Windows to Linux Network TCP Connection Troubleshooting Guide
Problem: Windows Client Cannot Connect to Linux Server on Specific Ports
Symptoms
Test-NetConnectionfrom Windows fails with connection timeout or refusedpingworks successfully between Windows and Linux- Service appears to be running on Linux server
- Connection works locally on Linux server
Common Scenario
# This works:
ping 192.168.1.100
# This fails:
Test-NetConnection 192.168.1.100 -Port 1502
Step-by-Step Troubleshooting
1. Verify Basic Network Connectivity
# From Windows - test basic connectivity
ping [LINUX_SERVER_IP]
If ping fails, check network configuration, cables, and switches.
2. Check Service Status on Linux Server
# Verify the service is actually listening
sudo netstat -tlnp | grep :[PORT]
# or
sudo ss -tlnp | grep :[PORT]
Key points to check:
- Service shows as
LISTEN - Binding address should be
0.0.0.0:[PORT](all interfaces) - NOT
127.0.0.1:[PORT](localhost only) - NOT
:::[PORT](IPv6 only)
3. Test Local Connection on Linux
# Test locally first
telnet 127.0.0.1 [PORT]
# or
nc -zv 127.0.0.1 [PORT]
If this fails, the service isn’t properly configured or running.
4. Check Linux Firewall (Most Common Issue)
Ubuntu/Debian (UFW):
# Check status
sudo ufw status
# If active, temporarily disable for testing
sudo ufw disable
# Re-enable after testing
sudo ufw enable
# Or allow specific port
sudo ufw allow [PORT]
CentOS/RHEL/Fedora (firewalld):
# Check status
sudo systemctl status firewalld
sudo firewall-cmd --list-all
# Temporarily disable
sudo systemctl stop firewalld
# Or allow specific port
sudo firewall-cmd --add-port=[PORT]/tcp --permanent
sudo firewall-cmd --reload
Direct iptables:
# Check current rules
sudo iptables -L -n
# Temporarily flush all rules (removes ALL firewall protection)
sudo iptables -F
sudo iptables -P INPUT ACCEPT
5. Test from Windows After Firewall Changes
Test-NetConnection [LINUX_SERVER_IP] -Port [PORT]
6. Service Configuration Issues
If the service binds to wrong interface:
Check binding configuration:
# Find the service process
ps aux | grep [SERVICE_NAME]
# Check process details
sudo lsof -p [PID]
Common configuration fixes:
- Change
bind = 127.0.0.1tobind = 0.0.0.0 - Change
host = localhosttohost = 0.0.0.0 - Change
listen = ::1tolisten = 0.0.0.0
Common Solutions Summary
| Issue | Solution |
|---|---|
| Service not running | Start the service: sudo systemctl start [service] |
| Wrong interface binding | Configure service to bind to 0.0.0.0 instead of 127.0.0.1 |
| Linux firewall blocking | Disable firewall or allow specific port |
| IPv6 only binding | Configure service for IPv4 (0.0.0.0) instead of IPv6 (:::) |
| Windows firewall | Check Windows Defender Firewall for outbound rules |
Prevention Tips
- Always test locally first on the Linux server
- Use
0.0.0.0binding for services that need external access - Document firewall rules when opening ports
- Use
netstat/ssto verify service binding before testing remotely - Test one service at a time to isolate issues
Quick Diagnostic Commands
Linux Server:
# Show all listening services
sudo netstat -tlnp
# Check specific port
sudo netstat -tlnp | grep :[PORT]
# Check firewall
sudo ufw status
sudo iptables -L -n
Windows Client:
# Test connectivity
Test-NetConnection [IP] -Port [PORT]
# Alternative with telnet
telnet [IP] [PORT]
# Test multiple ports
80,443,22,8080 | ForEach-Object { Test-NetConnection [IP] -Port $_ }
Remember
Document changes: Keep track of firewall and service modifications
Security first: Re-enable firewalls after testing
Specific rules: Allow only necessary ports, not all traffic
