Hey everyone! Problem solved! Ubuntu 20 has switched to nftables and even though iptables is in place; nftables apparently rules -- so even if iptables looks like everything is correct whatever nftables is doing will cause you trouble if you don't know it's there. We discovered this about 10 minutes before Matus responded and mentioned it.
Thank you all for your help. This community is amazing. I appreciate all of you! On Tue, Jun 15, 2021 at 2:47 AM Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: > On 14.06.21 13:55, Linda Pagillo wrote: > >I have already verified and reverified with our server host that port 465 > >is open on their main fw. However, when I do a port scan to 465 from the > >outside it says it is closed. My server host did the same scan and said > >that it's not them and it's a firewall on the server. I only have one > >firewall on the server and it is completely disabled at this time. Since > >the packets do get to the server we know it's not a firewall upstream. > > > >tcpdump shows the syn packets coming in -- but nothing going out. > > > >The firewall (iptables) is empty. (fully cleared and flushed -- even > >rebooted with no rules) > > including nat and mangle tables? > iptables -t nat -L > iptables -t mangle -L > > do you have nftables installed? > > >Postfix answers fine on all other ports and so do other apps on the > >machine, so not likely to be routing unless something specific to postfix > >on this port. > > > >Netstat shows the port bound by postfix or 0.0.0.0 and listening -- so no > >idea what would be special there; and it does respond locally... just not > >externally. > > > >If something is blocking the response or the ingress it's not iptables. At > >this point, I'm not sure what else it could be. > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Nothing is fool-proof to a talented fool. >
