input (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ES TABLISHED
ufw-logging-deny all -- anywhere anywhere ctstate INV ALID
DROP all -- anywhere anywhere ctstate INVALID
ACCEPT icmp -- anywhere anywhere icmp destination-u nreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-pro blem
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt :bootpc
ufw-not-local all -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900
ufw-user-input all -- anywhere anywhere


Chain ufw-before-logging-forward (1 references)
target prot opt source destination


Chain ufw-before-logging-input (1 references)
target prot opt source destination


Chain ufw-before-logging-output (1 references)
target prot opt source destination


Chain ufw-before-output (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ES TABLISHED
ufw-user-output all -- anywhere anywhere


Chain ufw-logging-allow (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min b urst 10 LOG level warning prefix "[UFW ALLOW] "


Chain ufw-logging-deny (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere ctstate INVALID li mit: avg 3/min burst 10
LOG all -- anywhere anywhere limit: avg 3/min b urst 10 LOG level warning prefix "[UFW BLOCK] "


Chain ufw-not-local (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere ADDRTYPE match dst -type LOCAL
RETURN all -- anywhere anywhere ADDRTYPE match dst -type MULTICAST
RETURN all -- anywhere anywhere ADDRTYPE match dst -type BROADCAST
ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10
DROP all -- anywhere anywhere


Chain ufw-reject-forward (1 references)
target prot opt source destination


Chain ufw-reject-input (1 references)
target prot opt source destination


Chain ufw-reject-output (1 references)
target prot opt source destination


Chain ufw-skip-to-policy-forward (0 references)
target prot opt source destination
DROP all -- anywhere anywhere


Chain ufw-skip-to-policy-input (7 references)
target prot opt source destination
DROP all -- anywhere anywhere


Chain ufw-skip-to-policy-output (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere


Chain ufw-track-forward (1 references)
target prot opt source destination


Chain ufw-track-input (1 references)
target prot opt source destination


Chain ufw-track-output (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere ctstate NEW
ACCEPT udp -- anywhere anywhere ctstate NEW


Chain ufw-user-forward (1 references)
target prot opt source destination


Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dptsh
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt
ACCEPT udp -- anywhere anywhere udp dpt:8080
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt
ACCEPT udp -- anywhere anywhere udp dpt:8080


Chain ufw-user-limit (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min b urst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT all -- anywhere anywhere reject-with icmp-p ort-unreachable


Chain ufw-user-limit-accept (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere


Chain ufw-user-logging-forward (0 references)
target prot opt source destination


Chain ufw-user-logging-input (0 references)
target prot opt source destination


Chain ufw-user-logging-output (0 references)
target prot opt source destination


Chain ufw-user-output (1 references)
target prot opt source destination


root@server:~# ^C
root@server:~# sudo ufw status
Status: active


To Action From




80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
21/tcp ALLOW Anywhere
20/tcp ALLOW Anywhere
22/tcp ALLOW Anywhere
3306/tcp ALLOW Anywhere
8080/tcp ALLOW Anywhere
8080/udp ALLOW Anywhere
8080 ALLOW Anywhere
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
21/tcp (v6) ALLOW Anywhere (v6)
20/tcp (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
3306/tcp (v6) ALLOW Anywhere (v6)
8080/tcp (v6) ALLOW Anywhere (v6)
8080/udp (v6) ALLOW Anywhere (v6)
8080 (v6) ALLOW Anywhere (v6)


----------------------------------------------------------------------3


Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 37.187.28.254 0.0.0.0 UG 0 0 0 ens32
37.187.28.254 0.0.0.0 255.255.255.255 UH 0 0 0 ens32
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0


------------------------------------------------------------------------4


root@server:~# curl -v 145.239.***.2:443


    

  • Trying 145.239.***.2:443...
    • 

  • TCP_NODELAY set
    • 

  • Connected to 145.239.*.2 (145.239.*.2) port 443 (#0)
    • 



> GET / HTTP/1.1
> Host: 145.239.**.2:443
> User-Agent: curl/7.68.0
> Accept: /*


>


^C


root@server:~# curl -v 145.239.***.2:8080/


    

  • Trying 145.239.***.2:8080...
    • 

  • TCP_NODELAY set
    • 

  • Connected to 145.239.*.2 (145.239.*.2) port 8080 (#0)
    • 



> GET / HTTP/1.1
> Host: 145.239.**.2:8080
> User-Agent: curl/7.68.0
> Accept: /*


>


    

  • Empty reply from server
    • 

  • Connection #0 to host 145.239.***.2 left intact
    • 



curl: (52) Empty reply from server
  • Firewall settings are set according to this page
  • Outline installation is set according to this page
pezhman masoumi
  • 11
  • 2
    The way the data is presented is a bit ambiguous. Without any formatting and without any description of where this information is coming from and how it is relevant, it's hard to use the info. We can't tell where one thing starts and ends, nor can we distinguish a data dump from descriptions that you added. There's also not an explanation of what you mean by "I tried to do this in the firewall". I suggest that you use edit to overhaul to your question and make sure that it is properly formatted so that we can parse the information you are providing. – Nmath Dec 22 '21 at 21:53
  • Hello dear Thanks for your reply. I added more details. I just have a problem adding a port to the server – pezhman masoumi Dec 23 '21 at 14:14
  • Does this answer your question? How can I open port 443? – Nmath Dec 24 '21 at 06:03
  • if you were dealing with docker the make sure the IPFORWARDING enabled, and if you getting continuous error for that particular port after enabled via "ufw" you could try to add that port permanently allowed in firewall or once try with disabling the firewall for host. – Brijesh Sondarva Dec 24 '21 at 12:06

0 Answers0