Having difficulty connecting to port

Question

I'm giving Linode a try, and I just launched my first instance running CentOS. I've been unable to connect to a port on the box even if I completely drop the firewall. (My script does successfully connect over localost, just not from an external machine)

Here's some info:

iptables:

# iptables -n -L -v --line-numbers
Chain INPUT (policy ACCEPT 580 packets, 45519 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 482 packets, 78913 bytes)
num   pkts bytes target     prot opt in     out     source               destination

nat / raw

iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

netstat: I'm listening on port 6034:

netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address     State PID/Program name
tcp        0      0 0.0.0.0:6034                0.0.0.0:*           LISTEN      5845/python         
tcp        0      0 0.0.0.0:22                  0.0.0.0:*           LISTEN      2026/sshd           
tcp        0      0 :::22                       :::*                LISTEN      2026/sshd           
udp        0      0 0.0.0.0:68                  0.0.0.0:*                       1896/dhclient

lsof: Again, port 6034:

lsof -i
COMMAND   PID    USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
python   5845 apiuser    3u  IPv4   4621      0t0  TCP *:6034 (LISTEN)

nmap scan shows 'filtered' state (IP addr scrubbed below)

nmap -p 6034 1.2.3.4

Starting Nmap 6.40 ( http://nmap.org ) at 2014-04-02 09:31 EDT
Nmap scan report for ftd.fasttrackdispatch.com (1.2.3.4)
Host is up (0.030s latency).
PORT     STATE    SERVICE
6034/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 0.40 seconds

Edit: Per LinuxDevOps's suggestion, I ran tcpdump on that port while trying to connect. It doesn't show any traffic whatsoever.

Again, I can connect over localhost, but not from an external box. Also, I've tried making the connection from different machines on different networks and still no luck. Any ideas what the problem could be or what I should try next?

Check with tcpdump if there are incoming packets coming to the port, and in that case if there are answers back: `tcpdump port 6034` — LinuxDevOps, Apr 02 '14 at 13:47
Thanks, good idea. I just ran tcpdump while trying to connect, and it shows absolutely nothing. If that's the case, is it pretty sure to be a network issue? Maybe some router or firewall along the way that's causing trouble? — Matt, Apr 02 '14 at 13:56
try from another server/computer, probably your outgoing 6034 is being blocked somewhere since nothing arrives at the server. Also as a sanity check, look if there's something at `iptables -t nat -L` (specific tables like nat and raw don't show up in the general iptables listing) — LinuxDevOps, Apr 02 '14 at 13:58
Thanks. `iptables -t nat -L` didn't show anything. (Output pasted above). And I tried connecting from a machine in another city with the same result. Maybe it's time to open a ticket with Linode? — Matt, Apr 02 '14 at 14:12
look at all traffic with `tcpdump` to see if that gives more info on the issue. If you tried connecting from different places then it's probably blocked by Linode. You can test this by opening a redirect port `iptables -t nat -I PREROUTING -p tcp --dport 8008 -j REDIRECT --to-port 6034` and see if you can connect to port 8008 — LinuxDevOps, Apr 02 '14 at 14:15
I'll give that a shot tonight and will report back. Thanks for all the tips! — Matt, Apr 02 '14 at 14:16
It worked with the redirect port. I can connect to 8080; server still listening on 6034. Guess I will just use 8080 directly until I can talk to Linode. Thanks again. — Matt, Apr 02 '14 at 14:57
Glad to help :-) . let me summarize the tips in a proper answer — LinuxDevOps, Apr 02 '14 at 15:23

score 0 · Accepted Answer · answered Apr 02 '14 at 15:23

Tips for testing connectivity to a port:

Make sure there's a service listening on that port with netstat -tlpn
Check if you are filtering or diverting that port with iptables: iptables -n -L -v , iptables -t nat -n -L
Check with tcpdump if traffic is arriving at the server and being replied back: tcpdump port #portnumber , also all traffic just in case: tcpdump
If no traffic is detected at the server then it may be filtered at the source, try from different computers
If no traffic arrives at the server from multiple sources at different networks, then it's probably blocked at the data center, you can test/bypass this by redirecting through another port (for example to connect to blocked port 6034 through an unused port 8080: iptables -t nat -I PREROUTING -p tcp --dport 8008 -j REDIRECT --to-port 6034

Having difficulty connecting to port

1 Answers1