Connection refused on remote (sles) server port, even though inside that server port shows as open

When trying to connect to port 7077 to a spark cluster via pyspark in Python, I get Connection refused Error.

Running nmap server_ip from my local machine (Ubuntu 20.04) shows 4 open ports (80, 8080, 22, 9000)

Running nc -zv server_ip 7077 gives the output:

nc: connect to server_ip port 7077 (tcp) failed: Connection refused

Then I ssh to the sles server (have to be connected to a VPN) and run the following command: ss -tulw. The command gives this output for port 7077:

Netid  State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port
tcp    LISTEN     0      128     *:7077                            *:* 

If I understand it correctly, this means the port 7077 is open for any address. Why am I then getting a Connection refused Error?

There is no firewall for the port 7077 in the VPN Connection.

Edit:

Output from iptables -L:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:7077
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:7077

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-INGRESS  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (2 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             another_ip           tcp dpt:9870
ACCEPT     tcp  --  anywhere             another_ip           tcp dpt:cslistener
ACCEPT     tcp  --  anywhere             another_ip           tcp dpt:7077

Chain DOCKER-INGRESS (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http-alt
ACCEPT     tcp  --  anywhere             anywhere             state RELATED,ESTABLISHED tcp spt:http-alt
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             state RELATED,ESTABLISHED tcp spt:http
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere        

Solution 1:

Looks like the local firewall in the target machine is not allowing incoming connections on TCP port 7077.

This should solve the issue:

iptables -A INPUT -p tcp --dport 7077 -j ACCEPT

Depending on existing rules, you might need to use -I instead of -A:

iptables -I INPUT -p tcp --dport 7077 -j ACCEPT