I have been searching around for this problem, and have found other issues related but never a real solution...

I have opened ports 8085 and 3724 within the firewall and restarted the firewall, yet when my app tries to connect it can't - I have tried it with the ports just being TCP, and TCP/UDP yet still nada - I know it is the ISPConfig firewall because as soon as I turn the firewall off, it connects fine, then I turn the firewall back on, and I can't connect anymore!!

Why won't the firewall open those ports? Any help would be greatly appreciated!!

Thanks!

Please post the output of:

iptables -L

Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere loopback/8
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere
PUB_IN 0 -- anywhere anywhere
PUB_IN 0 -- anywhere anywhere
PUB_IN 0 -- anywhere anywhere
PUB_IN 0 -- anywhere anywhere
DROP 0 -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
DROP 0 -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT 0 -- anywhere anywhere
PUB_OUT 0 -- anywhere anywhere
PUB_OUT 0 -- anywhere anywhere
PUB_OUT 0 -- anywhere anywhere

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP 0 -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere

Chain PAROLE (10 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere

Chain PUB_IN (4 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:www
PAROLE tcp -- anywhere anywhere tcp dpt:81
PAROLE tcp -- anywhere anywhere tcp dpt:pop3
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:webmin
PAROLE tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:8085
ACCEPT udp -- anywhere anywhere udp dpt:3724
DROP icmp -- anywhere anywhere
DROP 0 -- anywhere anywhere

Chain PUB_OUT (4 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere

As you see in the output, both ports are opened for udp. If you application needs them for tcp too, you should add them as tcp ports too.

ACCEPT udp -- anywhere anywhere udp dpt:8085
ACCEPT udp -- anywhere anywhere udp dpt:3724

I did add them from within ISPConfig - wonder why it did not fix it in the iptables? When I open up the firewall in ispconfig - here is what I have...


Name Port Type Active
FTP 21 tcp yes
SSH 22 tcp yes
SMTP 25 tcp yes
DNS 53 tcp yes
DNS 53 udp yes
WWW 80 tcp yes
ISPConfig 81 tcp yes
POP3 110 tcp yes
SSL (www) 443 tcp yes
Webmin 10000 tcp yes
phpMyadmin 3306 tcp yes
Worldd 8085 tcp yes
Realmd 3724 tcp yes
WorlddU 8085 udp yes
RealmdU 3724 udp yes

ok I got it fixed, but had to manually edit:

/etc/Bastille/bastille-firewall.cfg

and

/root/ispconfig/isp/conf/bastille-firewall.cfg.master

I don't know why when I would add the TCP rule for those ports it would not update in that file, but this seems to have fixed it, everything works fine now.

Thanks for the help

The last time I tested it, it worked on my server. I will add this to the bugtracker for further testing.

I've just tested it. It's working fine for me - I can't reproduce the problem... :confused: