Binding ports to network interface

Question

I came across the answer at the link below when troubleshooting why my debian server has suddenly stopped making ports visible to other devices on my network and I can't figure out why.

Opening port not working

I have the same netstat output and the answer says the ports should be bound to the network interface or the network ip address instead of the localhost. However, it doesn't actually say how to do this. Can someone please explain what to do here?

Edit: my netstat output is listed below. Essentially I was using this machine to run a bunch of services on my local network (xrdp, vsftpd, emby, plex, apache). It was all working until it was powered off for a couple months but now nothing can be accessed from other devices. A port scan only shows up port 22 being open and I can still ssh in from other devices. I'm pretty stumped as to what's happened as nothing to my knowledge changed.

steve@Server:/$ sudo netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      683/sshd: /usr/sbin 
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      657/cupsd           
tcp        0      0 127.0.0.1:32600         0.0.0.0:*               LISTEN      1170/Plex Tuner Ser 
tcp        0      0 127.0.0.1:35323         0.0.0.0:*               LISTEN      1003/Plex Plug-in [ 
tcp        0      0 192.168.0.107:40605     0.0.0.0:*               LISTEN      2638/rygel          
tcp        0      0 127.0.0.1:41505         0.0.0.0:*               LISTEN      2122/Plex Plug-in [ 
tcp        0      0 192.168.0.107:48807     0.0.0.0:*               LISTEN      2607/qbittorrent    
tcp        0      0 127.0.0.1:48807         0.0.0.0:*               LISTEN      2607/qbittorrent    
tcp        0      0 127.0.0.1:38089         0.0.0.0:*               LISTEN      1170/Plex Tuner Ser 
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      747/mariadbd        
tcp        0      0 127.0.0.1:35661         0.0.0.0:*               LISTEN      2638/rygel          
tcp        0      0 127.0.0.1:33583         0.0.0.0:*               LISTEN      1170/Plex Tuner Ser 
tcp        0      0 127.0.0.1:32401         0.0.0.0:*               LISTEN      844/Plex Media Serv 
tcp6       0      0 ::1:3350                :::*                    LISTEN      695/xrdp-sesman     
tcp6       0      0 :::22                   :::*                    LISTEN      683/sshd: /usr/sbin 
tcp6       0      0 ::1:631                 :::*                    LISTEN      657/cupsd           
tcp6       0      0 ::1:35033               :::*                    LISTEN      2638/rygel          
tcp6       0      0 :::3389                 :::*                    LISTEN      764/xrdp            
tcp6       0      0 :::8096                 :::*                    LISTEN      658/EmbyServer      
tcp6       0      0 fe80::3edd:d094:c:48807 :::*                    LISTEN      2607/qbittorrent    
tcp6       0      0 ::1:48807               :::*                    LISTEN      2607/qbittorrent    
tcp6       0      0 :::5900                 :::*                    LISTEN      2636/gnome-remote-d 
tcp6       0      0 :::36559                :::*                    LISTEN      2791/apache2        
tcp6       0      0 :::32400                :::*                    LISTEN      844/Plex Media Serv 
tcp6       0      0 :::80                   :::*                    LISTEN      812/apache2         
tcp6       0      0 fe80::3edd:d094:c:41877 :::*                    LISTEN      2638/rygel          
tcp6       0      0 :::21                   :::*                    LISTEN      679/vsftpd

And service bond to IP, not network interface, ports are part (with IP) of layer 3 of OSI model — Romeo Ninov, Jul 11 '22 at 08:13

score 1 · Answer 1 · answered Jul 16 '22 at 04:04

So I fixed it in the most satisfying way - accidentally. I was looking up with ufw didn't automatically start on boot, despite it being set up to, and someone else mentioned a conflict with firewalld and that disabling it fixed the issue. It also did for me, and must have been also keeping my ports blocked for some reason.

score 0 · Answer 2 · answered Jul 11 '22 at 08:02

0

Good day;

You haven't specified what service or software you're running that has the need to bind ports so I can't be specific, however, the configuration option to set the listen IP address usually resides in the service/package configuration file e.g. when running apache2 there is an option called Listen in the /etc/apache2/apache2.conf that you can tell what IP and port it should listen to.

