Solved [Solved] Refused connection high port numbers

I Installed FreeBSD 10 running IPFW and Squid for proxying traffic out of my network. However I'm currently experiencing problems when connecting to specific port numbers. For instance, a connection to X.X.X.X on port 443 is whitelisted in both Squid and IPFW isn't a problem, however connecting to port 5000 or 58123 on the same IP fails (also whitelisted in IPFW and Squid). Reviewing the log files from IPFW and Squid shows the connection attempts were allowed. But the connection fails.

Setting up a simple telnet within FreeBSD also results in a "Connection refused" on these ports, while setting a telnet to 443 is successful. Testing different sites with different port numbers shows the same results, somehow these high port numbers are rejected. Disabling my firewall did not solve the problem, no other firewall is set up behind this FreeBSD install. Any suggestions?
 
Re: Refused connection high port numbers

A "connection refused" indicates that the port is closed. More specifically it is returning an RST packet. This will happen when there's nothing running on that particular port.
 
Re: Refused connection high port numbers

Of course that is not the case. Setting up a telnet connection on the same port with another machine in the same network is successful. It is just my machine where it fails.
 
Re: Refused connection high port numbers

For troubleshooting:
  • If not already installed, install tcptraceroute(8) -- # portmaster tcptraceroute.
  • Show us the output of # tcptraceroute <remote host> <high remote port>.

For example: # tcptraceroute www.freebsd.org 5000
Code:
Selected device re0, address 200.70.90.50, port 23341 for outgoing packets
Tracing the path to www.freebsd.org (8.8.178.110) on TCP port 5000, 30 hops max
 1  cXXaYYY1.virtua.com.br (200.70.90.10)  37.583 ms  32.899 ms  24.720 ms
 2  200.70.90.20 (200.70.90.20)  11.564 ms  12.549 ms  12.515 ms
 3  c8bd5001.virtua.com.br (200.189.80.1)  13.069 ms  12.255 ms  12.764 ms
 4  embratel-T0-1-0-2-uacc04.spoph.embratel.net.br (201.56.189.9)  10.318 ms  27.913 ms  12.120 ms
 5  ebt-T0-4-0-2-tcore01.spo.embratel.net.br (200.230.159.214)  16.517 ms  11.857 ms  12.269 ms
 6  ebt-BP1113-intl03.mianap.embratel.net.br (200.230.220.62)  130.542 ms  131.722 ms  131.786 ms
 7  ae7.mia10.ip4.tinet.net (199.168.63.185)  126.469 ms  126.650 ms  127.859 ms
 8  xe-4-2-0.sjc10.ip4.tinet.net (89.149.186.185)  201.459 ms  199.837 ms  201.796 ms
 9  ge-0-3-9.pat1.sjc.yahoo.com (216.115.96.10)  199.743 ms  317.447 ms  202.153 ms
10  bgp0-ext.ysv.freebsd.org (216.115.101.225)  202.550 ms  202.120 ms  201.443 ms
11  wfe0.ysv.freebsd.org (8.8.178.110) [closed]  218.265 ms  203.272 ms  201.037 ms

Of course port 5000 does not work on www.freebsd.org, therefore the final status is [closed].
 
Back
Top