I just want to point this out before people begin mass migrations to the new DC.

I've already brought this to caker's attention (and I'm unsure of where the issue stands currently) but I migrated to the new DC a couple days ago, and discovered that AtlantaNAP is filtering a lot of ports. Much more than ThePlanet does.

And it's filtering them inbound and outbound, such that not only can I not host something on port 6667, for example (not that I do), but I cannot connect to a remote server on the same port, either.

Here's the list (from nmap -vv -sA)

1/tcp     filtered tcpmux
9/tcp     filtered discard
11/tcp    filtered systat
13/tcp    filtered daytime
15/tcp    filtered netstat
19/tcp    filtered chargen
93/tcp    filtered dcp
111/tcp   filtered rpcbind
135/tcp   filtered msrpc
136/tcp   filtered profile
137/tcp   filtered netbios-ns
512/tcp   filtered exec
514/tcp   filtered shell
515/tcp   filtered printer
540/tcp   filtered uucp
593/tcp   filtered http-rpc-epmap
707/tcp   filtered
1075/tcp  filtered
1080/tcp  filtered socks
1180/tcp  filtered
1182/tcp  filtered
1434/tcp  filtered ms-sql-m
1900/tcp  filtered UPnP
2282/tcp  filtered
3128/tcp  filtered squid-http
3332/tcp  filtered
3802/tcp  filtered
4444/tcp  filtered krb524
5000/tcp  filtered UPnP
5490/tcp  filtered connect-proxy
6001/tcp  filtered X11:1
6002/tcp  filtered X11:2
6003/tcp  filtered X11:3
6004/tcp  filtered X11:4
6005/tcp  filtered X11:5
6006/tcp  filtered X11:6
6007/tcp  filtered X11:7
6008/tcp  filtered X11:8
6009/tcp  filtered X11:9
6010/tcp  filtered
6011/tcp  filtered
6012/tcp  filtered
6013/tcp  filtered
6014/tcp  filtered
6015/tcp  filtered
6016/tcp  filtered
6017/tcp  filtered xmail-ctrl
6018/tcp  filtered
6019/tcp  filtered
6020/tcp  filtered
6021/tcp  filtered
6022/tcp  filtered
6023/tcp  filtered
6024/tcp  filtered
6025/tcp  filtered
6026/tcp  filtered
6027/tcp  filtered
6028/tcp  filtered
6029/tcp  filtered
6030/tcp  filtered
6031/tcp  filtered
6032/tcp  filtered
6033/tcp  filtered
6034/tcp  filtered
6035/tcp  filtered
6036/tcp  filtered
6037/tcp  filtered
6038/tcp  filtered
6039/tcp  filtered
6040/tcp  filtered
6041/tcp  filtered
6042/tcp  filtered
6043/tcp  filtered
6044/tcp  filtered
6045/tcp  filtered
6046/tcp  filtered
6047/tcp  filtered
6048/tcp  filtered
6049/tcp  filtered
6050/tcp  filtered arcserve
6051/tcp  filtered
6052/tcp  filtered
6053/tcp  filtered
6054/tcp  filtered
6055/tcp  filtered
6056/tcp  filtered
6057/tcp  filtered
6058/tcp  filtered
6059/tcp  filtered
6060/tcp  filtered
6061/tcp  filtered
6062/tcp  filtered
6063/tcp  filtered
6588/tcp  filtered analogx
6667/tcp  filtered irc
6669/tcp  filtered
6711/tcp  filtered
6712/tcp  filtered
6776/tcp  filtered
7000/tcp  filtered afs3-fileserver
7441/tcp  filtered
12345/tcp filtered NetBus
12346/tcp filtered NetBus
16660/tcp filtered
22788/tcp filtered
27665/tcp filtered Trinoo_Master
31337/tcp filtered Elite
33270/tcp filtered
39168/tcp filtered
53201/tcp filtered
65000/tcp filtered

Updated list of blocked ports on 2008-07-05. In the past year, they seem to have unblocked ports 138, 139, 445, 623 and 664

Cheese n Rice!

