NVT Link Connection Issues

Hey all!

Not sure what is going on at all here, probably an IPv6/NAT issue but I can’t narrow it down after hours of troubleshooting and Googling.
I am using IPv4 only on my network but there are no outbound rules in place to stop my server from connecting to the internet.

Running the following fails:
nc -vvv feed.openvas.org 873

But running this does not:
nc -vvv feed.community.greenbone.net 873

I have tried netcating directly from my FW’s public interface as well and have the same outcome, so to me that rules out NAT or FW rules.
I cannot ping the address either from any device, but it does resolve to with both an ipv4 and ipv6

There are no other devices running rsync that have any issues.
Purged states on interfaces before trying.

Anyone have any ideas?

Thanks!

Welcome here,

Do you share an (real public) IP address with any other customer ?
The rule is simple, one IP simultaneously, if your ISP shares outgoing connections via Carrier-grade NAT ( CGN ), you need to get a real address or wait until the IP is free again. Please note “feed.openvas.org” is since two years out of service.

Please check the other posts how to debug this.

1 Like

I did look into this as well.
I share a public IP via a VPN gateway on my ‘sandboxed’ networks, but there shouldn’t be any issues with my home public IP from Google Fiber. And I tried to netcat from that IP with the same results.
There might be some NAT trickery going on for the ISP side, but there is nothing in Shodan related to my IP other than the services I run. I know that doesn’t mean it’s not shared but that lowers the likelihood of someone using a service like this from the same IP.

Not sure if there are any other things I can try? My update cron job is set for 1A MST too.

We are working on a solution to improve the situation on our side too. I’ll write an announcement when it is ready.

2 Likes

That sounds great!
Definitely a ISP thing on my end, my IP leased is different than my public so it must be double NATed.
Cant get it to work via a nord VPN gateway either.

See

1 Like