Re: "Connection refused" for everything except port 80

Sorry, forget to CC myself. (Is this the only way to get a reply from the list?)

> On Oct 17, 2024, at 19:24, Qingyao Sun <sunqingyao19970825@icloud.com> wrote:
>
> Dear List,
>
> I am a Ph.D. student at Cornell ORIE. I saw a Dell Optiplex 7050 SFF lying around in our department and decided to install OpenBSD on it. The machine does not have WiFi connectivity, but there is an RJ45 Ethernet jack, so I plugged a cable in, and wrote a standard hostname.em0
>
> werebane# cat /etc/hostname.em0
> inet autoconf
> inet6 autoconf
>
> After "doas /etc/netstart", The output of ifconfig looks fine
>
> werebane# ifconfig
> lo0: flags=2008049<UP,LOOPBACK,RUNNING,MULTICAST,LRO> mtu 32768
> index 3 priority 0 llprio 3
> groups: lo
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
> inet 127.0.0.1 netmask 0xff000000
> em0: flags=a48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6TEMP,AUTOCONF6,AUTOCONF4> mtu 1500
> lladdr 54:bf:64:5d:02:be
> index 1 priority 0 llprio 3
> groups: egress
> media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
> status: active
> inet6 fe80::56bf:64ff:fe5d:2be%em0 prefixlen 64 scopeid 0x1
> inet 10.236.181.231 netmask 0xffffff00 broadcast 10.236.181.255
> enc0: flags=0<>
> index 2 priority 0 llprio 3
> groups: enc
> status: active
> pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136
> index 4 priority 0 llprio 3
> groups: pflog
>
> In fact, I can ping and traceroute google.com without any problem
>
> werebane# ping -c 4 google.com
> PING google.com (132.236.61.7): 56 data bytes
> 64 bytes from 132.236.61.7: icmp_seq=0 ttl=61 time=0.737 ms
> 64 bytes from 132.236.61.7: icmp_seq=1 ttl=61 time=0.653 ms
> 64 bytes from 132.236.61.7: icmp_seq=2 ttl=61 time=0.738 ms
> 64 bytes from 132.236.61.7: icmp_seq=3 ttl=61 time=0.646 ms
>
> --- google.com ping statistics ---
> 4 packets transmitted, 4 packets received, 0.0% packet loss
> round-trip min/avg/max/std-dev = 0.646/0.693/0.738/0.044 m
>
> werebane# traceroute -n google.com
> traceroute to google.com (132.236.61.7), 64 hops max, 40 byte packets
> 1 * 132.236.181.1 7.108 ms 1.274 ms
> 2 132.236.222.161 0.443 ms 128.253.222.161 0.524 ms 0.305 ms
> 3 128.253.222.114 0.572 ms 132.236.222.110 0.671 ms 128.253.222.114 0.735 ms
> 4 132.236.61.7 0.703 ms 0.688 ms 0.673 m
>
> However, I got a "Connection refused" error when trying to install packages
>
> werebane# pkg_add curl
> https://cdn.openbsd.org/pub/OpenBSD/7.6/packages-stable/amd64/: ftp: connect: Connection refused
> https://cdn.openbsd.org/pub/OpenBSD/7.6/packages/amd64/: ftp: connect: Connection refused
> https://cdn.openbsd.org/pub/OpenBSD/7.6/packages/amd64/: empty
> Can't find curl
>
> What about another mirror? Still connection refused
>
> werebane$ doas pkg_add -vvvvv curl
> ftp://ftp.usa.openbsd.org/pub/OpenBSD/7.6/packages-stable/amd64/: ftp: connect: Connection refused
> ftp: Can't connect or login to host `ftp.usa.openbsd.org'
> ^Cpkg_add: Caught SIGINT
>
> Besides FTP (port 21), I also cannot use SSH or access websites via HTTPS (port 443). However, I can somehow connect to HTTP (port 80) on remote servers.
>
> werebane# nc -z google.com 80; echo $?
> Connection to google.com (132.236.61.7) 80 port [tcp/www] succeeded!
