Odd error

[BayX]

Hey guys,

I'll start off by saying Happy 2018!

Now, I have a quite strange error on my website after switching router. I use TS3 PHP Framework (the newest version).

I keep getting this error:

Fatal error: Uncaught
TeamSpeak3_Transport_Exception: Connection
refused in
/public_html/libraries/TeamSpeak3/Transport/TCP.php:54 Stack trace: #0
/public_html/libraries/TeamSpeak3/Transport/TCP.php(108): TeamSpeak3_Transport_TCP->connect() #1
/public_html/libraries/TeamSpeak3/Adapter/ServerQuery.php(76): TeamSpeak3_Transport_TCP->readLine() #2
/public_html/libraries/TeamSpeak3/Adapter/Abstract.php(60): TeamSpeak3_Adapter_ServerQuery->syn() #3
/public_html/libraries/TeamSpeak3/TeamSpeak3.php(322): TeamSpeak3_Adapter_Abstract->__construct(Array) #4
/public_html/index.php(29):
TeamSpeak3::factory(Object(TeamSpeak3_Helper_Uri))
#5 {main} thrown in
/public_html/libraries/TeamSpeak3/Transport/TCP.php
on line 54

I've been reading about this error and all devs says that it can't connect to port 10011. Note that all ports are open and accessible, and all IP's are whitelisted on the TS server...
Anyone who has been fighting this issue before?

 

[Kieran]

Cant do much without seeing the code

Check ip, port, n stuff like that.

 

[BayX]

Cant do much without seeing the code

Check ip, port, n stuff like that.

I've checked it already. Everything worked 100% before I switched router, and now nothing works

 

[Kieran]

I've checked it already. Everything worked 100% before I switched router, and now nothing works

Then portforwarding is not correctly set up

 

[BayX]

Then portforwarding is not correctly set up

I can connect via telnet through external network so all ports are open and forwarded correctly

 

[BayX]

UPDATE #1
I switched router again because I wasn't happy with the one I bought a week ago. Once again all ports are open and can be reached from external network, but the error is still there. The server listens to all 3 ports but won't work for some reason.

Anyone, and I mean anyone, have a solution for this? I'm seriously going crazy right now!

UPDATE #2
I flushed iptables and started over. The current iptable list follows:

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -p udp --dport 9987 -j ACCEPT
-A INPUT -p udp --sport 9987 -j ACCEPT
-A INPUT -p tcp --dport 30033 -j ACCEPT
-A INPUT -p tcp --sport 30033 -j ACCEPT
-A INPUT -p tcp --dport 10011 -j ACCEPT
-A INPUT -p tcp --sport 10011 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

I did some checks from external websites and both TCP ports return as open..

• Port 10011 is open on ts.******.se.
• Port 30033 is open on ts.******.se.
• Port 10011 is open.
• Port 30033 is open.

I also tried to telnet to the TS-server from internal and external network, and both worked. So the question is, where does it fail?!

UPDATE #3
I reversed all changes I've made on the iptables and executed "netstat -plnt" and got the following result:

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:30033               0.0.0.0:*                   LISTEN      9352/./ts3server
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1175/sshd
tcp        0      0 0.0.0.0:2008                0.0.0.0:*                   LISTEN      1327/./AccountingSe
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1254/master
tcp        0      0 0.0.0.0:10011               0.0.0.0:*                   LISTEN      9352/./ts3server
tcp        0      0 :::30033                    :::*                        LISTEN      9352/./ts3server
tcp        0      0 :::22                       :::*                        LISTEN      1175/sshd
tcp        0      0 ::1:25                      :::*                        LISTEN      1254/master
tcp        0      0 :::10011                    :::*                        LISTEN      9352/./ts3server

The ports are open and listening. Still can't find the issue why I get "Connection refused"...
@Kieran Can you think of something that might be the issue?

 

[BayX]

Alright, I've been sitting for a few hours and searching about this problem. I've also been looking through everything once again. So I will compile a lost of what I have done so far, and what does and does not work.

