Unable to connect from home IP on ports 587/995, flushing iptables fixes the issue, but only temporarily
I am having issues connecting to my mail server over ports 587/995 from my home computer. When attempting to do so, I recieve the error:
telnet mail.tiger.my 587 Trying FFFF:FFFF::FFFF:FFFF:FFFF:FFFF... Trying x.x.x.x... telnet: Unable to connect to remote host: Connection refused
Flushing my iptables rules will fix the problem, but only temporarily. I wasn't having this problem before, and I haven't made any recent changes manually. Even when I searched for an iptables rule with my home IP I couldn't find any.
I don't want to constantly flush my iptables, because they are part of my server's security, and fail2ban adds banned IPs to the iptables to prevent them from hacking my server. How can I determine what is causing this issue and fix it?
It sounds like some process may be automatically applying rules to those ports rather than the IP specifically. I found this askubuntu thread that gives some advice on tracing the source of scripts that make these types of changes.
Typically, scripts that save or load iptables rules are located in
etc/init.d. Assuming they use the normal iptables commands you could search for any scripts with a recursive grep, such as:
grep -R iptables-restore /etc/init.d/ grep -R iptables-save /etc/init.d/
If this produces any results, you can then trace the script to a package using
dpkg-query -S file-name-result-of-grep
If the single-package-name terse output from
dpkg isn't descriptive enough, you can
apt-cache show package-name on the name of the package provided by