> 0
> werebane# pfctl -d; nc -z google.com 443; echo $?; pfctl -e
> pf disabled
> 1
> pf enabled
> Here is the dmesg
>
> https://pastebin.com/fxsva5PZ
>
>
> I'm also attaching the output of tcpdump in case it helps
>
> werebane# tcpdump -ntvvqX -s 1440 -i em0 host google.com
> tcpdump: listening on em0, link-type EN10MB
> 10.236.181.231.28027 > 132.236.61.7.443: tcp 0 (DF) (ttl 64, id 2873, len 64)
> 0000: 4500 0040 0b39 4000 4006 acb8 0aec b5e7 E..@.9@.@.......
> 0010: 84ec 3d07 6d7b 01bb 1ee5 d762 0000 0000 ..=.m{.....b....
> 0020: b002 4000 82f9 0000 0204 05b4 0101 0402 ..@.............
> 0030: 0103 0306 0101 080a b61e 9643 0000 0000 ...........C....
>
> 132.236.61.7.443 > 10.236.181.231.28027: tcp 0 (DF) (ttl 61, id 0, len 40)
> 0000: 4500 0028 0000 4000 3d06 bb09 84ec 3d07 E..(..@.=.....=.
> 0010: 0aec b5e7 01bb 6d7b 0000 0000 1ee5 d763 ......m{.......c
> 0020: 5014 0000 c78a 0000 0000 0000 0000 P.............
>
> 10.236.181.231.48663 > 132.236.61.7.443: tcp 0 (DF) (ttl 64, id 3818, len 64)
> 0000: 4500 0040 0eea 4000 4006 a907 0aec b5e7 E..@..@.@.......
> 0010: 84ec 3d07 be17 01bb def3 7e7a 0000 0000 ..=.......~z....
> 0020: b002 4000 82f9 0000 0204 05b4 0101 0402 ..@.............
> 0030: 0103 0306 0101 080a 9885 1905 0000 0000 ................
>
> 132.236.61.7.443 > 10.236.181.231.48663: tcp 0 (DF) (ttl 61, id 0, len 40)
> 0000: 4500 0028 0000 4000 3d06 bb09 84ec 3d07 E..(..@.=.....=.
> 0010: 0aec b5e7 01bb be17 0000 0000 def3 7e7b ..............~{
> 0020: 5014 0000 0fc8 0000 0000 0000 0000 P.............
>
> 10.236.181.231 > 132.236.61.7: icmp: 8 0 [icmp cksum ok] (ttl 255, id 33893, len 84)
> 0000: 4500 0054 8465 0000 ff01 b47c 0aec b5e7 E..T.e.....|....
> 0010: 84ec 3d07 0800 dfab b582 0000 8ee7 3453 ..=...........4S
> 0020: 7f97 a013 eee5 a00c ad96 8f97 2107 4942 ............!.IB
> 0030: f44b e2b2 1819 1a1b 1c1d 1e1f 2021 2223 .K.......... !"#
> 0040: 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123
> 0050: 3435 3637 4567
>
> 132.236.61.7 > 10.236.181.231: icmp: 0 0 [icmp cksum ok] (ttl 61, id 52978, len 84)
> 0000: 4500 0054 cef2 0000 3d01 2bf0 84ec 3d07 E..T....=.+...=.
> 0010: 0aec b5e7 0000 e7ab b582 0000 8ee7 3453 ..............4S
> 0020: 7f97 a013 eee5 a00c ad96 8f97 2107 4942 ............!.IB
> 0030: f44b e2b2 1819 1a1b 1c1d 1e1f 2021 2223 .K.......... !"#
> 0040: 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123
> 0050: 3435 3637 4567
> Initially I thought this might be due to some firewall configuration in our department, but that is unlikely because I'm trying to access ports on *remote* machines. Moreover, another Windows machine connecting to the same network switch have no problem accessing websites via HTTPS.
>
> How do I connect to ports other than 80 on remote machines? Any thoughts are appreciated!
>
>
> Bests,
> Qingyao