Traceroute to the server fails, this is description of the problem:
root@newTralev ~ # ifconfig
eth0 Link encap:Ethernet HWaddr 74:d0:2b:9a:85:74
inet addr:176.9.18.37 Bcast:176.9.18.63 Mask:255.255.255.224
root@condor1796 ~ # traceroute --port=33434 176.9.18.37
traceroute to 176.9.18.37 (176.9.18.37), 30 hops max, 60 byte packets
1 static-ip-209-126-119-1.inaddr.ip-pool.com (209.126.119.1) 0.201 ms static-ip-209-126-119-2.inaddr.ip-pool.com (209.126.119.2) 3.741 ms static-ip-209-126-119-1.inaddr.ip-pool.com (209.126.119.1) 7.516 ms
2 207.38.80.33 (207.38.80.33) 0.207 ms 207.38.80.37 (207.38.80.37) 0.248 ms 0.262 ms
3 ae1.stl1-cr-atlas.bb.gdinf.net (207.38.95.5) 5.304 ms 5.304 ms 5.292 ms
4 stlo-b1-link.telia.net (62.115.165.48) 0.456 ms 0.318 ms stlo-b1-link.telia.net (62.115.165.90) 0.453 ms
5 chi-b23-link.telia.net (62.115.113.173) 7.864 ms 7.889 ms 7.850 ms
6 hetzner-ic-340780-nug-b1.c.telia.net (213.248.70.1) 118.777 ms 118.762 ms 118.776 ms
7 core24.fsn1.hetzner.com (213.239.252.234) 121.918 ms * *
8 ex9k1.dc6.fsn1.hetzner.com (213.239.229.94) 121.127 ms ex9k1.dc6.fsn1.hetzner.com (213.239.229.90) 121.127 ms 121.059 ms
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
root@condor1796 ~ #
This is iptables -L:
root@newTralev ~ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: UPDATE seconds: 60 hit_count: 3 TTL-Match name: sshprobe side: source mask: 255.255.255.255
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: SET name: sshprobe side: source mask: 255.255.255.255
DROP tcp -- anywhere anywhere tcp dpt:8008 state NEW recent: UPDATE seconds: 2 hit_count: 50 name: DEFAULT side: source mask: 255.255.255.255
tcp -- anywhere anywhere tcp dpt:8008 state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255
DROP tcp -- anywhere anywhere tcp dpt:https state NEW recent: UPDATE seconds: 2 hit_count: 50 name: DEFAULT side: source mask: 255.255.255.255
tcp -- anywhere anywhere tcp dpt:https state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255
DROP tcp -- anywhere anywhere tcp dpt:8181 state NEW recent: UPDATE seconds: 2 hit_count: 50 name: DEFAULT side: source mask: 255.255.255.255
tcp -- anywhere anywhere tcp dpt:8181 state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255
DROP tcp -- anywhere anywhere tcp dpt:http-alt state NEW recent: UPDATE seconds: 2 hit_count: 50 name: DEFAULT side: source mask: 255.255.255.255
tcp -- anywhere anywhere tcp dpt:http-alt state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255
DROP tcp -- anywhere anywhere tcp dpt:http state NEW recent: UPDATE seconds: 2 hit_count: 50 name: DEFAULT side: source mask: 255.255.255.255
tcp -- anywhere anywhere tcp dpt:http state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255
DROP tcp -- anywhere anywhere tcp dpt:8008 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 20
DROP tcp -- anywhere anywhere tcp dpt:https flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 20
DROP tcp -- anywhere anywhere tcp dpt:8181 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 20
DROP tcp -- anywhere anywhere tcp dpt:http-alt flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 20
DROP tcp -- anywhere anywhere tcp dpt:http flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 20
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt
ACCEPT tcp -- anywhere anywhere tcp dpt:8181
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:8008
ACCEPT tcp -- anywhere anywhere tcp dpt:12301
ACCEPT udp -- anywhere anywhere udp dpt:12301
ACCEPT tcp -- anywhere anywhere tcp dpt:52444
ACCEPT udp -- anywhere anywhere udp dpt:52444
ACCEPT tcp -- anywhere anywhere tcp dpt:33434
ACCEPT udp -- anywhere anywhere udp dpt:33434
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
But hetzner is not supposed to block port 33434, so does anyone understands where is the problem?
Perhaps in my iptables.config file?
My iptables.rules is as the follows:
#!/bin/bash
# ATTENTION: flush/delete all existing rules
iptables -F
################################################################
# set the default policy for each of the pre-defined chains
################################################################
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
# allow establishment of connections initialised by my outgoing packets
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# accept anything on localhost
iptables -A INPUT -i lo -j ACCEPT
################################################################
#individual ports tcp
################################################################
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 8181 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
#dkim on port 12301
iptables -A INPUT -p tcp --dport 12301 -j ACCEPT
iptables -A INPUT -p udp --dport 12301 -j ACCEPT
#port for mtr
iptables -A INPUT -p tcp --dport 52444 -j ACCEPT
iptables -A INPUT -p udp --dport 52444 -j ACCEPT
iptables -A INPUT -p tcp --dport 33434 -j ACCEPT
iptables -A INPUT -p udp --dport 33434 -j ACCEPT
#uncomment next line to enable AdminGUI on port 4848:
#iptables -A INPUT -p tcp --dport 4848 -j ACCEPT
#limit number of connections
iptables -t filter -I INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 --connlimit-mask 32 -j DROP
iptables -t filter -I INPUT -p tcp --syn --dport 8080 -m connlimit --connlimit-above 20 --connlimit-mask 32 -j DROP
iptables -t filter -I INPUT -p tcp --syn --dport 8181 -m connlimit --connlimit-above 20 --connlimit-mask 32 -j DROP
iptables -t filter -I INPUT -p tcp --syn --dport 443 -m connlimit --connlimit-above 20 --connlimit-mask 32 -j DROP
iptables -t filter -I INPUT -p tcp --syn --dport 8008 -m connlimit --connlimit-above 20 --connlimit-mask 32 -j DROP
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 2 --hitcount 50 -j DROP
iptables -I INPUT -p tcp --dport 8080 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 8080 -m state --state NEW -m recent --update --seconds 2 --hitcount 50 -j DROP
iptables -I INPUT -p tcp --dport 8181 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 8181 -m state --state NEW -m recent --update --seconds 2 --hitcount 50 -j DROP
iptables -I INPUT -p tcp --dport 443 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 443 -m state --state NEW -m recent --update --seconds 2 --hitcount 50 -j DROP
iptables -I INPUT -p tcp --dport 8008 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 8008 -m state --state NEW -m recent --update --seconds 2 --hitcount 50 -j DROP
################################################################
#slow down the amount of ssh connections by the same ip address:
#wait 60 seconds if 3 times failed to connect
################################################################
iptables -I INPUT -p tcp -i eth0 --dport 22 -m state --state NEW -m recent --name sshprobe --set -j ACCEPT
iptables -I INPUT -p tcp -i eth0 --dport 22 -m state --state NEW -m recent --name sshprobe --update --seconds 60 --hitcount 3 --rttl -j DROP
#drop everything else
iptables -A INPUT -j DROP
################################################################
#Redirection Rules
################################################################
#1. redirection rules (allowing forwarding from localhost)
iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A OUTPUT -o lo -p tcp --dport 443 -j REDIRECT --to-port 8181
#2. redirection http
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
#3. redirection https
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8181
################################################################
#save the rules somewhere and make sure
#our rules get loaded if the ubuntu server is restarted
################################################################
iptables-save > /etc/my-iptables.rules
iptables-restore < /etc/my-iptables.rules
#List Rules to see what we have now
iptables -L
Thank you!