Running an up-to-date installation of Kubuntu 21.10.
If I run any network service on the machine, I'm unable to reach it from anywhere else on my network. The error is always "Host unreachable". A tcpdump scan reveals the SYN packet does reach the host, but an ICMP "admin-prohibited" packet is immediately sent back. The packet never even reaches iptables (verified by adding a rule that would match a connection, and it's counter never increases)
nmap is also unable to detect the port as open, however its scan does show up in the counter. nmap interprets the port as filtered because the prohibited packet is ICMP; no response to the SYN packet is sent.
Here is the tcpdump output (scanner is 192.168.1.3, host with services is 192.168.1.183), on the host machine with a service actively listening on port 8000, that appears when another machine tries to connect:
Code:
04:43:09.154362 IP 192.168.1.3.56608 > 192.168.1.183.8000: Flags [S], seq 3664350430, win 64240, options [mss 1460,sackOK,TS val 2819866111 ecr 0,nop,wscale 7], length 0
04:43:09.154417 IP 192.168.1.183 > 192.168.1.3: ICMP host 192.168.1.183 unreachable - admin prohibited filter, length 68
Here is what happens when nmap scans:
Code:
04:44:49.060156 ARP, Request who-has 192.168.1.183 tell 192.168.1.3, length 46
04:44:49.060177 ARP, Reply 192.168.1.183 is-at 74:e6:e2:da:19:0f, length 28
04:44:49.156156 IP 192.168.1.3.33094 > 192.168.1.183.8000: Flags [S], seq 4114316293, win 1024, options [mss 1460], length 0
04:44:49.156260 IP 192.168.1.183 > 192.168.1.3: ICMP host 192.168.1.183 unreachable - admin prohibited filter, length 52
iptables is
completely clear, ACCEPT policy on all default chains, no rules whatsoever on filter. nat and mangle.
Services
can be accessed locally using localhost or the machine's IP on the machine itself. The only issue is trying to access from the network.
I do have Docker on the machine, but for trying to figure this out, I disabled Docker and removed all of its iptables rules and chains. Docker services
are able to be reached from the network.
The machine also has VirtualBox installed, if that's relevant, but at the time of testing no VirtualBox machines were running.
Also of important note is that the SSH server running on the host
can be reached successfully - this is the only service that is reachable, regardless of what else is running:
Code:
Starting Nmap 7.91 ( https://nmap.org ) at 2022-01-26 11:00 UTC
Nmap scan report for 192.168.1.183
Host is up (0.00035s latency).
Not shown: 65534 filtered ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: redacted
Too many fingerprints match this host to give specific OS details
Nmap done: 1 IP address (1 host up) scanned in 78.45 seconds
Is there perhaps a kernel setting somewhere that is causing this to occur?
Thanks for any help!