VirtualBox guest responds to ping but all ports closed in nmap
Solution 1
I got the hint from the link below. It turns out that there were just no processes set to listen to external IP's. I installed open ssh server to make sure there was a listener and then nmap showed 22 open. Then I edited my db's conf file to listen to external IP's and all was well.
Why can't I access my CouchDB instance externally on Ubuntu 9.04 server?
Solution 2
Ping is an ICMP echo request and does not care about ports. Those are relevant only to TCP and UDP and such which operate on a higher networking layer.
Related videos on Youtube
![jeremyjjbrown](https://i.stack.imgur.com/9BYZw.jpg?s=256&g=1)
jeremyjjbrown
Senior Application Developer at Connecture. I like sharing and learn Java and Javascript Design Patterns and everything UNIX.
Updated on September 18, 2022Comments
-
jeremyjjbrown almost 2 years
I want to setup a test database on a vm for development purposes but I cannot connect to the server via the network.
I've got Ubuntu 12.04vm installed on 12.04 host in Virtualbox 4.2.4 set to - Bridged network mode - Promiscuous Allow All
When I try to ping the virtual guest from any network client I get the expected result.
PING 192.168.1.209 (192.168.1.209) 56(84) bytes of data. 64 bytes from 192.168.1.209: icmp_req=1 ttl=64 time=0.427 ms ...
Internet access inside the vm is normal
But when I nmap it I get nothin!
jeremy@bangkok:~$ nmap -sV -p 1-65535 192.168.1.209 Starting Nmap 5.21 ( http://nmap.org ) at 2012-11-15 18:39 CST Nmap scan report for jeremy (192.168.1.209) Host is up (0.0032s latency). All 65535 scanned ports on jeremy (192.168.1.209) are closed Service detection performed. Please report any incorrect results at http://nmap.org/submit/ Nmap done: 1 IP address (1 host up) scanned in 0.88 seconds
ufw and iptables on VM...
jeremy@jeremy:~$ sudo service ufw stop [sudo] password for jeremy: ufw stop/waiting jeremy@jeremy:~$ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
I have scanned around and have no reason to believe that my router is blocking internal ports.
jeremy@bangkok:~$ nmap -v 192.168.1.2 Starting Nmap 5.21 ( http://nmap.org ) at 2012-11-15 18:44 CST Initiating Ping Scan at 18:44 Scanning 192.168.1.2 [2 ports] Completed Ping Scan at 18:44, 0.00s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 18:44 Completed Parallel DNS resolution of 1 host. at 18:44, 0.03s elapsed Initiating Connect Scan at 18:44 Scanning 192.168.1.2 [1000 ports] Discovered open port 445/tcp on 192.168.1.2 Discovered open port 139/tcp on 192.168.1.2 Discovered open port 3306/tcp on 192.168.1.2 Discovered open port 80/tcp on 192.168.1.2 Discovered open port 111/tcp on 192.168.1.2 Discovered open port 53/tcp on 192.168.1.2 Discovered open port 5902/tcp on 192.168.1.2 Discovered open port 8090/tcp on 192.168.1.2 Discovered open port 6881/tcp on 192.168.1.2 Completed Connect Scan at 18:44, 0.02s elapsed (1000 total ports) Nmap scan report for 192.168.1.2 Host is up (0.0017s latency). Not shown: 991 closed ports PORT STATE SERVICE 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3306/tcp open mysql 5902/tcp open vnc-2 6881/tcp open bittorrent-tracker 8090/tcp open unknown Read data files from: /usr/share/nmap Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds
Answer... Turns out all of the ports were open to the network. I installed open ssh and confirmed it. Then I edited my db conf to listen to external IP's and all was well.
-
Admin over 11 yearsOK, so it answers ping and all the ports are closed -- so what's your question? (ask a question and I'll reopen this...)
-
Admin over 11 yearsSure, I guess it was not clear that with ufw down and network set to bridged that all ports should be open to the network.
-
Admin over 11 yearsTurns out all of the ports were open. I installed open ssh and confirmed it. Then I edited my db conf to listen to external IP's and all was well.
-
Admin over 11 yearsyeah, that'll do it :-) I've reopened this so you can post that as an answer if you'd like.
-
-
jeremyjjbrown over 11 years"Ping is an ICMP echo request and does not care about ports." Yes I know, but it proves that the vm is reachable from a non vm on the network.
-
Karma Fusebox over 11 yearsYes, you should have mentioned what you are trying to achieve there. If it is your goal to ignore pings then you can set net.ipv4.icmp_echo_ignore_all=1 via sysctl inside the VM.