Hi everyone,
I’m having a hard time troubleshooting some strange behaviour im experiencing on my dietpi install.
Hope somebody here can help me solve this.
I recently acquired a domainname and i’m trying to enable a https secure (with lets encrypt) connection with multiple applications like
nginx / domoticz / Emby server etc.
i’ve enabled a port forwarding rule on my router to the static ip adres of my dietpi installation (192.168.1.20)
But when i check the domainname or the public ip adres with sites like https://www.canyouseeme.org, the port seems to be closed. Which is strange because the port forwarding rule is no different than any other working port forwards.
So i started troubleshooting the problem by following the traffic from https://www.canyouseeme.org
First up the traffic from the internet to my router, the traffic arrives at the router and is forwarded to the correct ip 192.168.1.20
admin@UnifiSecurityGateway:~$ sudo tcpdump -n -i eth1 port 443 and host 192.168.1.20
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
13:43:57.905462 IP 52.202.215.126.54981 > 192.168.1.20.443: Flags [S], seq 343550789, win 26883, options [mss 1460,sackOK,TS val 4070849679 ecr 0,nop,wscale 7], length 0
13:43:58.902144 IP 52.202.215.126.54981 > 192.168.1.20.443: Flags [S], seq 343550789, win 26883, options [mss 1460,sackOK,TS val 4070849929 ecr 0,nop,wscale 7], length 0
13:44:00.906108 IP 52.202.215.126.54981 > 192.168.1.20.443: Flags [S], seq 343550789, win 26883, options [mss 1460,sackOK,TS val 4070850430 ecr 0,nop,wscale 7], length 0
Next up the traffic from the router to my dietpi install 192.168.1.20. And here lies the problem.
root@DietPi:~# tcpdump -n -i eth0 port 443
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:46:40.094570 IP 52.202.215.126.55275 > 192.168.1.20.443: Flags [S], seq 253625873, win 26883, options [mss 1460,sackOK,TS val 4070890220 ecr 0,nop,wscale 7], length 0
13:46:41.094047 IP 52.202.215.126.55275 > 192.168.1.20.443: Flags [S], seq 253625873, win 26883, options [mss 1460,sackOK,TS val 4070890470 ecr 0,nop,wscale 7], length 0
13:46:43.097854 IP 52.202.215.126.55275 > 192.168.1.20.443: Flags [S], seq 253625873, win 26883, options [mss 1460,sackOK,TS val 4070890971 ecr 0,nop,wscale 7], length 0
My dietpi install seems to never reply to the incoming traffic with the correct response. So the port fowarding rule is working but there is no outbound traffic. So i thought that this must be local firewall issue. So i opened my iptables.
root@DietPi:~# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
There are no firewall rules active which could cause this behaviour and now i’m out of options.
What could be issue i’m not seeing?