You are not logged in.

Pages: 1

#1 2018-10-02 20:19:38

nicman23
Member
Registered: 2016-09-03
Posts: 13

All ports closed for one user

My everyday user with an uid / gid of 1000 is unable to use any ports from 1-65535. creating a user with the name asd and uid/gid for 1001 with the same groups (wheel kvm scanner input plugdev docker sambashare) as the previous user plus group 1000(gid), is able to open the port.

This is not a routing issue. i can see for example transmission-qt creating upnp/ nat-pmp rules and with user asd everything works.

I am not running any firewalls except iptables / core packages group. I use networkmanager with kde plasma on linux-zen, which should not matter as the other user works.

I have already wasted 4 hours messing with my double nat that already worked (modem + openwrt).

This is stupid, please help

Offline

#2 2018-10-02 22:21:01

seth
Member
Registered: 2012-09-03
Posts: 61,216

Re: All ports closed for one user

No normal user can open ports < 1024

strace nc -vlp 2000 > ~/netcat.strace 2>&1

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#3 2018-10-02 22:47:11

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,231
Website

Re: All ports closed for one user

nicman23 wrote:

I am not running any firewalls except iptables

Post the output of `iptables-save`

Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?

BlueHackers // fscanary // resticctl

Offline

#4 2018-10-03 05:52:44

nicman23
Member
Registered: 2016-09-03
Posts: 13

Re: All ports closed for one user

seth wrote:

No normal user can open ports < 1024

strace nc -vlp 2000 > ~/netcat.strace 2>&1
nicman23 wrote:

is unable to use any ports from 1-65535

iptables-save

# Generated by iptables-save v1.6.2 on Wed Oct  3 08:51:40 2018
*mangle
:PREROUTING ACCEPT [7544:4738964]
:INPUT ACCEPT [1997:973301]
:FORWARD ACCEPT [5469:3748000]
:OUTPUT ACCEPT [1620:195972]
:POSTROUTING ACCEPT [7208:3962764]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Wed Oct  3 08:51:40 2018
# Generated by iptables-save v1.6.2 on Wed Oct  3 08:51:40 2018
*nat
:PREROUTING ACCEPT [135:22921]
:INPUT ACCEPT [38:6836]
:OUTPUT ACCEPT [333:26648]
:POSTROUTING ACCEPT [317:24732]
-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Wed Oct  3 08:51:40 2018
# Generated by iptables-save v1.6.2 on Wed Oct  3 08:51:40 2018
*filter
:INPUT ACCEPT [1970:970642]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1617:194976]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
COMMIT
# Completed on Wed Oct  3 08:51:40 2018

Offline

#5 2018-10-03 05:59:17

seth
Member
Registered: 2012-09-03
Posts: 61,216

Re: All ports closed for one user

That was a general remark because you even tried…
Therefore the nc strace shall be for a port you can legitimately open (eg. 2000)

There seems no owner match in iptables at all.

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#6 2018-10-03 06:11:54

nicman23
Member
Registered: 2016-09-03
Posts: 13

Re: All ports closed for one user

..... if i start netcat on 2000 and use something like 

upnpc -a myip 63697 63697 TCP

the port can be reached from wan and the nc command exits successfully.

if i give transmission-qt (or qbittorrent) the same port, the port is reported closed....

Last edited by nicman23 (2018-10-03 06:12:16)

Offline

#7 2018-10-03 06:18:57

seth
Member
Registered: 2012-09-03
Posts: 61,216

Re: All ports closed for one user

Tried "just transmission"?
(It opens a webserver on 9091 and iirc you can use the config gui there to set the peer port (randomness))

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#8 2018-10-03 06:31:19

nicman23
Member
Registered: 2016-09-03
Posts: 13

Re: All ports closed for one user

non gui transmission from the same user works...... but if the issue was with transmission-qt, qbittorrent should also be working..

Offline

#9 2018-10-03 06:46:29

nicman23
Member
Registered: 2016-09-03
Posts: 13

Re: All ports closed for one user

the plot thickness, i rm -rf `ed the transmission configuration that all is working/ except magnets.

so basically i got double teamed by qbittorrent and transmission-qt

Offline

Pages: 1

Board footer

Powered by FluxBB