nmap shows me that one service is "open|filtered" while locally it's "open", how to open?

I have a Quake 3 server. And it’s launched successfully.

The problem is that no one can connect to that server.

I am running: nmap -sU -p 27960 hostname and it’s showing me that it’s state open|filtered

if I am running that command right from the server it is open.

Also, I am making sure that it’s binding to the right iface

I checked the iptables rules and couldn’t find any filters related to it. Furthermore, I tried to open the port explicitly via iptables -A INPUT -p udp --dport 27960 -j ACCEPT

but this didn’t help.

What it could be?

I called to ISP support center and they said they are not filtering anything.

Asked By: bakytn


Getting different nmap results from local machine and remote machines means there is some kind of firewall(whether running locally or some remote machine) which is blocking. According to the nmap documentation,


Nmap places ports in this state when it is unable to determine whether  
a port is open or filtered. This occurs for scan types in which open
ports give no response. The lack of response could also mean that a 
packet filter dropped the probe or any response it elicited. So Nmap 
does not know for sure whether the port is open or being filtered. The
UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way.

I would recommend you to try out following tools to find out whether exactly the problem exists:

  1. To capture the UDP packets destined to port 27960 using tcpdump and . Check whether the packets are reaching your machine or not.

Run the following command to capture the udp packets destined to port 27960 in a file tcpdump.out

$ sudo tcpdump -A 'udp and port 27960' -w tcpdump.out`

Try connecting from other machine to port using netcat

$ nc <server-ip-address> -u 27960

Now stop the dump and check whether any packet got captured in the tcpdump.out or not using wireshark.

$ wireshark tcpdump.out

If no packet got captured, this means some intermediate device(firewall) is preventing the communication. Else, if captured check the reply which the server is giving in return of the request. If it is any kind of ICMP reply with some error code, it means there is some local firewall which is blocking.

Answered By: pradeepchhetri
Categories: Answers Tags: ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.