PDA

View Full Version : [ubuntu] Unable to open ports on Hardy !?



skaboss
April 28th, 2008, 11:18 AM
Hello,

I knwo that seems to be a total noob question, but i'm really stuck with this.
I have a dsl modem/router on which i opened the necessary ports (6881 tcp/udp) to run a torrent client. On my Hardy laptop, Azureus indicates this port as "firewalled", and so my dl speed is slow.
I then opened this port with ufw, but nmap still shows it closed...

Starting Nmap 4.53 ( http://insecure.org ) at 2008-04-28 12:17 CEST
Interesting ports on localhost (127.0.0.1):
PORT STATE SERVICE
6881/tcp closed bittorent-tracker

Nmap done: 1 IP address (1 host up) scanned in 0.094 seconds


It is not ans ISP issue, since it works well on my other computer.

Can you please help me ?

cdenley
April 28th, 2008, 01:56 PM
Ubuntu does not filter any traffic by default. Post the output for this command.


sudo iptables -L INPUT


Unless you configured iptables to block the traffic, it must be a problem with your router's configuration.

skaboss
April 28th, 2008, 04:22 PM
Hello,

Thank your for your answer. Here is the output :

target prot opt source destination
ufw-before-input all -- anywhere anywhere
ufw-after-input all -- anywhere anywhere
My laptop has a dual boot with Vista, and i don't have this problem with Vista, that's why i can't imagine that would be caused by a messy router's config.

cdenley
April 28th, 2008, 04:46 PM
You have ufw enabled. If iptables is filtering incoming traffic because of your ufw configuration, you either need to configure ufw to allow your traffic, or disable ufw.

To allow incoming traffic on that port (I think)


sudo ufw allow 6881


To show the rules for ufw


sudo ufw status


To disable ufw (you shouldn't need it for a desktop system)


sudo ufw disable


https://wiki.ubuntu.com/UbuntuFirewall

skaboss
April 28th, 2008, 07:27 PM
Thanks for your answer. Actually, that is what i can't figure out.
Here is what ufw status displays :

Firewall loaded

To Action From
-- ------ ----
23687:tcp ALLOW Anywhere
23687:udp ALLOW Anywhere
6881:tcp ALLOW Anywhere
6881:udp ALLOW Anywhere


But these rules don't appear in nmap :


landry@albundy-mobile:~$ sudo nmap localhost

Starting Nmap 4.53 ( http://insecure.org ) at 2008-04-28 20:18 CEST
Interesting ports on localhost (127.0.0.1):
Not shown: 1711 closed ports
PORT STATE SERVICE
25/tcp open smtp
631/tcp open ipp
3306/tcp open mysql


It makes me think that the system doesn't care of the rules defined with ufw, am i wrong ?

cdenley
April 28th, 2008, 07:36 PM
I think nmap by default will only scan common port numbers (22,80,3306,8080...). Also, if there isn't a service currently listening on that port, nmap can't tell whether the traffic is being filtered by iptables, or just ignored since there's no server on that port. When you scan "localhost", I don't think any firewall rules will have an effect, anyway. The local loopback device usually isn't filtered.

The Cog
April 28th, 2008, 08:33 PM
It makes me think that Azureus is not listening on port 6881. I seem to rember that Azureus uses a random port number unless you configure a specific one.

You can double-check with the command:

netstat -lnt
ans see if port 6881 is listening.

skaboss
April 28th, 2008, 09:00 PM
Ok, i edited Azureus config to use 23687 instead of 6881, and modified my rules accordingly (i disabled uwf, and used directly iptables).
Now i have :


netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 127.0.0.1:6880 :::* LISTEN
tcp6 0 0 :::23687 :::* LISTEN
tcp6 0 0 127.0.0.1:45100 :::* LISTEN



sudo nmap -p23687 XX.XXX.XX.XXX

Starting Nmap 4.53 ( http://insecure.org ) at 2008-04-28 21:53 CEST
Interesting ports on -------------------------------:
PORT STATE SERVICE
23687/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 0.448 seconds

The Cog
April 28th, 2008, 11:56 PM
Are you trying to can your public address from inside a router? That cannot be done - the router won't NAT a connection that comes from the inside to the inside. You'll have to ue an external service like grc shields-up to scan your public address.

lemming465
April 29th, 2008, 01:05 AM
Do Windows and Ubuntu end up with the same IP address? Typically your DSL router has firewall capabilities built in and you have to explicitly configure port forwarding for inbound connections. Is that something that applies to your situation?