[Debian 11] CSF not opening port?

[edvanleeuwen]

I want to use Duplicati which listens on port 8200. I have entered this in the CSF entries for tcp both v4 and v6 (ands restarted csf).

When I use ss/nmap on the server, the ports are open. But when I scan them from outside (https://www.yougetsignal.com/tools/open-ports/) the port is closed.

What am I doing wrong?

 

[Richard G]

CSF does not close ports which you open in the config, so it must be something else.

Try this via SSH:
iptables -nL | grep 8200
the output may be a bit longer, but scroll to the top whre it also says ACCEPT and see on the right side if 8200 is present.

I'm alsmost sure it is.
For an external tool to be able to see if the port is open, the application has to be running and using the port.

Try using telnet on it from outside to test:
telnet 192.168.10.1 8200
where 192.168.10.1 ofcourse should be replaced by your server ip.

 

[edvanleeuwen]

Yes, 8200 is present in iptables.

telnet from outside gives Connection refused.

# sudo lsof -i -P -n | grep LISTEN | grep 8200

mono-sgen 2089 root 9u IPv4 17235 0t0 TCP 127.0.0.1:8200 (LISTEN)

 

[Richard G]

Yes, 8200 is present in iptables.

Then it's open.

If not reachable from outside, then it seems the application is not running or not accepting connections. However your lsof command says it does. Now I'm confused too.

What if you telnet local?
telnet localhost 8200

 

[cjd]

Possibly only listening on localhost/127.0.0.1?

 

[edvanleeuwen]

Connecting to localhost succeeds.

 

[edvanleeuwen]

Possibly only listening on localhost/127.0.0.1?

Yes, that was what I thought. That's why I added params to Duplicati to enable it from outside: --webservice-interface=any

 

[cjd]

If it's still not working, what does the output of these two commands now show?

iptables -S | grep 8200

lsof -i -P -n | grep LISTEN | grep 8200

 

[Richard G]

what does the output of these two commands now show?

Same as earlier, he already answered this in previous answers. Seem it's indeed only listening on localhost.

Found something from a few years ago, they suggested some changes in systemd and also adding the port to the config.

New headless install duplicati 2.0.2.21-1, how to access in remote web browser?

Sorry, but I don’t know how to do what you are asking. Is this helpful? In /etc/systemd/system there are: [email protected] duplicati.service All the lines in duplicati.service are commented out. Here is its contents: #[Unit] #Description=Duplicati web-server #After=network.target...

forum.duplicati.com

Seems a configuration issue to me.

 

[edvanleeuwen]

Yes, based on that article I added the parameters. (Although it is better to enter them in /etc/default/duplicati).

# ps ax | grep Dup:

805752 ? SNsl 0:00 DuplicatiServer /usr/lib/duplicati/Duplicati.Server.exe --webservice-port=8200 --webservice-listen-interface=any
805760 ? SNl 0:07 /usr/bin/mono-sgen /usr/lib/duplicati/Duplicati.Server.exe --webservice-port=8200 --webservice-listen-interface=any

I will look into this further, perhaps by installing a previous version.

 

[edvanleeuwen]

Solved it by using a customised VirtualHost.

ProxyPass / http://127.0.0.1:8200/
ProxyPassReverse / http://127.0.0.1:8200/

See https://www.linuxbabe.com/backup/duplicati-debian-ubuntu-linux-mint-desktop-server#reverse-proxy

Thanks for your help!

 

[Richard G]

Your welcome, but shared credit for this with @cjd who pointed out it was probably running on localhost first.

 

[edvanleeuwen]

Just for future references: Proxy settings for Duplicati on Nginx and Apache: https://forum.duplicati.com/t/reverse-proxy-on-nginx/1936/7