Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port 993 refused

    Scheduled Pinned Locked Moved NAT
    12 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sean0918
      last edited by

      So I run a mail server and use rainloop webmail. I have the mailserver and the webserver running on the same machine. I thought I had all the NAT and rules done but I have this problem and I am having troubling seeing where its blocked. So I can send and receive mail with another client like my phone app. But when I try to connect to the server through webmail I get "can't connect to server". Rainloop tells me its being actively blocked (IMAP on 993). When I try on the unsercured port (143) everything works. Both ports NAT to my machine. I'm new to this so I don't "see" fw rules clearly. Does this have anything to do with my webserver and mailserver being at the same ip? I just built this router. I had no complications on my netgear, if that info helps… pics attached.
      1.PNG
      1.PNG_thumb
      2.PNG
      2.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • S
        sean0918
        last edited by

        Windows FW is off on host machine.

        Yes… I'm running it on a windows machine. I know, I know. What can I say, I'm learning as I go.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          Obviously something on the target host.

          Run a Diagnostics > Packet capture on the inside interface for host 192.168.1.5 port 993 and test again from the outside.

          Look at the capture. See what you see.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • S
            sean0918
            last edited by

            yeah. I don't know how to interpret this stuff. 143 connects but 993 doesn't. I can't put it together. anyways, here is the packet log. Any help is appreciated. I know its hard helping a noob.

            00:30:15.760328 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 0
            00:30:15.760628 IP 192.168.1.5.443 > 192.168.1.1.30899: tcp 0
            00:30:15.761508 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 0
            00:30:15.761882 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 517
            00:30:15.762875 IP 192.168.1.5.443 > 192.168.1.1.30899: tcp 156
            00:30:15.763631 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 0
            00:30:15.764006 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 51
            00:30:15.765130 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 787
            00:30:15.765374 IP 192.168.1.5.443 > 192.168.1.1.30899: tcp 0
            00:30:15.839204 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
            00:30:15.839226 IP 192.168.1.1.44635 > 192.168.1.5.993: tcp 0
            00:30:15.839455 IP 192.168.1.5.993 > 192.168.1.1.44635: tcp 0
            00:30:15.839462 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0
            00:30:16.347816 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
            00:30:16.347839 IP 192.168.1.1.6360 > 192.168.1.5.993: tcp 0
            00:30:16.348144 IP 192.168.1.5.993 > 192.168.1.1.6360: tcp 0
            00:30:16.348152 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0
            00:30:16.853383 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
            00:30:16.853405 IP 192.168.1.1.59960 > 192.168.1.5.993: tcp 0
            00:30:16.853584 IP 192.168.1.5.993 > 192.168.1.1.59960: tcp 0
            00:30:16.853592 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0
            00:30:16.867487 IP 192.168.1.5.443 > 192.168.1.1.30899: tcp 566
            00:30:17.025612 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 0

            1 Reply Last reply Reply Quote 0
            • S
              sean0918
              last edited by

              And here we are when connecting on 143:

              00:41:05.242013 IP 192.168.1.1.35935 > 192.168.1.5.443: tcp 0
              00:41:05.242403 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
              00:41:05.242626 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 0
              00:41:05.243757 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
              00:41:05.244257 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 517
              00:41:05.245375 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 156
              00:41:05.246128 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
              00:41:05.246505 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 51
              00:41:05.247630 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 831
              00:41:05.247873 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 0
              00:41:05.294845 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 0
              00:41:05.294865 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 0
              00:41:05.295095 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 0
              00:41:05.295103 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 0
              00:41:05.295469 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 0
              00:41:05.295476 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 0
              00:41:05.313507 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 15
              00:41:05.313515 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 15
              00:41:05.314083 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 17
              00:41:05.314090 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 17
              00:41:05.322453 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 111
              00:41:05.322460 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 111
              00:41:05.322952 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 55
              00:41:05.322959 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 55
              00:41:05.332072 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 25
              00:41:05.332082 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 25
              00:41:05.336081 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 13
              00:41:05.336088 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 13
              00:41:05.344466 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 49
              00:41:05.344473 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 49
              00:41:05.344475 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 0
              00:41:05.344481 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 0
              00:41:05.344689 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 0
              00:41:05.344696 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 0
              00:41:05.344698 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 0
              00:41:05.344704 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 0
              00:41:05.344816 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 0
              00:41:05.344823 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 0
              00:41:05.345189 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 883
              00:41:05.386552 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
              00:41:05.470542 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 943
              00:41:05.512216 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 0
              00:41:05.527739 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 1460
              00:41:05.527749 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 464
              00:41:05.528709 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
              00:41:05.528835 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
              00:41:05.847926 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 846
              00:41:05.892648 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 0
              00:41:05.917139 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 1460
              00:41:05.917149 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 1460
              00:41:05.917157 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 1460
              00:41:05.917164 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 1024
              00:41:05.918097 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
              00:41:05.918221 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
              00:41:05.918471 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
              00:41:08.541924 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 1056
              00:41:08.592759 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 0
              00:41:08.592781 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 0
              00:41:08.593086 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 0
              00:41:08.593095 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 0
              00:41:08.593460 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 0
              00:41:08.593467 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 0
              00:41:08.593834 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 0
              00:41:08.611249 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 15
              00:41:08.611258 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 15
              00:41:08.611824 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 17
              00:41:08.611831 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 17
              00:41:08.620444 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 111
              00:41:08.620452 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 111
              00:41:08.620943 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 55
              00:41:08.620950 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 55
              00:41:08.629961 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 25
              00:41:08.629970 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 25
              00:41:08.630687 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 18
              00:41:08.630694 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 18
              00:41:08.639197 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 223
              00:41:08.639204 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 223
              00:41:08.687805 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 0
              00:41:08.687814 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 0
              00:41:08.688027 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 24
              00:41:08.688034 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 24
              00:41:08.688901 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 18
              00:41:08.688908 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 18
              00:41:08.699776 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 247
              00:41:08.699783 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 247
              00:41:08.701520 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 17
              00:41:08.701527 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 17
              00:41:08.711888 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 111
              00:41:08.711895 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 111
              00:41:08.712387 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 16
              00:41:08.712394 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 16
              00:41:08.721159 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 82
              00:41:08.721167 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 82
              00:41:08.728636 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 13
              00:41:08.728644 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 13
              00:41:08.737030 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 49
              00:41:08.737037 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 49
              00:41:08.737039 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 0
              00:41:08.737045 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 0
              00:41:08.737260 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 0