If we assume you're running apache2, you have to enter the following in the /etc/apache2/apache2.conf:

Listen 0.0.0.0:8000

Hope it helps.

answered Jul 11 '22 at 08:02

Sinux

119
9

Thanks, I tried editing apache2.conf and ports.conf that it lists but no luck unfortunately. I've posted some more information in my original question, including my netstat output. – Steve Jul 11 '22 at 09:14
It appears that the `apache2` process is only listening on `tcp6` although according to [this link](https://unix.stackexchange.com/questions/106502/apache2-does-not-run-on-ipv4-tcp-port) it shouldn't be a problem, however, can you share the `apache2.conf` and `ports.conf` content? Are you sure you've set `Listen 0.0.0.0:80` and not `Listen 80`? – Sinux Jul 11 '22 at 09:24
This is what I put in the conf file: # Include list of ports to listen on Include ports.conf Listen 0.0.0.0:80 – Steve Jul 11 '22 at 09:33
You can add the `Listen :80` to make sure it's listening on your specified socket, in addition as per @Romeo Ninov answer, you can disable IPv6 and remove lines related to IPv6 from `/etc/hosts` and then restart the service using `systemctl restart apache2` – Sinux Jul 11 '22 at 09:41
If you run `wget http://127.0.0.1/ -O -` on the server what happens? Does it successfully connect? Does it return the raw HTML for your website as expected? – Sinux Jul 11 '22 at 09:42
steve@Server:/etc$ sudo wget http://127.0.0.1/ --2022-07-11 21:45:23-- http://127.0.0.1/ Connecting to 127.0.0.1:80... connected. HTTP request sent, awaiting response... 200 OK Length: 10701 (10K) [text/html] Saving to: ‘index.html’ index.html 100%[===========================================>] 10.45K --.-KB/s in 0s 2022-07-11 21:45:23 (171 MB/s) - ‘index.html’ saved [10701/10701] – Steve Jul 11 '22 at 09:46
According to the `wget` output, everything is fine and `apache2` is listening on port 80 in IPv4 mode. You should be able to run the same command from outside meaning `wget http:/// -O -` – Sinux Jul 11 '22 at 09:50
I can run wget over ssh from another machine (is that what you meant), but that's the only thing that's still working. I just set up a VM running debian on a different machine and that apache server can be accessed from another on the network, so it's definitely something with this install I've broken somehow.. – Steve Jul 11 '22 at 10:22
Does the `wget` command from another machine give the same result? Does it say `connected`? If yes then the `apache2` on the first server is accessible. As for the second apache2 installation that's working, you could compare the configuration files, `/etc/hosts/` entries, `netstat` output, and `iptables` rules to see what is exactly broken. – Sinux Jul 11 '22 at 10:30
It works in ssh on another machine but I can't point a browser to the original server - it'll just time out. Netstat on the VM debian server lists local addresses as either 0.0.0.0:[port] or *:[port] so apache is *:80 – Steve Jul 11 '22 at 10:53
Since you probably haven't set up TLS, are you sure that you're entering `http://:` in the browser (the port part is not needed if it's the default 80) ? What I mean is that you should specify `http` explicitly. Also, are you serving any specific web page or is it the default `apache2` page? – Sinux Jul 11 '22 at 10:58
Yeah just the default apache page. Same result when I put http and the port number when typing it in. The VM server you can just type in the ip address and it'll serve up the default apache page – Steve Jul 11 '22 at 11:00
As you mentioned earlier the installation must have been broken somehow and/or there is some sort of misconfiguration that one would need access to the machine itself to trace. If everything seems to be the same on the original server and the new one with Apache2 running fine, I suggest rebooting the server. In addition, since you're mentioning VMs, I suggest reviewing the network setting of whatever hypervisor you're using. unfortunately, I have nothing more to add unless new information comes up – Sinux Jul 11 '22 at 11:03

score 0 · Answer 3 · answered Jul 11 '22 at 09:25

0

WHat I can see from netstat output your services listen to IPv6 IPs. One sample way is to disable IPv6 and restart the network and daemons (or entire computer). Also in /etc/hosts remove lines which are related to IPv6.

answered Jul 11 '22 at 09:25

Romeo Ninov

16,541
5
32
44

Binding ports to network interface

3 Answers3