Rsync connections to feed.community.greenbone.net refused (possible IP blacklist)

Hello,

Initially, we deployed Greenbone OpenVAS using the Docker Compose setup, and the feed downloads worked without any issues.

Later, we switched to using the official Kali Linux packages. After this change, the feed updates stopped working. Since then, every rsync attempt fails with “Connection refused”. Given that the Kali setup may have triggered multiple repeated connection or update attempts, we suspect that our public IP address may have been temporarily or permanently blacklisted.

Below are the errors we are consistently receiving:

[*] Configure Feed Import Owner
[*] Update GVM feeds
Running as root. Switching to user '_gvm' and group '_gvm'.
Trying to acquire lock on /var/lib/openvas/feed-update.lock
Acquired lock on /var/lib/openvas/feed-update.lock
⠋ Downloading Notus files from rsync://feed.community.greenbone.net/community/vulnerability-feed/24.10/vt-data/notus/ to /var/lib/notus
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.143): Connection refused (111)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe7f:d2ae): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(139) [Receiver=3.4.1]

⠋ Downloading NASL files from rsync://feed.community.greenbone.net/community/vulnerability-feed/24.10/vt-data/nasl/ to /var/lib/openvas/plugins
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.143): Connection refused (111)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe7f:d2ae): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(139) [Receiver=3.4.1]

Releasing lock on /var/lib/openvas/feed-update.lock

Trying to acquire lock on /var/lib/gvm/feed-update.lock
Acquired lock on /var/lib/gvm/feed-update.lock
⠋ Downloading SCAP data from rsync://feed.community.greenbone.net/community/vulnerability-feed/24.10/scap-data/ to /var/lib/gvm/scap-data
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.143): Connection refused (111)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe7f:d2ae): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(139) [Receiver=3.4.1]

⠋ Downloading CERT-Bund data from rsync://feed.community.greenbone.net/community/vulnerability-feed/24.10/cert-data/ to /var/lib/gvm/cert-data
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.143): Connection refused (111)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe7f:d2ae): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(139) [Receiver=3.4.1]

⠋ Downloading gvmd data from rsync://feed.community.greenbone.net/community/data-feed/24.10/ to /var/lib/gvm/data-objects/gvmd
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.143): Connection refused (111)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe7f:d2ae): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(139) [Receiver=3.4.1]

Could you please check whether our IP address has been blocked or rate-limited, and advise us on how we can resolve this or request an unblock?

Thank you very much for your support.

Best regards,

Najib

There is just one connection per Public IP, no black listing at all. Try to check if you have already a connection and terminate this should resolve your issues.

Hello,

We have performed all possible checks on our server to investigate why the feed updates are failing:

┌──(openvas㉿kali)-[~]
└─$ sudo netstat -tnp | grep 873
sudo ss -tnp | grep 873
                                                                                                                                                                                                                                                                              
┌──(openvas㉿kali)-[~]
└─$ 
┌──(openvas㉿kali)-[~]
└─$ ping feed.community.greenbone.net
PING feed.community.greenbone.net (45.135.106.143) 56(84) bytes of data.
^C
--- feed.community.greenbone.net ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4083ms

                                                                                                                                                                                             
┌──(openvas㉿kali)-[~]
└─$ telnet feed.community.greenbone.net 873
Trying 45.135.106.143...
Connection failed: Connection refused
Trying 2a0e:6b40:20:106:20c:29ff:fe7f:d2ae...
telnet: Unable to connect to remote host: Network is unreachable                                                                                                                                                                                             

Our IP is not blocked or occupied by another connection

Try to run “curl ifconfig.co”, is seems you have a setup / nat issue due to “Network is unreachable”. You can´t ping any resource due to firewall/loadbalancer setup.

If you are behind a CGN / NAT use IPv6.

Yes — I ran curl ifconfig.co and it does return my public IP address, which means my server does have outward Internet connectivity and is reachable with a valid external IP.