Hello fellow ubuntu lovers. I've been trying to open port 443 on my server (on a private network) for some time, but I'm stuck. It's open on ufw, and apache is listening to that port, but somehow I cannot access that port from a different machine on the same private network (both are on the same router)

Here I listed the output from the usual port troubleshooting commands. Would highly appreciate any help you can give me, thank you! :)

NOTE: I am running Ubuntu 13.04 (i know it's old, but I have a project that does not allow me to upgrade).

result of wget from within the server 192.168.0.11 443 (it's clearly connecting)

wget --no-check-certificate

Connecting to 192.168.0.11:443... connected. WARNING: cannot verify 192.168.0.11's certificate, issued by ‘/C=AT/O=ZeroSSL/CN=ZeroSSL RSA Domain Secure Site CA’: Unable to locally verify the issuer's authority. result of wget from machine on the same private network (clearly not connecting) 

wget --no-check-certificate

Connecting to 192.168.0.11:443... failed: Operation timed out. Retrying. 

Result of nmap -sT 192.168.0.11 from within the server (IP of server). Clearly open.

Nmap scan report for 192.168.0.11 Host is up (0.00050s latency). Not shown: 993 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https 1723/tcp open pptp 8009/tcp open ajp13 8080/tcp open http-proxy 8081/tcp open blackice-icecap Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds 

Result of nmap -sT 192.168.0.11 (from a client on the same private network) - port looks closed

Starting Nmap 7.91 ( ) at 2021-12-16 09:10 EST Nmap scan report for 192.168.0.11 Host is up (0.0021s latency). Not shown: 997 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 444/tcp closed snpp Nmap done: 1 IP address (1 host up) scanned in 4.16 seconds 

result of netstat -tlnp (looks like apache is bound and listening)

tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1232/mysqld tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 1207/mono tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 2074/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 993/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1061/cupsd tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 1248/pptpd tcp6 0 0 :::8009 :::* LISTEN 1370/java tcp6 0 0 :::80 :::* LISTEN 27146/apache2 tcp6 0 0 :::8080 :::* LISTEN 1370/java tcp6 0 0 :::22 :::* LISTEN 993/sshd tcp6 0 0 ::1:631 :::* LISTEN 1061/cupsd tcp6 0 0 :::443 :::* LISTEN 27146/apache2 tcp6 0 0 127.0.0.1:8005 :::* LISTEN 1370/java Result of sudo lsof -iTCP -sTCP:LISTEN -P (looks like apache is listening) COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 993 root 3u IPv4 8811 0t0 TCP *:22 (LISTEN) sshd 993 root 4u IPv6 8813 0t0 TCP *:22 (LISTEN) cupsd 1061 root 9u IPv6 1121403 0t0 TCP ip6-localhost:631 (LISTEN) cupsd 1061 root 10u IPv4 1121404 0t0 TCP localhost:631 (LISTEN) mono 1207 dekiwiki 5u IPv4 10961 0t0 TCP *:8081 (LISTEN) mysqld 1232 mysql 10u IPv4 12403 0t0 TCP localhost:3306 (LISTEN) pptpd 1248 root 6u IPv4 10654 0t0 TCP *:1723 (LISTEN) java 1370 tomcat 48u IPv6 11175 0t0 TCP *:8080 (LISTEN) java 1370 tomcat 53u IPv6 11179 0t0 TCP *:8009 (LISTEN) java 1370 tomcat 72u IPv6 14691 0t0 TCP localhost:8005 (LISTEN) dnsmasq 2074 nobody 5u IPv4 12631 0t0 TCP aperture:53 (LISTEN) apache2 27146 root 4u IPv6 1141498 0t0 TCP *:80 (LISTEN) apache2 27146 root 6u IPv6 1141502 0t0 TCP *:443 (LISTEN) apache2 27151 www-data 4u IPv6 1141498 0t0 TCP *:80 (LISTEN) apache2 27151 www-data 6u IPv6 1141502 0t0 TCP *:443 (LISTEN) apache2 27152 www-data 4u IPv6 1141498 0t0 TCP *:80 (LISTEN) apache2 27152 www-data 6u IPv6 1141502 0t0 TCP *:443 (LISTEN) apache2 27153 www-data 4u IPv6 1141498 0t0 TCP *:80 (LISTEN) apache2 27153 www-data 6u IPv6 1141502 0t0 TCP *:443 (LISTEN) apache2 27154 www-data 4u IPv6 1141498 0t0 TCP *:80 (LISTEN) apache2 27154 www-data 6u IPv6 1141502 0t0 TCP *:443 (LISTEN) apache2 27155 www-data 4u IPv6 1141498 0t0 TCP *:80 (LISTEN) apache2 27155 www-data 6u IPv6 1141502 0t0 TCP *:443 (LISTEN) apache2 27158 www-data 4u IPv6 1141498 0t0 TCP *:80 (LISTEN) apache2 27158 www-data 6u IPv6 1141502 0t0 TCP *:443 (LISTEN) 

Result of ufw status:

Status: active To Action From -- ------ ---- 443 ALLOW Anywhere 443/tcp ALLOW Anywhere 444/tcp ALLOW Anywhere 22 ALLOW Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere (v6) 443/tcp ALLOW Anywhere (v6) 444/tcp ALLOW Anywhere (v6) 22 ALLOW Anywhere (v6) 80 ALLOW Anywhere (v6) 

result of sudo iptables -L It's a big output, so I put it in pastebin (I tried sudo iptables -I INPUT 5 -p tcp --dport 443 -j ACCEPT)

3

1 Answer

For those who are struggling with the same problem, I changed apache to port 8443, and forwarded all 443 traffic to 8443. I still don't know why port 443 is blocked. It works now.

When I switched apache to 8443, the 8443 port became open on nmap -P. However when I switched back to 443, the 443 port did not open. So clearly there is something stopping 443 from being opened.

It is possible it has to do with my Tp-Link Archer AX-60 router. Not sure, why 443 traffic within the private network is being blocked.

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy