Introduction

You may encounter issues with connecting to a remote host such as securedownloads.cpanel.net or another service site with an error stating the connection was refused. This is often caused by a firewall or block at the network level. You can use a few tools to troubleshoot the connection and determine if the remote host is blocking this or your local server. 

Procedure

Using host, we can first determine the IP address and if our DNS lookup is working. 

host securedownloads.cpanel.net
securedownloads.cpanel.net has address 208.74.121.38
securedownloads.cpanel.net has address 208.74.123.12

Once we have the IP address of the domain we’re trying to connect to, use telnet or curl to check the connection. 

$ curl securedownloads.cpanel.net
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://securedownloads.cpanel.net/">here</a>.</p>
</body></html>
$ telnet securedownloads.cpanel.net port_number
Trying 208.74.123.12...
Connected to securedownloads.cpanel.net.
Escape character is '^]'.

If you are unable to connect using curl or telnet, next, use MTR and see where the connection stops. You may need to install this.

yum install mtr
# mtr -rc 10 208.74.123.12
Start: Thu Jun 25 16:10:24 2020


If there is no result, then we know this is being blocked at the server. If this does provide an output, this will help determine where the connection is dropping, weather it’s the hosting provider or at the remote location you’re trying to access.

In the event you do not get an output, and you have CSF, you can use the following to search and verify if it is blocked.

 csf -g <IP>

If you have iptables, you can use the following:

iptables -L INPUT -v -n | grep <ip>
iptables -vL -t nat|grep <IP>

If the IP is listed, you can use one of the following to whitelist the IP for CSF or for Iptables. Using -D will delete the rule. You may need to modify this depending on the rule in Iptables.

csf -a 
iptables -D INPUT -s 1.2.3.4 -j DROP

Finally, make sure you save the firewall:

service iptables save