• Opened all ports in my new router (9987, 10011, 30033)
• Disabled the firewall on the TS server (For testing)
• Telnet to TS server, both internal & external (it works)
• Tested the TS3 PHP Framework from both internal & external network (does not work, "Connection Refused")
• Flushed iptables and inserted all port values twice (doesn't work)
• Tried to set DMZ on the router pointing to TS servers IP (does not work)

What's a bit funny about all this is that all other Teamspeak Serverlists and Stats sites can connect through port 10011 successfully. So my head starts to hurt quite much. I've been struggeling with this issue for about 2 weeks now.
I really don't know what to do anymore. I'm out of options...

 

[Asphyxia]

I think the largest problem is that you are hosting this on a home network from the sounds of it. Home networks are annoying because typically you do not have access to enterprise switches and other various equipment intended to be usable in an enterprise environment. You can flash configs here and there with a few moves. For the sake of security, you should have an IDS/IPS solution.

When you begin hosting at home, you are essentially turning a toilet into a data center. You have no redundancy for the backbone (unless you have more than one net line running in and active), a simple storm could come through and knock out your website/service and lastly more than likely you are endangering your entire home network.

I highly recommend switching to a VPS if possible, a cheap and simple place to start is https://www.ovh.com/ca/en/vps/

I will gladly help you set this up on your home network this upcoming weekend if you want, but I really think you should consider the security risks first. ♥

 

[BayX]

I think the largest problem is that you are hosting this on a home network from the sounds of it. Home networks are annoying because typically you do not have access to enterprise switches and other various equipment intended to be usable in an enterprise environment. You can flash configs here and there with a few moves. For the sake of security, you should have an IDS/IPS solution.

When you begin hosting at home, you are essentially turning a toilet into a data center. You have no redundancy for the backbone (unless you have more than one net line running in and active), a simple storm could come through and knock out your website/service and lastly more than likely you are endangering your entire home network.

I highly recommend switching to a VPS if possible, a cheap and simple place to start is https://www.ovh.com/ca/en/vps/

I will gladly help you set this up on your home network this upcoming weekend if you want, but I really think you should consider the security risks first. ♥

Thank you for your reply!

I want to start of by saying that I have been hosting my servers and websites on my own server at home for about 3-4 years now, and this is the first time I've been having these issues. I don't know if it's caused by the new router, because everything worked as it should before my previous router died.

The only thing i did was to reboot the mainserver so all VPS got a new IP address. My webserver, database & mailserver works perfectly, and so does my TS server but not when it comes to connecting the framework to the server. That's really strange

 

[Asphyxia]

That's really strange

Check your pm please, will reveal solution/fix later.

 

[Asphyxia]

Port 10011 is open

Everything was well with the TeamSpeak 3 server.

The web server itself is running VPSSIM with the CSF firewall.

With the previous setup with the router --- the old TS3 server IP was allowed to be connected to via TELNET on port 10011.

netstat -a | grep "10011" on the TS3 server returned LISTENING.

nmap -p 10011 -PN 192.168.0.### on the web server (###=TS3 ip) and determined the port/connection was being filtered.

The eventual solution was to open a terminal via the web server

csf -a <ts3_IP>
csf -r

This allows the web server to connect to the TS3 IP and restarts the firewall to refresh the rules. We also disabled iptables on both machines, iptables could stay on with appropriate rules.

 

[BayX]

Everything was well with the TeamSpeak 3 server.

The web server itself is running VPSSIM with the CSF firewall.

With the previous setup with the router --- the old TS3 server IP was allowed to be connected to via TELNET on port 10011.

netstat -a | grep "10011" on the TS3 server returned LISTENING.

nmap -p 10011 -PN 192.168.0.### on the web server (###=TS3 ip) and determined the port/connection was being filtered.

The eventual solution was to open a terminal via the web server

csf -a <ts3_IP>
csf -r

This allows the web server to connect to the TS3 IP and restarts the firewall to refresh the rules.

So after a couple of weeks with constant headache, it finally works!
Thank you so much!