Thanks for the heads up. Main reason why I like Linode, can run an small IRC server for like a dozen people, our main way to keep in touch.

Indeed. I just set up a small irc server for a project on my server, and use another small irc server that's also on a linode (not mine) to communicate with my small group of friends as well.

Too bad, I remember when you used to be able to run anything on a linode. What's next? Filtering everything except 22, 25, 80 and 443? Gotta keep those mean hackers out yah know.

These filtered ports are certainly a nuisance. I have a couple of services affected by this that I've had to move elsewhere (unfortunately the ports they run on are fixed).

Aaron, did you hear back from Chris about any likely resolution?

I asked Tom about this during my Fre->Atl migration (via support ticket system), and Linode.com is/was of the opinion that this wouldn't affect any Linode customers migrating to Atlanta.

Obviously this does affect you negatively. I'd suggest opening a support ticket asking for the required ports to be unblocked. Hopefully Linode.com will then take it up with AtlantaNAP and fix it.

Cliff

Too bad these ports are filtered. Any update on progress, or are we simply at a loss if our Linode is in Atlanta?

Unfortunately, this was unknown to us before we deployed in Atlanta (lesson learned). We did talk to the dc at the time, and this is the way it's staying.

I'm sure there are other instances, but I have yet to field a support ticket to be moved out of Atlanta for anything other than port 6667 (irc).

oftc can be reached from Atlanta on port 6668 and freenode on port 8000. In most cases, this solves the problem. For the balance, we offer migrations to the Dallas or Fremont facilities.

-Tom

I wonder if there is a list of ports that will always be available. For example, if I host my ssh port on x, is there a chance that the Atlanta datacentre will decide (out of the blue) that they will shut down port x and I'll find myself locked out?

irssi -c chat.freenode.org -n thartman -p 8000 #/join #haskell #happs
irssi -c irc.oftc.net -n thartman -p 6668 #/join #linode

irssi --help for more options

I just got pointed at this topic thanks to IRC. I have to say, despite the workaround ports available from the bigger IRC nets, I'm very disappointed at this. Unconditionally blocking a big list of ports to a whole DC sets a really bad precedent, and one I am not at all happy about.

Yeah, I know the arguments they use, how the common things on these ports are variously insecure or undesirable. I don't care; I'd rather have an open network and all the pitfalls and annoyances thereof than have to worry about which service the DC admins will decide is next on the hit list. As long as I'm not doing anything harmful, what I run on my server, and on what ports, is my business.

I may or may not file a ticket to be moved, still thinking about whether it's currently worth the trouble, but at the very least I wanted to register my displeasure with the situation here. At least it's nice to know that I can always move if the Atlanta people decide to crack down any further, and I hope this will continue to be the case.

I was just referred here from another thread that I started because I was having trouble with getting an IRC server going...

I'd just like to suggest that a small note be added next to the Atlanta DC when created Linodes to warn that "This DC filters some ports" with a link to which ports, that way people can be informed before they create their Linode there.

http://www.linode.com/faq.cfm#can-i-run ... -my-linode
?

It's in the FAQ. It's one of the first things I look for, and if it's important to you, you should be looking before you buy as well (caveat emptor). I knew before I clicked Purchase, and chose Fremont accordingly.

With IRC's reputation you shouldn't be surprised, and it should be a question you have on your lips when evaluating a new provider (it was certainly on mine, which led me to the FAQ).

My Linode is not utilising any of the blocked ports so...
The most important for me is that port 25 is not blocked

a) I had absolutely no plans to run an IRC server when I first joined Linode, so I didn't really pay attention to that particular FAQ.
b) What about all the other filtered ports that could cause people problems, not necessarily with IRC? eg, 3128 for a squid proxy. This example would be trivial to work around in 99.9% of cases, but if they don't know about it and/or have to use 3128 for one reason or another.....