Port 993 refused



  • So I run a mail server and use rainloop webmail. I have the mailserver and the webserver running on the same machine. I thought I had all the NAT and rules done but I have this problem and I am having troubling seeing where its blocked. So I can send and receive mail with another client like my phone app. But when I try to connect to the server through webmail I get "can't connect to server". Rainloop tells me its being actively blocked (IMAP on 993). When I try on the unsercured port (143) everything works. Both ports NAT to my machine. I'm new to this so I don't "see" fw rules clearly. Does this have anything to do with my webserver and mailserver being at the same ip? I just built this router. I had no complications on my netgear, if that info helps… pics attached.





  • Windows FW is off on host machine.

    Yes… I'm running it on a windows machine. I know, I know. What can I say, I'm learning as I go.


  • LAYER 8 Netgate

    Obviously something on the target host.

    Run a Diagnostics > Packet capture on the inside interface for host 192.168.1.5 port 993 and test again from the outside.

    Look at the capture. See what you see.



  • yeah. I don't know how to interpret this stuff. 143 connects but 993 doesn't. I can't put it together. anyways, here is the packet log. Any help is appreciated. I know its hard helping a noob.

    00:30:15.760328 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 0
    00:30:15.760628 IP 192.168.1.5.443 > 192.168.1.1.30899: tcp 0
    00:30:15.761508 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 0
    00:30:15.761882 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 517
    00:30:15.762875 IP 192.168.1.5.443 > 192.168.1.1.30899: tcp 156
    00:30:15.763631 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 0
    00:30:15.764006 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 51
    00:30:15.765130 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 787
    00:30:15.765374 IP 192.168.1.5.443 > 192.168.1.1.30899: tcp 0
    00:30:15.839204 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
    00:30:15.839226 IP 192.168.1.1.44635 > 192.168.1.5.993: tcp 0
    00:30:15.839455 IP 192.168.1.5.993 > 192.168.1.1.44635: tcp 0
    00:30:15.839462 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0
    00:30:16.347816 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
    00:30:16.347839 IP 192.168.1.1.6360 > 192.168.1.5.993: tcp 0
    00:30:16.348144 IP 192.168.1.5.993 > 192.168.1.1.6360: tcp 0
    00:30:16.348152 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0
    00:30:16.853383 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
    00:30:16.853405 IP 192.168.1.1.59960 > 192.168.1.5.993: tcp 0
    00:30:16.853584 IP 192.168.1.5.993 > 192.168.1.1.59960: tcp 0
    00:30:16.853592 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0
    00:30:16.867487 IP 192.168.1.5.443 > 192.168.1.1.30899: tcp 566
    00:30:17.025612 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 0



  • And here we are when connecting on 143:

    00:41:05.242013 IP 192.168.1.1.35935 > 192.168.1.5.443: tcp 0
    00:41:05.242403 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
    00:41:05.242626 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 0
    00:41:05.243757 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
    00:41:05.244257 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 517
    00:41:05.245375 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 156
    00:41:05.246128 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
    00:41:05.246505 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 51
    00:41:05.247630 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 831
    00:41:05.247873 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 0
    00:41:05.294845 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 0
    00:41:05.294865 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 0
    00:41:05.295095 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 0
    00:41:05.295103 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 0
    00:41:05.295469 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 0
    00:41:05.295476 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 0
    00:41:05.313507 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 15
    00:41:05.313515 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 15
    00:41:05.314083 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 17
    00:41:05.314090 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 17
    00:41:05.322453 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 111
    00:41:05.322460 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 111
    00:41:05.322952 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 55
    00:41:05.322959 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 55
    00:41:05.332072 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 25
    00:41:05.332082 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 25
    00:41:05.336081 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 13
    00:41:05.336088 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 13
    00:41:05.344466 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 49
    00:41:05.344473 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 49
    00:41:05.344475 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 0
    00:41:05.344481 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 0
    00:41:05.344689 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 0
    00:41:05.344696 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 0
    00:41:05.344698 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 0
    00:41:05.344704 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 0
    00:41:05.344816 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 0
    00:41:05.344823 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 0
    00:41:05.345189 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 883
    00:41:05.386552 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
    00:41:05.470542 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 943
    00:41:05.512216 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 0
    00:41:05.527739 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 1460
    00:41:05.527749 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 464
    00:41:05.528709 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
    00:41:05.528835 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
    00:41:05.847926 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 846
    00:41:05.892648 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 0
    00:41:05.917139 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 1460
    00:41:05.917149 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 1460
    00:41:05.917157 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 1460
    00:41:05.917164 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 1024
    00:41:05.918097 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
    00:41:05.918221 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
    00:41:05.918471 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
    00:41:08.541924 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 1056
    00:41:08.592759 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 0
    00:41:08.592781 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 0
    00:41:08.593086 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 0
    00:41:08.593095 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 0
    00:41:08.593460 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 0
    00:41:08.593467 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 0
    00:41:08.593834 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 0
    00:41:08.611249 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 15
    00:41:08.611258 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 15
    00:41:08.611824 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 17
    00:41:08.611831 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 17
    00:41:08.620444 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 111
    00:41:08.620452 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 111
    00:41:08.620943 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 55
    00:41:08.620950 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 55
    00:41:08.629961 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 25
    00:41:08.629970 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 25
    00:41:08.630687 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 18
    00:41:08.630694 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 18
    00:41:08.639197 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 223
    00:41:08.639204 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 223
    00:41:08.687805 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 0
    00:41:08.687814 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 0
    00:41:08.688027 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 24
    00:41:08.688034 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 24
    00:41:08.688901 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 18
    00:41:08.688908 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 18
    00:41:08.699776 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 247
    00:41:08.699783 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 247
    00:41:08.701520 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 17
    00:41:08.701527 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 17
    00:41:08.711888 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 111
    00:41:08.711895 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 111
    00:41:08.712387 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 16
    00:41:08.712394 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 16
    00:41:08.721159 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 82
    00:41:08.721167 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 82
    00:41:08.728636 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 13
    00:41:08.728644 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 13
    00:41:08.737030 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 49
    00:41:08.737037 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 49
    00:41:08.737039 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 0
    00:41:08.737045 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 0
    00:41:08.737260 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 0


  • LAYER 8 Netgate

    You didn't filter on port 993.

