All Ports Blocked After fresh Install

Hello!

So, I’m totally unable to access my server outside of my home network. I’ll try and give as much information because I’m kinda at a loss.

What I’ve done at this point. in order:
Installed Unbuntu (And updated)
Installed Virtualmin via the script
Set up two Domains to using CloudFlare
Set up Firewall rules to mirror the default setup firewall rules on PFsense

I’m using pfsense as my firewall and have set up rules to point at my server (10.0.0.200). When I do, all the ports seemed to be blocked pointed to that server. I reckon it’s not my firewall rules on my pfsense because if I point them to my other server (10.0.0.150). Port 80 can be opened with my ISP as well as port 22. Since I was having issues, I tried to see if I could at least get SSH working via by public IP - same issue so it’s not an A record issue.

I saw another post like this and I’ve rebooted multiple times so… not that

I have not touched the rules inside the default firewall rules but they are all on allow so I’m a little loss what the issue could be.

Thanks for the help in advance!

If you can access all ports on virtualmin locally then I would look at pfsense as being the issue…

You can setup logging on pfsense firewall rules and see what traffic is going where.

I thought the same thing at first but I did a factory reset on the PFsense.

Also, if I open the port 22 (as an example) on my other server (10.0.0.150) then I can access that server. It only stops working if I redirect the port back to my new main server (10.0.0.200)

Consider these:

• if you can access all ports locally then it is not an issue with Virtualmin or the firewall on virtualmin.
• if the rule you make for 10.0.0.150 works but then you change them to 10.0.0.200 and they don’t work:
  • check the rules have been applied
  • do you have any other services such as SNORT of pfBlocker that is stopping access to the 200 server?
  • you have not got NAT 1:1 setup
  • no DMZ setup
• use logging on all of your rules to see if there is any traffic
• how are you testing from the outside network? is this causing an issue
• have you got any manual setting sin your PC/linux host file
• when accessing the server on 10.0.0.150 and 10.0.0.250 from outside, are you using a domain name? if so try accessing both by using your external IP. If this works then you have a DNS issue.
• are the NAT rules setup correctly
• try someone else’s PC from a friends house and see if you can access 10.0.0.200
• are both 10.0.0.150 and 10.0.0.200 on the same physical network with no VLAN?
• I would encourage you to setup NAT reflection and/or split DNS. If you have already done this you should check the relevant rules.

Using the logging feature of pfSense is very powerful and can help you

Here is my full setup guide for pfSense: My pfSense Notes | QuantumWarp

Cloudflare only offer a few ports. This could be your conflict…
https://developers.cloudflare.com/fundamentals/reference/network-ports/

Consider these:

• if you can access all ports locally then it is not an issue with Virtualmin or the firewall on virtualmin.

Is it possible maybe it’s a routing issue with the virtual servers then? It just seems weird that when I take the same rules and apply them to my non-Virtualmin server (It’s a basic Ubuntu running Webmin and apache) and it works.

** if the rule you make for 10.0.0.150 works but then you change them to 10.0.0.200 and they don’t work:*

** check the rules have been applied*

Done that, Deleted, Remade, Remade the Router just in case, retested. 100%

** do you have any other services such as SNORT of pfBlocker that is stopping access to the 200 server?*

No, I don’t have anything besides Port Forwarding.

** you have not got NAT 1:1 setup:*

Nope - Port Forwarded.

** no DMZ setup -*

Nope.

use logging on all of your rules to see if there is any traffic

I’ll try this this morning after a cup of coffee. LOL. But it seems weird that it works on 10.0.0.150 if I change the IP on the rule and that’s it.

** how are you testing from the outside network?*

Accessing it via a VDI that I set up at my company and connected from a completely different ISP. Also tried different port testing sites on the domain and the public IP just in case.

• have you got any manual setting sin your PC/linux host file

Nothing on my hosts file except for my static IP. If you want, I can post that.

** when accessing the server on 10.0.0.150 and 10.0.0.250 from outside, are you using a domain name*? if so try accessing both by using your external IP. If this works then you have a DNS issue.

Works on 150 when I move the rule over, stops when I move it to 200.

• are the NAT rules setup correctly

I’m assuming so. I can post if you really want but the fact it works if I move it to 150 and stops at 200… This is why I’m thinking it might be something on the box.

• are both 10.0.0.150 and 10.0.0.200 on the same physical network with no VLAN?

Currently, yes. Both on the same network with no VLAN. I wanted to get it working before I dealt with splitting this into a Vlan to lock it off from my home network.

Thanks for the help by the way! I doubled checked everything last night. I’m starting to think it’s something I did when setting up the static IP after the install.

Sorry if It wasn’t clear, I tried both my public IP and the domain. Both don’t work so I’m almost 100% sure it’s not a DNS issue.

A long shot has the firewall blocked 10.0.0.1 on your virtual server at 10.0.0.200

When traffic is NAT’ed the source IP is change to your routers internal IP.

Just noticed you mentioned virtual servers. How are these hosted on your local home network?

I assumed you had 2 separate computers

Also the 10.0.0.200 is the external IP in virtual correct?

Another one, is the gateway on the nic on 10.0.0.200 actually set. I had this where is was not and I could talk to it locally but not from outside. And also checks it’s DNS is configured.

The gateway WAS not set. Going to try that now.

Going to answer some questions here in the meantime:

150 and 200 are different server.

When I’m talking about the virtual servers, I mean for my two domains. Both are set to 10.0.0.200 (with my public IP listed as external one)

I think the setting the gateway did it!

Instead of a “Can not Reach” - I’m getting a “File not found”!

Progress!

Thank you so much for the back and forth!

(Managed to fix the file not found as well)

The back and forth was required to solve the issue. Answering as you did helped get the answer.

I have been helped here by other members so it is always good to pass it on

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.