Ports/IPFILTER problem on deployed Thinger.io server (Cloud VPS): [_SOCKET] Error while connecting! [SOLVED]

robert-winkler · May 2, 2019, 10:34am

Hi, I deployed my own Thinger.io server on an ionos Cloud VPS.
Fine so far; the console works. I just have problems to connect my device(s). The same code works using iot.thinger.io (I just added the #define THINGER_SERVER ‘xxx.xx.xxx.xx’). The DEBUG/ serial output looks not so bad:

Found BME280 sensor! Success.
[NETWORK] Starting connection…
[NETWORK] Connecting to network WLAN-B21A
[NETWORK] Connected to WiFi!
[NETWORK] Getting IP Address…
[NETWORK] Got IP Address: 192.168.11.105
[NETWORK] Connected!
[_SOCKET] Connecting to xx.xxx.xxx.xx.xx:25202…
[_SOCKET] Using secure TLS/SSL connection: yes
[_SOCKET] Error while connecting!
Temp: 23.13 °C Humidity: 33.60% RH Pressure: 98613.31 Pa
eCO2: 405 ppm tVOC:0 ppb

[_SOCKET] Connecting to xx.xxx.xxx.xx.xx:25202…
[_SOCKET] Using secure TLS/SSL connection: yes
[_SOCKET] Error while connecting!
Temp: 23.13 °C Humidity: 33.45% RH Pressure: 98611.41 Pa
eCO2: 920 ppm tVOC:79 ppb

Might it be a port/ firewall problem?

On the SERVER
I opened the 25200 and 25202 ports with ufw, allowing both input and output from those ports:

root@localhost:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To Action From

22/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
25200 ALLOW IN Anywhere
25202 ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
25200 (v6) ALLOW IN Anywhere (v6)
25202 (v6) ALLOW IN Anywhere (v6)

25200 ALLOW OUT Anywhere
25202 ALLOW OUT Anywhere
25200 (v6) ALLOW OUT Anywhere (v6)
25202 (v6) ALLOW OUT Anywhere (v6)

root@localhost:~# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost.localdo:27017 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25200 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25202 0.0.0.0:* LISTEN
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
udp 0 0 localhost:domain 0.0.0.0:*
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
udp6 0 0 linux:dhcpv6-client [::]:*

However, when scanning the ports from OUTSIDE:

[root@localhost robertwinkler]# nmap xx.xxx.xx.xx
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 11:56 CEST
Nmap scan report for xx.xxx.xx.xx
Host is up (0.079s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https

nmap xx.xxx.xx.xx -p25200:25202

PORT STATE SERVICE
25200/tcp filtered unknown
25201/tcp filtered unknown
25202/tcp filtered unknown

Is there the problem that the ports are not open from outside (if yes, how to fix that)? Any other idea?

EDIT: The solution was to edit the firewall rules on the ionos.de VPS configuration platform.

Best, Robert