Ports werden nicht zugelassen durch Firewall  [SOLVED]

For topics beyond KeyHelp. / Für Themen jenseits von KeyHelp.
Post Reply
marco
Posts: 198
Joined: Thu 26. Oct 2017, 18:23

Ports werden nicht zugelassen durch Firewall

Post by marco »

Hallo, ich habe ein Testserver wo ein Debian 10 drauf ist und Keyhelp. Im hintergrund läuft ein Ark Server wo ich Port 7777 unter anderem freigeben muss. In der Firewall ist der Port auch frei aber von extern ist der Port nicht erreichbar. Ich habe es mit nmap von meinem Server versucht und auch über Portscanner im Internet. Was kann ich nun machen?
Attachments
firewall.png
User avatar
OlliTheDarkness
Posts: 1854
Joined: Tue 14. Aug 2018, 16:41
Location: Essen (NRW)

Re: Ports werden nicht zugelassen durch Firewall

Post by OlliTheDarkness »

Was sagt die Shellausgabe der Firewall ?
Steht die Regel dort auch drin , wurde also übernommen ?

Auf dem Screen sieht alles korrekt aus, davon ab das ich kein Freund davon bin, auf einer Webkiste noch Gameserver etc. zu betreiben.
Sowas sollte man vermeiden und trennen, aber da hat jeder einen anderen Geschmack.
Mit freundlichen Grüßen
OlliTheDarkness

**************************************************************
Helden leben lange, Legenden sterben nie

:!: World Hack Organization :!:
**************************************************************
marco
Posts: 198
Joined: Thu 26. Oct 2017, 18:23

Re: Ports werden nicht zugelassen durch Firewall

Post by marco »

Wie gesagt das ist mehr ein Testserver deswegen habe ich da beides am laufen. Hier mal die Ausgabe:

Code: Select all

 sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere             state INVALID
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP       tcp  --  anywhere             anywhere             tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN/FIN,SYN
DROP       tcp  --  anywhere             anywhere             tcp flags:SYN,RST/SYN,RST
DROP       all  --  127.0.0.0/8          anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere             icmp any limit: avg 1/sec burst 5
DROP       icmp --  anywhere             anywhere             icmp any
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:7777
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:7778
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:27015
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:27016
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:32330
ACCEPT     udp  --  anywhere             anywhere             udp dpt:7777
ACCEPT     udp  --  anywhere             anywhere             udp dpt:7778
ACCEPT     udp  --  anywhere             anywhere             udp dpt:27015
ACCEPT     udp  --  anywhere             anywhere             udp dpt:27016
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp-data
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:30000:30500
DROP       tcp  --  anywhere             anywhere             tcp dpt:mysql

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
DROP       all  --  127.0.0.0/8          anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere             icmp any limit: avg 1/sec burst 5
DROP       icmp --  anywhere             anywhere             icmp any

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
Ausgabe nftables

Code: Select all

sudo nft list ruleset
table ip nat {
        chain PREROUTING {
                type nat hook prerouting priority -100; policy accept;
                fib daddr type local counter packets 2036 bytes 117489 jump DOCKER
        }

        chain INPUT {
                type nat hook input priority 100; policy accept;
        }

        chain POSTROUTING {
                type nat hook postrouting priority 100; policy accept;
                oifname != "docker0" ip saddr 172.17.0.0/16 counter packets 0 bytes 0 masquerade
                meta l4proto tcp ip saddr 172.17.0.2 ip daddr 172.17.0.2 tcp dport 9980 counter packets 0 bytes 0 masquerade
        }

        chain OUTPUT {
                type nat hook output priority -100; policy accept;
                ip daddr != 127.0.0.0/8 fib daddr type local counter packets 0 bytes 0 jump DOCKER
        }

        chain DOCKER {
                iifname "docker0" counter packets 0 bytes 0 return
                iifname != "docker0" meta l4proto tcp ip daddr 127.0.0.1 tcp dport 9980 counter packets 0 bytes 0 dnat to 172.17.0.2:9980
        }
}
table ip filter {
        chain INPUT {
                type filter hook input priority 0; policy drop;
                ct state related,established counter packets 7165 bytes 635723 accept
                ct state invalid counter packets 0 bytes 0 drop
                meta l4proto tcp tcp flags & (fin|syn|rst|psh|ack|urg) == 0x0 counter packets 0 bytes 0 drop
                meta l4proto tcp tcp flags & (fin|syn|rst|psh|ack|urg) == fin|syn|rst|psh|ack|urg counter packets 0 bytes 0 drop
                meta l4proto tcp tcp flags & (fin|syn|rst|ack) != syn ct state new counter packets 0 bytes 0 drop
                meta l4proto tcp tcp flags & (fin|syn) == fin|syn counter packets 0 bytes 0 drop
                meta l4proto tcp tcp flags & (syn|rst) == syn|rst counter packets 0 bytes 0 drop
                iifname != "lo" ip saddr 127.0.0.0/8 counter packets 0 bytes 0 drop
                iifname "lo" counter packets 874 bytes 51047 accept
                meta l4proto icmp  limit rate 1/second counter packets 35 bytes 2948 accept
                meta l4proto icmp  counter packets 0 bytes 0 drop
                meta l4proto tcp tcp dport 7777 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 7778 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 27015 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 27016 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 32330 counter packets 0 bytes 0 accept
                meta l4proto udp udp dport 7777 counter packets 2 bytes 106 accept
                meta l4proto udp udp dport 7778 counter packets 2 bytes 106 accept
                meta l4proto udp udp dport 27015 counter packets 166 bytes 7534 accept
                meta l4proto udp udp dport 27016 counter packets 2 bytes 106 accept
                meta l4proto tcp tcp dport 22 counter packets 6 bytes 360 accept
                meta l4proto tcp tcp dport 53 counter packets 0 bytes 0 accept
                meta l4proto udp udp dport 53 counter packets 430 bytes 26230 accept
                meta l4proto tcp tcp dport 80 counter packets 2 bytes 100 accept
                meta l4proto tcp tcp dport 443 counter packets 70 bytes 3664 accept
                meta l4proto tcp tcp dport 110 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 995 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 143 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 993 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 25 counter packets 1 bytes 52 accept
                meta l4proto tcp tcp dport 587 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 20 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 21 counter packets 1 bytes 40 accept
                meta l4proto tcp tcp dport 30000-30500 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 3306 counter packets 0 bytes 0 drop
        }

