Debian port(s) not responding

Tadd asked:

I am fairly new to servers. I am trying to run a shoutcast server on debian. Shoutcast runs on a default port of 8000. My problem is it will not load when visiting xxx.xxx.xx.xxx:8000. When I log in via ssh, and create a tunnel to my local machine, it works just fine using localhost:8000. In my iptables I have added the following line:

-A INPUT -p tcp --match multiport --dports 8000:9999 -j ACCEPT

A few days ago I installed fail2ban. Last night I uninstalled fail2ban using:

apt-get purge fail2ban

After doing so, it began to work. Now, I’ve re-installed fail2ban, and was looking for a way to configure it to ignore those ports. Again I know nothing about fail2ban and was learning how to use it.

After not getting it to work, I got frustrated and attempted to uninstall fail2ban once again. This time i used the command:

apt-get remove fail2ban

I understand the first one purges all config and restores iptables, hence why I chose that one. I ran the second command by mistake, instead of running purge.

I have since then re-installed fail2ban, and once again ran the purge command hoping it would clean and restore everything to the way it was. I still have no outside access and have to create a tunnel. I even removed the iptables files and restarted my server. Using

iptables -L

showed that I only have the default values to accept everything. I am finally at a loss here and don’t know what else to check. I just want to be able to access xx.xxx.xx.xxx:8000 to xx.xxx.xx.xxx:9999.

Results of: iptables -L -n -v


Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
   pkts bytes target     prot opt in     out     source               destination
   2364  440K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
      0     0 REJECT     all  --  *      *       0.0.0.0/0            127.0.0.0/8          reject-with icmp-port-unreachable
  17177 2792K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    141  8308 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443,10000
     28  1128 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 8000:9999    
    846 46996 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22    
      6   497 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
     57  3745 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: "
     57  3745 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target     prot opt in     out     source               destination
       0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target     prot opt in     out     source               destination
   25350 7356K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Here is what I have

Results of: netstat -pnlt | grep ':8000'
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      3246/sc_serv

My answer:


You forgot to make your firewall rule stateful.

Like your working ssh rule, it should include -m state --state NEW.

You may also need to check for external firewalls, such as Amazon’s “security groups” on EC2.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.