CentOS server refusing all connections except for ssh telnet and http

Question

For some reason my CentOS VPS refuses all connections except for HTTP, SSH and Telnet. Whenever I try to connect to a port such as 25 (SMTP) or even a random port such as 225 I get a connection refused error :S netstat -ap shows that the server is listening and iptables is turned off.

However I can interface with the same ports on the server through telnet...

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination    

# netstat -an | fgrep LISTEN
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:225                 0.0.0.0:*                   LISTEN      
tcp        0      0 :::22                       :::*                        LISTEN      
tcp        0      0 :::80                       :::*                        LISTEN      
unix  2      [ ACC ]     STREAM     LISTENING     169786017 /tmp/.font-unix/fs7100
unix  2      [ ACC ]     STREAM     LISTENING     169786045 /var/run/saslauthd/mux

This is the error message i'm getting from my php script. My PHP script works fine with every other SMTP server I've come across Warning: fsockopen() [function.fsockopen]: unable to connect to :25 (Connection refused)

So is it possible that your ISP only allows a handful ports?! — mailq, Oct 09 '11 at 20:39
yes, that is what @mailq mean. Did your ISP (as in your VPS provider) put a firewall in front of your VPS? Out of curiosity, what ports should be accessible? — Rilindo, Oct 09 '11 at 20:44
@AndrewDunn Is it possible that your hosting provider has a hardware firewall in place somewhere? For instance, you manage Amazon's EC2 instance firewalls (security group) through the web interface, and it doesn't actually sit on the instance itself. — Matthew Scharley, Oct 09 '11 at 21:06
Sorry, but this output looks faked. The colons in the SSH and HTTP lines are about IPv6 whereas SMTP and 225 are about IPv4. But the first column shows only IPv4. So this looks like as mismatch to me. — mailq, Oct 09 '11 at 21:07
Wait, you running sendmail or postfix? Is that what you are trying to get - get sendmail running on the server? — Rilindo, Oct 09 '11 at 21:07
@mailq would you like me to upload an image of my bash terminal? — Randy the Dev, Oct 09 '11 at 21:08
@Rilindo, I'm just trying to get anything to connect to my server not through telnet. It can connect through telnet, so the ports and their connectability are fine. — Randy the Dev, Oct 09 '11 at 21:09
@Rilindo I'm running sendmail on port 25 and my own really basic echo server on port 225 — Randy the Dev, Oct 09 '11 at 21:11

score 3 · Accepted Answer · answered Oct 09 '11 at 21:05

3

It looks like there is something upstream of your VPS that is blocking access except for the ports noted. You should contact your VPS provider and ask them about it.

answered Oct 09 '11 at 21:05

user9517

114,104
20
206
289

1

You were right, they blocked pretty much everything, I solved it by running my SMTP server on port 80 :P – Randy the Dev Oct 09 '11 at 22:44

score 1 · Answer 2 · answered Oct 09 '11 at 21:21

Okay, to make things clear - if you are running CentOS, chances are that you are at release 5 with sendmail as the default. In that case, you will not be to connect externally, because sendmail will only listen to localhost by default. To make it listen on the main IP, you will need to disable the line in /etc/sendmail.mc from this:

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

to this:

dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

Then rebuild sendmail.cf with the following:

/etc/mail/make
/etc/init.d/sendmail restart

(if it is postfix, it may be a different story. IIRC, postfix will only listen by default on localhost as well, so you will need to configure it as well to listen on the main IP).

HOWEVER, since you are just trying to test external connectivity, you may just need to install nc and then run it to listen to a specific. Here is my example:

[root@kvm0006 mail]# nc -l 50

Here I am listening on port 50 (hence, the -l). Now when I connect from outside the server on that port, I will get this:

yvaine:Downloads rilindo$ telnet 192.168.15.36 50
Trying 192.168.15.36...
Connected to kvm0006.monzell.com.
Escape character is '^]'.
Hello

Which will return the following on the server side:

[root@kvm0006 mail]# nc -l 50
Hello

To install nc:

yum -y install nc

And for some reason connecting through telnet works, but connecting directly doesn't. — Randy the Dev, Oct 09 '11 at 21:23
doesn't 0.0.0.0:25 mean listening on port 25 for all available interfaces ? — user9517, Oct 09 '11 at 21:31
Can we get the output of your telnet test? And when you do a telnet test, can you do a tcpdump on the server interface, so that we can see that there is actually two way traffic? — Rilindo, Oct 09 '11 at 21:31

CentOS server refusing all connections except for ssh telnet and http

2 Answers2