Port 8080 remains closed even when opened with iptable and nodejs is listening on it

Question

I am trying to install a nodejs server listening to port 8080 that I opened with iptable but when I run nmap or a web tools I always get the message that the port is closed. I'm on a Ubuntu vps.

First, be sure that nodejs is actually listening to such port:

sudo  netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:60613           0.0.0.0:*               LISTEN      1097/sshd       
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1215/mysqld     
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      18843/nodejs    
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      1375/master     
tcp6       0      0 :::60613                :::*                    LISTEN      1097/sshd       
tcp6       0      0 :::80                   :::*                    LISTEN      1454/apache2    
tcp6       0      0 :::25                   :::*                    LISTEN      1375/master     
tcp6       0      0 :::443                  :::*                    LISTEN      1454/apache2

iptable:

sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 60613 -m state --state NEW -m recent --set
sudo iptables -A INPUT -p tcp --dport 60613 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
sudo iptables -A INPUT  -p tcp -m tcp --dport 60613 -j ACCEPT

Let's check iptable:

sudo iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 3945  766K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
67404   17M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 3057  179K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
   32  1488 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080
  888 51392 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    3   180            tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:60613 state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:60613 state NEW recent: UPDATE seconds: 60 hit_count: 4 name: DEFAULT side: source mask: 255.255.255.255
    3   180 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:60613
 7106  318K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 71509 packets, 60M bytes)
 pkts bytes target     prot opt in     out     source               destination

However the port 8080 remains closed:

sudo nmap MYSITE.org
Starting Nmap 6.40 ( http://nmap.org ) at 2015-04-26 18:17 CEST
Nmap scan report for MYSITE.org (XXX.XXX.XXX.XXX)
Host is up (0.041s latency).
rDNS record for XXX.XXX.XXX.XXX: MYSITE
Not shown: 997 filtered ports
PORT     STATE  SERVICE
80/tcp   open   http
443/tcp  open   https
8080/tcp closed http-proxy

Nmap done: 1 IP address (1 host up) scanned in 85.14 seconds

I tought on a problem on my firewall, but I tried also on other servers and on yougetsignal but the port is definitively closed.

score 4 · Accepted Answer · edited Apr 13 '17 at 12:14

Notice the line in your netstat output ...

tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      18843/nodejs

Specifically the local address of 127.0.0.1:8080. That means that nodejs is only listening on the localhost address and so only will accept connections from the same machine. I don't know (off the top of my head) how to configure nodejs to listen for connections from other machines but it's typically controlled by setting which interface to bind on.

From reading Hameedullah Khan's answer to Node.js is not accessible from external IPs on Ubuntu it seems the fix is to change the parameters to listen to something like listen(8080, "0.0.0.0").

Thank you.. I am sorry the question you cited is really similar to mine and - while I did a search before posting - I don't know how could I have missed it. Thanks — Antonello, Apr 26 '15 at 17:22

Port 8080 remains closed even when opened with iptable and nodejs is listening on it

1 Answers1