Arch Linux

palf80

Member

Registered: 2023-12-29

Posts: 5

[SOLVED] All Ports accept 80 & 443 closed

Hi!

I feel like a dump newbie and I'm working on the following problem the last days - now i quit and hope that anybody can help me:

Initialy I had problems that i can't connect over Port 22 to my SSH-Server.
I stopped it and tried to communicate over Port 22 with netcat, which doesn't work.
So I check if I had some firewalls running (like iptables) - but I don't

I have tried with netcat all ports from 1-100 - only 80 worked -

I contacted my Host-Provider if they block all ports accept 80 & 443 - but they dont.
I got a rescue Image from them, with wich i booted - and I was able to communicate via Port 22 (or other).

So my problem is definitly my arch-linux-image-setup

But I'm lost - I hope that anybody can help me

Last edited by palf80 (2023-12-29 16:15:51)

seth

Member

From: Won't reply 2 private help req

Registered: 2012-09-03

Posts: 76,048

Re: [SOLVED] All Ports accept 80 & 443 closed

I contacted my Host-Provider if they

Does this imply you're trying to reach the host from a different network segment (WAN)?
Does the connection work on localhost or the LAN?
Did you forget to configure NAT/port forwarding (in your router)?

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

palf80

Member

Registered: 2023-12-29

Posts: 5

Re: [SOLVED] All Ports accept 80 & 443 closed

My host system is on a VM in a computing-center.
I try to connect from my home - so it is WAN
Because the VM is in a computing-center I can't try it
But the ethernet packages will be received on my host - i have checked it with tcpdump.
I see the incoming SYN packet for the TCP-Connection-3-Way-Handshake.
But my answering process (for example netcat) does not react

seth

Member

From: Won't reply 2 private help req

Registered: 2012-09-03

Posts: 76,048

Re: [SOLVED] All Ports accept 80 & 443 closed

https://wiki.archlinux.org/title/Iptabl … rent_rules
https://wiki.archlinux.org/title/Nftables#List_tables
https://wiki.archlinux.org/title/Nftabl … in_a_table

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

palf80

Member

Registered: 2023-12-29

Posts: 5

Re: [SOLVED] All Ports accept 80 & 443 closed

As I mentioned above, I do not have any firewall running (I checked it in the process list with htop and with systemctl status which services are running).

seth

Member

From: Won't reply 2 private help req

Registered: 2012-09-03

Posts: 76,048

Re: [SOLVED] All Ports accept 80 & 443 closed

I don't care what high level feature you're running but whether there're netfilter or iptables entries anywhere.
"ps aux | grep -E 'firewall|ufw'" isn't authorative here.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

palf80

Member

Registered: 2023-12-29

Posts: 5

Re: [SOLVED] All Ports accept 80 & 443 closed

You are the master - it was an nftables rule.
My fault was, that I thougt I could check what is running on the system by checking all processes/threads  (wheater they are started throw systemd-service-files or not).

A last question: the nftables rules must be read by an process which is running - do you know which it is? Is it inside the systemd-networkd threads?

seth

Member

From: Won't reply 2 private help req

Registered: 2012-09-03

Posts: 76,048

Re: [SOLVED] All Ports accept 80 & 443 closed

netfilter is in the kernel, you're probably loading https://wiki.archlinux.org/title/Nftabl … e_firewall

Edit: Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.

Last edited by seth (2023-12-29 16:00:38)

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

palf80

Member

Registered: 2023-12-29

Posts: 5

Re: [SOLVED] All Ports accept 80 & 443 closed

I have marked the subject of my inital post.

I found your linked config file from nftables. I think that the only way is, that I have loaded the rules many years before ... what I didn't know is, that
obviously there is no need to have a service file which will start a process for loading the config file each system start - it seems that rulesets will be kept persistent in the kernel once they are added

Last edited by palf80 (2023-12-29 16:29:13)

seth

Member

From: Won't reply 2 private help req

Registered: 2012-09-03

Posts: 76,048

Re: [SOLVED] All Ports accept 80 & 443 closed

The tables in the kernel are transient - when you reboot, they're gone.
You have to be loading them with each boot, but that doesn't mean some process will linger around for that.
The process starts, adds some rules to the tables and then quits. The rules will remain until the next reboot (or they're actively removed)

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc