Is there an invisible firewall somewhere?
I recently tried using ufw to open port 53 to my VPN's ip address for pihole filtering. I have the same setup on Digital Ocean and it works flawlessly. When I check the ports with a port checking app off the vpn the port shows as "blocked", but when I connect while connected to my VPN its says "closed".
Is there a difference between closed and blocked? The vpn can make ssh connections but regular web browsing is borked without dns.
Is there a secret firewall control panel somewhere or am I using UFW incorrectly?
2 Replies
It depends on the app, but I would imagine "blocked" means that the other end refused to reply to the request (ie, the packet was dropped), whereas "closed" would mean that there is nothing listening on the destination address and port, so an ICMP Port Unreachable (or TCP reset, in the case of TCP) response was generated.
There is no firewall that Linode controls that would apply here (Linode sets some firewall rules on the host to drop traffic not destined for your Linode or not originating from an IP address assigned to your Linode, but that's it).
It sounds like the DNS server on your Linode is not listening on your VPN gateway IP address. netstat -Wplntu would show whether this is the case.
I created the cloud firewall to open port 25, but still port 25 is closed.
Documentation says cloud firewall takes precedence over other firewalls, but doesn't seem true….
I'm desperate now. Don't like any firewall, prefer that some hacker goes into the system and blow it away…..
Grrr