Unable to access the web port 64297 and the SSH port 64295.

[bridgeio1]

tpot-hive is installed on 172.18.0.2. After accessing the SSH of 172.18.0.2 from 192.168.0.3 and installing tpot-hive, I am unable to access the SSH port
64295 and the web port 64297 of 172.18.0.2. I cannot locate the security configuration settings. Please advise.

1. 192.168.0.3 accesses 172.18.0.2 using an IPSec VPN.
2. After shutting down tpot-hive, 192.168.0.3 is able to access the SSH port 64295 on 172.18.0.2.
3. Vmware
4. Operating System: Ubuntu 24
5. 172.18.0.3 is able to access the SSH port 64295 and the web port 64297 on 172.18.0.2.
6. tcpdump can capture packets from 192.168.0.3 on 172.18.0.2. wirshark show：[TCP Retransmission] 63573 → 64295 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM

[mrtcodehub]

It looks like tpot-hive is interfering with network connectivity on your system. Here are some possible causes and troubleshooting steps:

Possible Causes:
Firewall Rules (iptables/nftables)
tpot-hive may have modified firewall rules, blocking access from 192.168.0.3 while allowing 172.18.0.3.
Port Conflicts
tpot-hive may be binding to the SSH/web ports in a way that prevents access from certain networks.
Network Namespace or Docker Issues
If tpot-hive is running in a container, it may be creating network namespaces or modifying routing rules.
IPS Mode Blocking Traffic
If tpot-hive's intrusion prevention system (e.g., Suricata) is active, it may be blocking connections from 192.168.0.3.
Troubleshooting Steps:

1. Check Firewall Rules
   Run the following command on 172.18.0.2 to check iptables rules:

bash
sudo iptables -L -n -v
or if using nftables:

bash
sudo nft list ruleset
Look for any rules blocking SSH (port 64295) or web (port 64297) from 192.168.0.3.

To temporarily disable iptables for testing:

bash
sudo iptables -F
If this resolves the issue, you need to adjust firewall rules permanently.

2. Check Listening Ports
   Confirm what process is using ports 64295 and 64297:

bash
sudo netstat -tulnp | grep -E '64295|64297'
or

bash
sudo ss -tulnp | grep -E '64295|64297'
Ensure SSH and web services are listening on 0.0.0.0 or the correct interface.

3. Check Routing
   Verify routing tables to see if traffic from 192.168.0.3 is misrouted:

bash
ip route show
Compare routes before and after starting tpot-hive.

4. Check tpot-hive Logs
   tpot-hive may be logging blocked connections:

bash
sudo journalctl -u tpot-hive --since "10 minutes ago"
or check /var/log/tpot.log.

5. Disable Suricata (IPS)
   If Suricata is running, it may be blocking the connection. Temporarily disable it and test:

bash
sudo systemctl stop suricata
If this resolves the issue, check Suricata logs for blocked traffic:

bash
sudo journalctl -u suricata --since "10 minutes ago"
6. Check Docker Network Configuration (if applicable)
If tpot-hive uses Docker, list the networks:

bash
docker network ls
Inspect active firewall rules created by Docker:

bash
sudo iptables -t nat -L
If necessary, adjust network configurations.