iptables denies unwanted access/port

Question

I want to have ports 80,8080,443,8443,9990,9993 open, accessible from everywhere. port 8080 seems to be blocked, the browser says: ERR_CONNECTION_REFUSED

syslog: [ 6021.847345] iptables denied: IN=eth0 OUT= MAC=12:85:11:63:da:cb:f6:6d:05:71:95:80:08:00 SRC=my.ip.here DST=server.ip.here LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=51418 DF PROTO=TCP SPT=37536 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0

What am I doing wrong here?

"iptables -L" result

target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             127.0.0.0/8          reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:postgresql
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:9990
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
LOG        all  --  anywhere             anywhere             limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9993 ctstate NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             multiport dports http,https ctstate NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             multiport dports http-alt,8443 ctstate NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             multiport dports 8009,8009 ctstate NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http-alt

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:9993 ctstate ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             multiport dports http,https ctstate ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             multiport dports http-alt,8443 ctstate ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             multiport dports 8009,8009 ctstate ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere```

The firewall doesn't do this. The problem here is you are logging trafficm as denied that you later allowed. — Michael Hampton, Nov 19 '20 at 18:47
It looks like everything is being rejected so that the last 5 `ACCEPT` lines are never reached. — tater, Nov 19 '20 at 20:38

iptables denies unwanted access/port

0 Answers0