443 port closed with vestacp, why?

October 18, 2019 372 views
Nginx Apache Debian 9

I have VestaCP and Debian 9 just installed.
I have installed ufw and opened port 443.
In VestaCP> Firewall I have verified that it is open
I have added port 443 to iptables

sudo iptables -A INPUT -p tcp --dport 443 --jump ACCEPT 

Check with nmap or telnet and it’s always closed … why? What’s going on? Can somebody help me?

Thanks!

2 comments
  • You don’t give a lot of information, but let’s have a think about these:

    • Do you have any other firewall, like the DO one?
    • Did you allow outgoing as well?
    • Have you got any logs? Logs are best information
    • Can you ping other ports from outside?
    • is the HTTPS service actually running?

    Hope this helps you a bit

1 Answer

Sorry, but I use Linux on desktop and I’m testing on server.
I have only instilled the debian 9 dropplet and installed vesta. Then install uwf and added to iptables. Only that.

The vestacp firewall (web version) shows port 443 open.

To allow outgoing connections … how is it done? with uwf?

I can ping all ports except 443. The ip is this: 174.138.39.157

I think the main problem is that at some point that port is closed. I don’t know if it’s the operating system, apache, vestacp … I don’t know :(

Forgive me my ignorance. And my English too, I am Spanish.

Thank you very much!

telnet localhost 443

Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

*iptables -L *

Chain INPUT (policy DROP)
target     prot opt source               destination
f2b-sshd   tcp  --  anywhere             anywhere             multiport dports ssh
fail2ban-SSH  tcp  --  anywhere             anywhere             tcp dpt:ssh
fail2ban-VESTA  tcp  --  anywhere             anywhere             tcp dpt:5600
fail2ban-MAIL  tcp  --  anywhere             anywhere             multiport dports smtp,urd,submission,2525,pop3,pop3s,imap2,imaps
fail2ban-FTP  tcp  --  anywhere             anywhere             tcp dpt:ftp
fail2ban-VESTA-ADMIN  tcp  --  anywhere             anywhere             tcp dpt:5600
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  10.10.0.5            anywhere
ACCEPT     all  --  174.138.39.157       anywhere
ACCEPT     all  --  localhost            anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:5600
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             multiport dports ftp,12000:12100
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             multiport dports smtp,urd,submission,2525
ACCEPT     tcp  --  anywhere             anywhere             multiport dports pop3,pop3s
ACCEPT     tcp  --  anywhere             anywhere             multiport dports imap2,imaps
ACCEPT     tcp  --  anywhere             anywhere             multiport dports mysql,postgresql
DROP       tcp  --  anywhere             anywhere             tcp dpt:8083
ACCEPT     icmp --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain f2b-sshd (1 references)
target     prot opt source               destination
REJECT     all  --  134.209.115.206      anywhere             reject-with icmp-port-unreachable
REJECT     all  --  pool-68-9-123-181.telecel.com.py  anywhere             reject-with icmp-port-unreachable
REJECT     all  --  222.186.180.17       anywhere             reject-with icmp-port-unreachable
REJECT     all  --  121.162.131.223      anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

Chain fail2ban-FTP (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-MAIL (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-SSH (1 references)
target     prot opt source               destination
REJECT     all  --  134.209.115.206      anywhere             reject-with icmp-port-unreachable
REJECT     all  --  pool-68-9-123-181.telecel.com.py  anywhere             reject-with icmp-port-unreachable
REJECT     all  --  222.186.180.17       anywhere             reject-with icmp-port-unreachable
REJECT     all  --  121.162.131.223      anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

Chain fail2ban-VESTA (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-VESTA-ADMIN (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain vesta (0 references)
target     prot opt source               destination

nmap 174.138.39.157

Starting Nmap 7.40 ( https://nmap.org ) at 2019-10-18 10:12 UTC
Nmap scan report for 174.138.39.157
Host is up (0.000014s latency).
Not shown: 985 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
25/tcp   open  smtp
53/tcp   open  domain
80/tcp   open  http
110/tcp  open  pop3
143/tcp  open  imap
465/tcp  open  smtps
587/tcp  open  submission
993/tcp  open  imaps
995/tcp  open  pop3s
2525/tcp open  ms-v-worlds
3306/tcp open  mysql
8080/tcp open  http-proxy
8443/tcp open  https-alt
Have another answer? Share your knowledge.