[Closed] Port 10901 remains closed

folaht · January 15, 2018, 7:53am

According to Yunohost it’s open.

admin@Gildurklaus:~ $ sudo yunohost firewall list
opened_ports: 
  - 22
  - 25
  - 53
  - 80
  - 443
  - 465
  - 993
  - 5222
  - 5269
  - 10901

On my modem, they are all port shared on ipv6.

According to netstat however, it’s closed.

admin@Gildurklaus:~ $ netstat -an | grep tcp
tcp        0      0 127.0.0.1:5290          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:5582          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:5269            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:61209         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:4190            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:6787          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:11333           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:5222            0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:11334         0.0.0.0:*               LISTEN     
tcp        0      0 192.168.178.30:22       192.168.178.22:38484    ESTABLISHED
tcp        0      0 127.0.0.1:52276         127.0.0.1:389           ESTABLISHED
tcp        0      0 127.0.0.1:389           127.0.0.1:52276         ESTABLISHED
tcp        0      0 192.168.178.30:22       192.168.178.22:38864    ESTABLISHED
tcp6       0      0 :::3306                 :::*                    LISTEN     
tcp6       0      0 ::1:5290                :::*                    LISTEN     
tcp6       0      0 :::587                  :::*                    LISTEN     
tcp6       0      0 ::1:5582                :::*                    LISTEN     
tcp6       0      0 :::143                  :::*                    LISTEN     
tcp6       0      0 :::80                   :::*                    LISTEN     
tcp6       0      0 :::465                  :::*                    LISTEN     
tcp6       0      0 :::5269                 :::*                    LISTEN     
tcp6       0      0 :::53                   :::*                    LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 :::25                   :::*                    LISTEN     
tcp6       0      0 :::443                  :::*                    LISTEN     
tcp6       0      0 :::4190                 :::*                    LISTEN     
tcp6       0      0 :::993                  :::*                    LISTEN     
tcp6       0      0 ::1:9220                :::*                    LISTEN     
tcp6       0      0 :::389                  :::*                    LISTEN     
tcp6       0      0 :::5222                 :::*                    LISTEN     
tcp6       0      0 ::1:45362               ::1:389                 ESTABLISHED
tcp6       0      0 2001:983:8610:1:223:993 2001:983:8610:1:7:45892 ESTABLISHED
tcp6       0      0 ::1:389                 ::1:45362               ESTABLISHED
tcp6       0      0 ::1:45358               ::1:389                 ESTABLISHED
tcp6       0      0 ::1:389                 ::1:45358               ESTABLISHED
tcp6       0      0 ::1:389                 ::1:45356               ESTABLISHED
tcp6       0      0 ::1:389                 ::1:45354               ESTABLISHED
tcp6       0      0 ::1:45360               ::1:389                 ESTABLISHED
tcp6       0      0 ::1:45354               ::1:389                 ESTABLISHED
tcp6       0      0 ::1:389                 ::1:45360               ESTABLISHED
tcp6       0      0 ::1:45356               ::1:389                 ESTABLISHED

According to nmap as well.

admin@Gildurklaus:~ $ sudo nmap -sT -O localhost

Starting Nmap 6.47 ( http://nmap.org ) at 2018-01-15 07:55 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0032s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
53/tcp   open  domain
80/tcp   open  http
143/tcp  open  imap
389/tcp  open  ldap
443/tcp  open  https
465/tcp  open  smtps
587/tcp  open  submission
993/tcp  open  imaps
3306/tcp open  mysql
5222/tcp open  xmpp-client
5269/tcp open  xmpp-server
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.7 - 3.15
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.39 seconds

What’s going on?

ljf · January 15, 2018, 8:43pm

Can you test with the -r (–raw) option ?

