Port opening problem with CSF

[eventtex]

Hello,

I am opening a topic because I have a problem opening ports on CSF. I specify that I use CENTOS 7 & WHM.

In CSF I try to open port 8080. So I go to the CSF firewall options in WHM and I add port 8080 in TCS_IN & TCP_OUT.

However when I test port 8080 it remains closed. I have the impression that the ports indicated as authorized by CSF are not taken into account.

I checked in the CSF.conf file and I found the list of these authorized ports.

Here are the Iptables rules:

iptables filter table
=====================
Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination      
8      564 84657 INVALID    tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0        
9      356 11796 ACCEPT     icmp --  !lo    *       0.0.0.0/0            0.0.0.0/0            icmptype 8 limit: avg 1/sec burst 5
10       0     0 LOGDROPIN  icmp --  !lo    *       0.0.0.0/0            0.0.0.0/0            icmptype 8
11       0     0 ACCEPT     icmp --  !lo    *       0.0.0.0/0            0.0.0.0/0        
12     401 76800 ACCEPT     all  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
13       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:20
14       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:21
15      12   720 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:22
16       2   104 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:25
17       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:53
18      15   840 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:80
19       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:110
20       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:143
21       5   268 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:443
22       2   100 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:465
23       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:587
24       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:993
25       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:995
26       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2077
27       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2078
28       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2079
29       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2080
30       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2082
31       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2083
32       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2086
33       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2087
34       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2095
35       1    60 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2096
36       6   360 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:8443
37       1    40 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:8080
38       0     0 ACCEPT     udp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:20
39       0     0 ACCEPT     udp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:21
40      14   978 ACCEPT     udp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:53
41       0     0 ACCEPT     udp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:80
42       0     0 ACCEPT     udp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:443
43     132  7989 LOGDROPIN  all  --  !lo    *       0.0.0.0/0            0.0.0.0/0

I also specify that I disabled Firewalld on CENTOS 7.

Do you have any idea where the problem is coming from?

Thank you in advance for your help.

Julian

 

[cPRex]

Hey there! Can you let me know how you are testing the port? It does show up in the list you provided, so it definitely seems open.

If you're expecting to get a reply like port 25 or port 80 normally would provide, you would need to have a service running on that port on the server side for that to happen. As an example, the passive FTP port range is usually a few thousand ports, but you can't connect to them with telnet as they aren't all being actively used, but they care open in the firewall.

 

[eventtex]

Hi,

Thank you for the answer.

To test if the port was open I used this online tool: Open Port Check Tool - Test Port Forwarding on Your Router

It tells me that my port 8080 is closed.

How can I see if a service is using this port?

Thanks for your help.

 

[cPRex]

If you run this command on the server that will tell you if anything is listening on that port:

netstat -lpn | grep 8080

Can you try that and see if that shows anything?

 

[eventtex]

When I run the netstat command on port 8080 no service seems to be using this port.

I tried this same command for port 80 and I can see which services are using it.

 

[cPRex]

That sounds like the firewall is working as intended then. You'll just need to get something running on that service and then it will respond how you expect.