iptables has port 80 open but nmap shows it closed
22,113
From the output of netstat -lnp | grep 80
, it seems that your apache server is listening on the port 8080 not the default one 80.
Also, the line:
8080/tcp open http-proxy
from nmap output confirms this fact.
In summary, the port 80 is not open in your machine as apache is listening on 8080 instead.
Related videos on Youtube
Author by
zeptonaut
Updated on September 18, 2022Comments
-
zeptonaut over 1 year
I'm having some troubles getting a Debian webserver to open up port 80 for HTTP traffic. In my iptables, I opened up port 80 using the following commands:
iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p udp --dport 80 -j ACCEPT
Running an iptables -L then showed the following rules:
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:www ACCEPT tcp -- anywhere anywhere tcp dpt:www Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
However, after all of this, I ran nmap -sS 127.0.0.1 and discovered that port 80 still isn't open. Here are the results:
Nmap scan report for localhost (127.0.0.1) Host is up (0.0000080s latency). Not shown: 995 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 111/tcp open rpcbind 3306/tcp open mysql 8080/tcp open http-proxy
How is it possible for rules to be in place to open a port in iptables but still have that same port closed in Nmap? Does anyone have any ideas?
-
Khaled over 12 yearsIs your web server running? Can you post the output of
telnet 127.0.0.1 80
? -
zeptonaut over 12 yearsSure thing! Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused
-
Khaled over 12 yearsThe
connection refused
error means there is no process listening on the port. Can you post the output ofsudo netstat -lnp | grep 80
? -
zeptonaut over 12 yearstcp6 0 0 :::8080 :::* LISTEN 30191/apache2
-
-
zeptonaut over 12 yearsAhhhh, right you are! It turns out that nmap shows the ports being listened on, not the ports that are currently open. When I switched to port 80 in my apache ports.conf and sites.enabled files, nmap now shows port 80 open. Thank you!