yunohost firewall list -r

folaht · January 15, 2018, 8:44pm

Sure

admin@Gildurklaus:~ $ sudo yunohost firewall list -r
ipv4: 
  TCP: 
    - 22
    - 25
    - 53
    - 80
    - 443
    - 465
    - 993
    - 5222
    - 5269
    - 10901
  UDP: 53
ipv6: 
  TCP: 
    - 22
    - 25
    - 53
    - 80
    - 443
    - 465
    - 993
    - 5222
    - 5269
    - 10901
  UDP: 53
uPnP: 
  TCP: 
    - 22
    - 25
    - 53
    - 80
    - 443
    - 465
    - 993
    - 5222
    - 5269
    - 10901
  UDP: 53
  enabled: False

ljf · January 15, 2018, 8:50pm

How do you see it’s closed according to netstat ?

folaht · January 15, 2018, 8:52pm

Parce que ce n’est pas l’un des ports ouverts.

ljf · January 15, 2018, 8:56pm

Are you sure you have a daemon running on this port ?

folaht · January 15, 2018, 8:59pm

Here you go

folatt@Gildurklaus:~ $ systemctl --user status duniter
● duniter.service - Duniter node
   Loaded: loaded (/usr/lib/systemd/user/duniter.service; enabled)
   Active: active (running) since Sun 2018-01-14 10:36:50 UTC; 1 day 10h ago
  Process: 2675 ExecStart=/usr/bin/duniter webstart (code=exited, status=0/SUCCESS)
 Main PID: 2688 (duniter_default)
   CGroup: /user.slice/user-9514.slice/user@9514.service/duniter.service
           └─2688 duniter_default

ljf · January 15, 2018, 9:48pm

And you are sure your duniter instance uses this specific port ?

folaht · January 15, 2018, 9:51pm

Is that even relevant when I have the firewall port open, but both netstat and nmap think it’s closed?

admin@Gildurklaus:~ $ cat /home/folatt/.config/duniter/duniter_default/conf.json 
{
 "currency": "Guilder-Test",
 "endpoints": [
  "BASIC_MERKLED_API guilder-test.eu.org 10901"
 ],
 "rmEndpoints": [],
 "upInterval": 3600000,
 "c": "0.000054218",
 "dt": "86400",
 "dtReeval": 2629800,
 "ud0": "100",
 "stepMax": 3,
 "sigPeriod": "0",
 "sigValidity": 31536000,
 "msValidity": 31536000,
 "sigQty": "3",
 "xpercent": 1,
 "percentRot": 0.6666666666666666,
 "powDelay": "1200",
 "avgGenTime": 960,
 "dtDiffEval": 10,
 "medianTimeBlocks": 20,
 "httplogs": false,
 "udid2": false,
 "timeout": 3000,
 "isolate": false,
 "forksize": 100,
 "switchOnHeadAdvance": 3,
 "sync": {},
 "port": 10901,
 "msPeriod": 604800,
 "loglevel": "info",
 "cpu": 0.6,
 "ipv4": "192.168.178.30",
 "remotehost": "guilder-test.eu.org",
 "remoteport": "10901",
 "upnp": false,
 "dos": {
  "whitelist": [
   "127.0.0.1"
  ],
  "maxcount": 50,
  "burst": 20,
  "limit": 40,
  "maxexpiry": 10,
  "checkinterval": 1,
  "trustProxy": true,
  "includeUserAgent": true,
  "errormessage": "Error",
  "testmode": false,
  "silent": false,
  "silentStart": false,
  "responseStatus": 429
 },
 "sigStock": "300000",
 "sigWindow": 604800,
 "idtyWindow": 604800,
 "msWindow": 604800,
 "rootoffset": 0,
 "remoteipv6": "2001:983:8610:1:2239:6fcb:6144:21d2",
 "ipv6": "2001:983:8610:1:2239:6fcb:6144:21d2",
 "remoteipv4": "None"
}

[update]

Looking back at older posts I now see that perhaps it’s wiser for me to choose port 80 instead.
Closing this thread.