0

I have a problem with a VPS ports config (on ovh.com).

  • I set up Debian 10 and updated it.
  • I didn't install any firewall software.
  • OVH infrastructure is protected by a global firewall, but on my panel it's shown as disabled and there are no rules applied.
  • Default ports work fine (HTTP, TCP, UDP, SSH, FTP, DNS and SSL).

EXAMPLE (FTP)

FTP works just fine on port 21:

client

$ ftp XX.XX.XX.XX
Connected to XX.XX.XX.XX.
220 (vsFTPd 3.0.3)
Name (XX.XX.XX.XX:f): NAME
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

If I go to yougetsignal.com and it shows Port 21 is open and Port 2121 is closed.

Then I change the listening port to 2121, and it doesn't connect any more

server

# sudo nano /etc/vsftpd.conf
# changes done: "listening_port=2121"
# sudo service vsftpd restart

$ sudo netstat -tnlp | grep :2121
tcp6   0   0   :::2121   :::*   LISTEN   28582/vsftpd

#rules allow all in
$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

$ sudo ip6tables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

client

$ ftp
ftp> open XX.XX.XX.XX
ftp: connect: Connection refused
ftp> open XX.XX.XX.XX:2121
ftp: connect: Connection refused

If I go to yougetsignal.com and it shows Port 21 is closed and Port 2121 is closed.

Same happens for any other port.

Where else can be those rules be defined, since any change I make on ip6tables or iptables seems to do nothing?

UPDATE

As commented by Michael, it was space, not colon.

client

ftp> open XX.XX.XX.XX 2121
Connected to 51.222.30.108.
220 (vsFTPd 3.0.3)

On the other hand, the external test still throw "Closed", and the command commented by vidarlo, netcat -lp 2121, returns Can't grab 0.0.0.0:2121 with bind.

Fahed
  • 121
  • 8
  • 2
    There should be a space between the host and port, not a colon. See the man page. – Michael Hampton Jul 04 '21 at 21:49
  • In addition, it's often easier to fault find using `netcat`. Fire up `netcat -lp 2121` and it will dutifully listen on port 2121 on all interfaces. This removes complex software from the mix, and allows you to trivially establish if the problem is in the network layer or your configuration. – vidarlo Jul 04 '21 at 21:57
  • I updated the question, @vidarlo . Does that mean there is an error? – Fahed Jul 05 '21 at 01:17
  • @Fahed It means the port is *probably* in use. `netstat -tlnp | grep 2121` should show you. – vidarlo Jul 05 '21 at 11:13

0 Answers0