Related

Tool NGINX Config Generator Tool
PHP Error Log: authz_core:error - For files that don't exists on my server Question Question
How to make web service unavailable. As I develop this application, I'd rather not be burning up CPU or access time when not logged in. Question Question

Question

443 port closed with vestacp, why?

Posted October 18, 2019 3.9k views
NginxApacheDebian 9

I have VestaCP and Debian 9 just installed.
I have installed ufw and opened port 443.
In VestaCP> Firewall I have verified that it is open
I have added port 443 to iptables

sudo iptables -A INPUT -p tcp --dport 443 --jump ACCEPT

Check with nmap or telnet and it’s always closed … why? What’s going on? Can somebody help me?

Thanks!

Add a comment
daniellucia
By:
daniellucia
Add a comment
2 comments
  • ForYourIT October 18, 2019
    Reply Report

    You don’t give a lot of information, but let’s have a think about these:

    • Do you have any other firewall, like the DO one?
    • Did you allow outgoing as well?
    • Have you got any logs? Logs are best information
    • Can you ping other ports from outside?
    • is the HTTPS service actually running?

    Hope this helps you a bit

  • jainanu459 October 18, 2019
    Reply Report

    hi

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers
daniellucia October 18, 2019

Sorry, but I use Linux on desktop and I’m testing on server.
I have only instilled the debian 9 dropplet and installed vesta. Then install uwf and added to iptables. Only that.

The vestacp firewall (web version) shows port 443 open.

To allow outgoing connections … how is it done? with uwf?

I can ping all ports except 443. The ip is this: 174.138.39.157

I think the main problem is that at some point that port is closed. I don’t know if it’s the operating system, apache, vestacp … I don’t know :(

Forgive me my ignorance. And my English too, I am Spanish.

Thank you very much!

telnet localhost 443

Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

*iptables -L *

Chain INPUT (policy DROP)
target     prot opt source               destination
f2b-sshd   tcp  --  anywhere             anywhere             multiport dports ssh
fail2ban-SSH  tcp  --  anywhere             anywhere             tcp dpt:ssh
fail2ban-VESTA  tcp  --  anywhere             anywhere             tcp dpt:5600
fail2ban-MAIL  tcp  --  anywhere             anywhere             multiport dports smtp,urd,submission,2525,pop3,pop3s,imap2,imaps
fail2ban-FTP  tcp  --  anywhere             anywhere             tcp dpt:ftp
fail2ban-VESTA-ADMIN  tcp  --  anywhere             anywhere             tcp dpt:5600
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  10.10.0.5            anywhere
ACCEPT     all  --  174.138.39.157       anywhere
ACCEPT     all  --  localhost            anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:5600
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             multiport dports ftp,12000:12100
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             multiport dports smtp,urd,submission,2525
ACCEPT     tcp  --  anywhere             anywhere             multiport dports pop3,pop3s
ACCEPT     tcp  --  anywhere             anywhere             multiport dports imap2,imaps
ACCEPT     tcp  --  anywhere             anywhere             multiport dports mysql,postgresql
DROP       tcp  --  anywhere             anywhere             tcp dpt:8083
ACCEPT     icmp --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain f2b-sshd (1 references)
target     prot opt source               destination
REJECT     all  --  134.209.115.206      anywhere             reject-with icmp-port-unreachable
REJECT     all  --  pool-68-9-123-181.telecel.com.py  anywhere             reject-with icmp-port-unreachable
REJECT     all  --  222.186.180.17       anywhere             reject-with icmp-port-unreachable
REJECT     all  --  121.162.131.223      anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

Chain fail2ban-FTP (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-MAIL (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-SSH (1 references)
target     prot opt source               destination
REJECT     all  --  134.209.115.206      anywhere             reject-with icmp-port-unreachable
REJECT     all  --  pool-68-9-123-181.telecel.com.py  anywhere             reject-with icmp-port-unreachable
REJECT     all  --  222.186.180.17       anywhere             reject-with icmp-port-unreachable
REJECT     all  --  121.162.131.223      anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

Chain fail2ban-VESTA (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-VESTA-ADMIN (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain vesta (0 references)
target     prot opt source               destination

nmap 174.138.39.157

Starting Nmap 7.40 ( https://nmap.org ) at 2019-10-18 10:12 UTC
Nmap scan report for 174.138.39.157
Host is up (0.000014s latency).
Not shown: 985 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
25/tcp   open  smtp
53/tcp   open  domain
80/tcp   open  http
110/tcp  open  pop3
143/tcp  open  imap
465/tcp  open  smtps
587/tcp  open  submission
993/tcp  open  imaps
995/tcp  open  pop3s
2525/tcp open  ms-v-worlds
3306/tcp open  mysql
8080/tcp open  http-proxy
8443/tcp open  https-alt
Reply Report
jamachuca28 June 23, 2020

Hi, were you able to fix the port 443 problem for vestacp?
I am installing the centos and something similar happens to me; I can’t even load the vesta login page.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help