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                You didn't filter on port 993.

                Looks like the server is probably returning NAKs. Hard to tell. Go back to diagnostics > packet capture, choose Level of detail: Full and press view capture. Post that.

                Since you ran another capture you'll have to take another one for port 993.

                Actually, better yet, just download the capture file and attach it to a reply.

                00:30:15.839204 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
                00:30:15.839226 IP 192.168.1.1.44635 > 192.168.1.5.993: tcp 0
                00:30:15.839455 IP 192.168.1.5.993 > 192.168.1.1.44635: tcp 0
                00:30:15.839462 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0
                00:30:16.347816 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
                00:30:16.347839 IP 192.168.1.1.6360 > 192.168.1.5.993: tcp 0
                00:30:16.348144 IP 192.168.1.5.993 > 192.168.1.1.6360: tcp 0
                00:30:16.348152 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0
                00:30:16.853383 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
                00:30:16.853405 IP 192.168.1.1.59960 > 192.168.1.5.993: tcp 0
                00:30:16.853584 IP 192.168.1.5.993 > 192.168.1.1.59960: tcp 0
                00:30:16.853592 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • S
                  sean0918
                  last edited by

                  ugh. but muh public IP.

                  1 Reply Last reply Reply Quote 0
                  • S
                    sean0918
                    last edited by

                    I'll redact it. Standby.

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      If that concerns you be sure to edit out of the above. lmk if you need me to do it in mine.

                      It is obvious from what has already been shown that the port forward is working and the server is responding with something with 0 bytes of payload.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • S
                        sean0918
                        last edited by

                        Hahahaaha. How embarassing. Well, at least you know what you are dealing with now. Thank you for wasting your time on me. I do appreciate it. I couldn't upload the .cap nor did it make sense when I converted it to a .txt so here is what I got. Public IP included.

                        09:03:03.796868 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 6378, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.5.50161 > 24.59.68.177.993: Flags [s], cksum 0xc68d (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:03.796889 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 127, id 6378, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.1.5627 > 192.168.1.5.993: Flags [s], cksum 0x0fc7 (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:03.797194 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 128, id 30340, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.1.5.993 > 192.168.1.1.5627: Flags [R.], cksum 0x4b77 (correct), seq 0, ack 1537239942, win 0, length 0
09:03:03.797201 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 127, id 30340, offset 0, flags [DF], proto TCP (6), length 40)
    24.59.68.177.993 > 192.168.1.5.50161: Flags [R.], cksum 0x023e (correct), seq 0, ack 1537239942, win 0, length 0
09:03:04.298138 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 6379, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.5.50161 > 24.59.68.177.993: Flags [s], cksum 0xc68d (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:04.298162 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 127, id 6379, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.1.50307 > 192.168.1.5.993: Flags [s], cksum 0x613e (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:04.298387 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 128, id 30344, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.1.5.993 > 192.168.1.1.50307: Flags [R.], cksum 0x9cee (correct), seq 0, ack 1537239942, win 0, length 0
09:03:04.298395 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 127, id 30344, offset 0, flags [DF], proto TCP (6), length 40)
    24.59.68.177.993 > 192.168.1.5.50161: Flags [R.], cksum 0x023e (correct), seq 0, ack 1, win 0, length 0
09:03:04.814122 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 6380, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.5.50161 > 24.59.68.177.993: Flags [s], cksum 0xc68d (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:04.814144 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 127, id 6380, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.1.56268 > 192.168.1.5.993: Flags [s], cksum 0x49f5 (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:04.814323 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 128, id 30345, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.1.5.993 > 192.168.1.1.56268: Flags [R.], cksum 0x85a5 (correct), seq 0, ack 1537239942, win 0, length 0
09:03:04.814330 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 127, id 30345, offset 0, flags [DF], proto TCP (6), length 40)
    24.59.68.177.993 > 192.168.1.5.50161: Flags [R.], cksum 0x023e (correct), seq 0, ack 1, win 0, length 0
[/s][/s][/s][/s][/s][/s]
                        1 Reply Last reply Reply Quote 0
                        • S
                          sean0918
                          last edited by

                          cripes. I swear I didn't do that strikethrough. Just give up on me.

                          1 Reply Last reply Reply Quote 0
                          • S
                            sean0918
                            last edited by

                            Ok so now to figure out why changing the router would cause the server to reject the connection… I made no changes on that side.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.