    Looks like the server is probably returning NAKs. Hard to tell. Go back to diagnostics > packet capture, choose Level of detail: Full and press view capture. Post that.

    Since you ran another capture you'll have to take another one for port 993.

    Actually, better yet, just download the capture file and attach it to a reply.

    00:30:15.839204 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
    00:30:15.839226 IP 192.168.1.1.44635 > 192.168.1.5.993: tcp 0
    00:30:15.839455 IP 192.168.1.5.993 > 192.168.1.1.44635: tcp 0
    00:30:15.839462 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0
    00:30:16.347816 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
    00:30:16.347839 IP 192.168.1.1.6360 > 192.168.1.5.993: tcp 0
    00:30:16.348144 IP 192.168.1.5.993 > 192.168.1.1.6360: tcp 0
    00:30:16.348152 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0
    00:30:16.853383 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
    00:30:16.853405 IP 192.168.1.1.59960 > 192.168.1.5.993: tcp 0
    00:30:16.853584 IP 192.168.1.5.993 > 192.168.1.1.59960: tcp 0
    00:30:16.853592 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0



  • ugh. but muh public IP.



  • I'll redact it. Standby.


  • LAYER 8 Netgate

    If that concerns you be sure to edit out of the above. lmk if you need me to do it in mine.

    It is obvious from what has already been shown that the port forward is working and the server is responding with something with 0 bytes of payload.



  • Hahahaaha. How embarassing. Well, at least you know what you are dealing with now. Thank you for wasting your time on me. I do appreciate it. I couldn't upload the .cap nor did it make sense when I converted it to a .txt so here is what I got. Public IP included.

    09:03:03.796868 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 6378, offset 0, flags [DF], proto TCP (6), length 52)
        192.168.1.5.50161 > 24.59.68.177.993: Flags [s], cksum 0xc68d (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:03:03.796889 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 127, id 6378, offset 0, flags [DF], proto TCP (6), length 52)
        192.168.1.1.5627 > 192.168.1.5.993: Flags [s], cksum 0x0fc7 (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:03:03.797194 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 128, id 30340, offset 0, flags [DF], proto TCP (6), length 40)
        192.168.1.5.993 > 192.168.1.1.5627: Flags [R.], cksum 0x4b77 (correct), seq 0, ack 1537239942, win 0, length 0
    09:03:03.797201 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 127, id 30340, offset 0, flags [DF], proto TCP (6), length 40)
        24.59.68.177.993 > 192.168.1.5.50161: Flags [R.], cksum 0x023e (correct), seq 0, ack 1537239942, win 0, length 0
    09:03:04.298138 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 6379, offset 0, flags [DF], proto TCP (6), length 52)
        192.168.1.5.50161 > 24.59.68.177.993: Flags [s], cksum 0xc68d (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:03:04.298162 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 127, id 6379, offset 0, flags [DF], proto TCP (6), length 52)
        192.168.1.1.50307 > 192.168.1.5.993: Flags [s], cksum 0x613e (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:03:04.298387 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 128, id 30344, offset 0, flags [DF], proto TCP (6), length 40)
        192.168.1.5.993 > 192.168.1.1.50307: Flags [R.], cksum 0x9cee (correct), seq 0, ack 1537239942, win 0, length 0
    09:03:04.298395 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 127, id 30344, offset 0, flags [DF], proto TCP (6), length 40)
        24.59.68.177.993 > 192.168.1.5.50161: Flags [R.], cksum 0x023e (correct), seq 0, ack 1, win 0, length 0
    09:03:04.814122 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 6380, offset 0, flags [DF], proto TCP (6), length 52)
        192.168.1.5.50161 > 24.59.68.177.993: Flags [s], cksum 0xc68d (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:03:04.814144 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 127, id 6380, offset 0, flags [DF], proto TCP (6), length 52)
        192.168.1.1.56268 > 192.168.1.5.993: Flags [s], cksum 0x49f5 (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:03:04.814323 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 128, id 30345, offset 0, flags [DF], proto TCP (6), length 40)
        192.168.1.5.993 > 192.168.1.1.56268: Flags [R.], cksum 0x85a5 (correct), seq 0, ack 1537239942, win 0, length 0
    09:03:04.814330 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 127, id 30345, offset 0, flags [DF], proto TCP (6), length 40)
        24.59.68.177.993 > 192.168.1.5.50161: Flags [R.], cksum 0x023e (correct), seq 0, ack 1, win 0, length 0
    [/s][/s][/s][/s][/s][/s]
    


  • cripes. I swear I didn't do that strikethrough. Just give up on me.



  • Ok so now to figure out why changing the router would cause the server to reject the connection… I made no changes on that side.


Log in to reply