        chain FORWARD {
                type filter hook forward priority 0; policy drop;
                ct state related,established counter packets 0 bytes 0 accept
                iifname != "lo" ip saddr 127.0.0.0/8 counter packets 0 bytes 0 drop
                iifname "lo" oifname "lo" counter packets 0 bytes 0 accept
                meta l4proto icmp  limit rate 1/second counter packets 0 bytes 0 accept
                meta l4proto icmp  counter packets 0 bytes 0 drop
        }

        chain OUTPUT {
                type filter hook output priority 0; policy accept;
                ct state related,established counter packets 7808 bytes 1403907 accept
                oifname "lo" counter packets 874 bytes 51047 accept
        }
}
table ip6 filter {
        chain INPUT {
                type filter hook input priority 0; policy drop;
                ct state related,established counter packets 0 bytes 0 accept
                ct state invalid counter packets 0 bytes 0 drop
                meta l4proto tcp tcp flags & (fin|syn|rst|psh|ack|urg) == 0x0 counter packets 0 bytes 0 drop
                meta l4proto tcp tcp flags & (fin|syn|rst|psh|ack|urg) == fin|syn|rst|psh|ack|urg counter packets 0 bytes 0 drop
                meta l4proto tcp tcp flags & (fin|syn|rst|ack) != syn ct state new counter packets 0 bytes 0 drop
                meta l4proto tcp tcp flags & (fin|syn) == fin|syn counter packets 0 bytes 0 drop
                meta l4proto tcp tcp flags & (syn|rst) == syn|rst counter packets 0 bytes 0 drop
                iifname != "lo" ip6 saddr ::1 counter packets 0 bytes 0 drop
                iifname "lo" counter packets 0 bytes 0 accept
                meta l4proto ipv6-icmp limit rate 1/second counter packets 0 bytes 0 accept
                meta l4proto ipv6-icmp counter packets 0 bytes 0 drop
                meta l4proto tcp tcp dport 7777 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 7778 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 27015 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 27016 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 32330 counter packets 0 bytes 0 accept
                meta l4proto udp udp dport 7777 counter packets 0 bytes 0 accept
                meta l4proto udp udp dport 7778 counter packets 0 bytes 0 accept
                meta l4proto udp udp dport 27015 counter packets 0 bytes 0 accept
                meta l4proto udp udp dport 27016 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 22 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 53 counter packets 0 bytes 0 accept
                meta l4proto udp udp dport 53 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 80 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 443 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 110 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 995 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 143 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 993 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 25 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 587 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 20 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 21 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 30000-30500 counter packets 0 bytes 0 accept
                meta l4proto tcp tcp dport 3306 counter packets 0 bytes 0 drop
        }

        chain FORWARD {
                type filter hook forward priority 0; policy drop;
                ct state related,established counter packets 0 bytes 0 accept
                iifname != "lo" ip6 saddr ::1 counter packets 0 bytes 0 drop
                iifname "lo" oifname "lo" counter packets 0 bytes 0 accept
                meta l4proto ipv6-icmp limit rate 1/second counter packets 0 bytes 0 accept
                meta l4proto ipv6-icmp counter packets 0 bytes 0 drop
        }

        chain OUTPUT {
                type filter hook output priority 0; policy accept;
                ct state related,established counter packets 0 bytes 0 accept
                oifname "lo" counter packets 0 bytes 0 accept
        }
}
marco
Posts: 198
Joined: Thu 26. Oct 2017, 18:23

Re: Ports werden nicht zugelassen durch Firewall  [SOLVED]

Post by marco »

Kann geschlossen werden scheint kein Problem vom keyhelp und iptables zu sein. Der Port ist auch bei komplett ausgeschalteter firewall nicht erreichbar.
Ich schau mal weiter woran es liegen könnte, danke aber tritzdem für die Hilfe hier.
Post Reply