Arch Linux

Xarius

Member

Registered: 2020-12-09

Posts: 4

[SOLVED] IP Blocked After Using NMAP

So, I decided to run NMAP from my home computer to a server I run just to see what the output would be. (Both on Arch, fully updated as of a few hours ago.)

After doing this, the server seems to have automatically blocked my home IP address entirely. I can't connect via SSH, I can't view web pages without using a proxy, and I can't connect to a game server running there. I know it is an IP based block, because if I connect via my wireless provider, everything works exactly like it should.

In terms of firewall, I'm just using UFW. I can't find anything in there mentioning my home IP address.
I also searched through iptables, and I don't see anything with my IP address listed there either.

I looked for any blocking activity in dmesg, and it appears it's just consistently blocking a connection from the Netherlands (probably just a bot trying to gain SSH access as usual), but that isn't me as I'm in the USA. I also searched dmesg for my ip4 and ip6 address, and it returned nothing.

I do use Cloudflare, but the portions of my server that are proxied with them are working fine. It's only when I bypass the proxy and try to connect directly that I end up with messages like "Connection refused." from SSH.

So, I have no clue what is actually blocking my IP address, something is, I just can't seem to find out what. Any suggestions would be appreciated, I might be overlooking something very simple.

Last edited by Xarius (2021-08-10 16:08:35)

seth

Member

Registered: 2012-09-03

Posts: 60,939

Re: [SOLVED] IP Blocked After Using NMAP

nmap what? Some script or just a regular "nmap example.com"?
Can you still ping the server? nmap it more?
Can you access other hosts?

"can't view web pages" points towards iptables/netfilter/ufw

Which dutch IP is blocked? Did you try to tracepath the server?

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Xarius

Member

Registered: 2020-12-09

Posts: 4

Re: [SOLVED] IP Blocked After Using NMAP

nmap what? Some script or just a regular "nmap example.com"?
Can you still ping the server? nmap it more?
Can you access other hosts?
"can't view web pages" points towards iptables/netfilter/ufw
Which dutch IP is blocked? Did you try to tracepath the server?

I can access literally everything else except my server without issue.

myserver.com is proxied through Cloudflare.
direct.myserver.com bypasses Cloudflare.

It was originally

nmap -v -p1-65535 direct.myserver.com

I had let that run for about 3 minutes before I canceled it.

Pinging direct.myserver.com results in: "Destination Port Unreachable"
But, pinging myserver.com which is proxied through Cloudflare works just fine.

Visiting webpages at direct.myserver.com results in Firefox saying "Unable to connect" in less than a second.
But, visiting webpages at myserver.com through the Cloudflare proxy works just fine.

Attempting to access the game server from my home connection fails.
But, it is working perfectly fine from my phone.

I read through the pages for UFW and iptables/ip6tables and tried to locate any entries/rules involving my IP4/IP6 address, and saw nothing listed.
I looked through dmesg for anything involving "block",  my IP4, and IP6 address and found nothing except that Netherlands IP getting blocked by UFW.
I actually even tried adding my home IP address as an "allow from" in UFW, and that made no difference either.
I even went as far as straight up disabling UFW temporarily, and still had the same results.

The Netherlands IP here shows nothing of importance in a trace. It's just your standard bot pointlessly trying to SSH into a server using standard usernames like 'root', 'admin', and a standard password when a key is required. I'm 99% sure that address has zero to do with my issue here.

I'll point out again, I can access direct.myserver.com perfectly fine in every way from my cell phones wireless connection, it just doesn't work with my home internet.
And no, I changed nothing in my router or anything else. The problems occurred immediately after running nmap.

seth

Member

Registered: 2012-09-03

Posts: 60,939

Re: [SOLVED] IP Blocked After Using NMAP

Is your server hosted at some managed serverfarm (ie. is there pot. a firewall in front of it)?

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Xarius

Member

Registered: 2020-12-09

Posts: 4

Re: [SOLVED] IP Blocked After Using NMAP

Alright. This can be ignored. Turns out Comcast decided that the nmap was my computer attacking my server, so blocked access. Thanks for your help, anyways.