Network interface not responding to openning ports

Hello,
I recently encountered a bizarre problem and hope you guys can help me figure it out.
The server only responds to port 80 and not to other open ports. The firewall is configured correctly, and I have even stopped the firewall service to ensure it is not causing the issue.

# systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled)
     Active: inactive (dead) since Mon 2024-06-03 13:27:12 AEST; 21h ago
   Duration: 33min 38.851s
       Docs: man:firewalld(1)
   Main PID: 215642 (code=exited, status=0/SUCCESS)
        CPU: 4.501s

Jun 03 12:53:33 host systemd[1]: Starting firewalld - dynamic firewall daemon...

Jun 03 13:27:12 host systemd[1]: Stopping firewalld - dynamic firewall daemon...
Jun 03 13:27:12 host systemd[1]: firewalld.service: Deactivated successfully.
Jun 03 13:27:12 host systemd[1]: Stopped firewalld - dynamic firewall daemon.
Jun 03 13:27:12 host systemd[1]: firewalld.service: Consumed 4.501s CPU time.

Selinux has been disabled:

# getenforce
Disabled

The connection to port 80 from remote is successful, but connections to other ports are not:

# telnet 10.202.200.96 80
Trying 10.202.200.96...
Connected to 10.202.200.96.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
# telnet 10.202.200.96 4444
Trying 10.202.200.96...
^C
# telnet 10.202.200.96 90
Trying 10.202.200.96...
^C
# telnet 10.202.200.96 8000
Trying 10.202.200.96...
^C

The same connection requests are successful when initiated from localhost.
I am certain that the ports are listening on all interfaces.

# netcat -v -l 4444
Listening on 0.0.0.0 4444

While that listens, you see it with:

ss -tulpn | grep 4444

and you can run on the same host:

telnet 10.202.200.96 4444

and connect, but not from “outside”.


The nft list ruleset shows that you have no filter rules in the kernel?


If you do listen on the interface with

tcpdump -vv -nn -i ${interface} port 4444

when external machine attempts telnet, then do you see any traffic?

Yes, but define “external”. Imagine it’s a home internet with a router, and the router only allows port 80.

Thanks for your reply. It turns out my colleague installed TrendMicro Endpoint on the server, which blocked the traffic.