Port opening problem with CSF

eventtex

• February 17, 2021 11:25

Hello, I am opening a topic because I have a problem opening ports on CSF. I specify that I use CENTOS 7 & WHM. In CSF I try to open port 8080. So I go to the CSF firewall options in WHM and I add port 8080 in TCS_IN & TCP_OUT. However when I test port 8080 it remains closed. I have the impression that the ports indicated as authorized by CSF are not taken into account. I checked in the CSF.conf file and I found the list of these authorized ports. Here are the Iptables rules: iptables filter table ===================== Chain INPUT (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 8 564 84657 INVALID tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 9 356 11796 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 1/sec burst 5 10 0 0 LOGDROPIN icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmptype 8 11 0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 12 401 76800 ACCEPT all -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 13 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:20 14 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:21 15 12 720 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:22 16 2 104 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:25 17 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:53 18 15 840 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:80 19 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:110 20 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:143 21 5 268 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:443 22 2 100 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:465 23 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:587 24 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:993 25 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:995 26 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2077 27 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2078 28 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2079 29 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2080 30 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2082 31 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2083 32 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2086 33 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2087 34 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2095 35 1 60 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2096 36 6 360 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:8443 37 1 40 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:8080 38 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:20 39 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:21 40 14 978 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:53 41 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:80 42 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:443 43 132 7989 LOGDROPIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
I also specify that I disabled Firewalld on CENTOS 7. Do you have any idea where the problem is coming from? Thank you in advance for your help. Julian

• 

  cPRex Jurassic Moderator

  • February 18, 2021 20:16

  Hey there! Can you let me know how you are testing the port? It does show up in the list you provided, so it definitely seems open. If you're expecting to get a reply like port 25 or port 80 normally would provide, you would need to have a service running on that port on the server side for that to happen. As an example, the passive FTP port range is usually a few thousand ports, but you can't connect to them with telnet as they aren't all being actively used, but they care open in the firewall.

  0
• 

  eventtex

  • February 22, 2021 11:44

  Hi, Thank you for the answer. To test if the port was open I used this online tool: Open Port Check Tool - Test Port Forwarding on Your Router It tells me that my port 8080 is closed. How can I see if a service is using this port? Thanks for your help.

  0
• 

  cPRex Jurassic Moderator

  • February 22, 2021 13:14

  If you run this command on the server that will tell you if anything is listening on that port: netstat -lpn | grep 8080
  Can you try that and see if that shows anything?

  0
• 

  eventtex

  • February 22, 2021 14:34

  When I run the netstat command on port 8080 no service seems to be using this port. I tried this same command for port 80 and I can see which services are using it.

  0
• 

  cPRex Jurassic Moderator

  • February 22, 2021 15:22

  That sounds like the firewall is working as intended then. You'll just need to get something running on that service and then it will respond how you expect.

  0

Please sign in to leave a comment.