HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Firewall Won't Open up! (http://www.howtoforge.com/forums/showthread.php?t=18283)

vibrancy 11th December 2007 05:04

Firewall Won't Open up!
 
I have been searching around for this problem, and have found other issues related but never a real solution...

I have opened ports 8085 and 3724 within the firewall and restarted the firewall, yet when my app tries to connect it can't - I have tried it with the ports just being TCP, and TCP/UDP yet still nada - I know it is the ISPConfig firewall because as soon as I turn the firewall off, it connects fine, then I turn the firewall back on, and I can't connect anymore!!

Why won't the firewall open those ports? Any help would be greatly appreciated!!

Thanks!

till 11th December 2007 08:20

Please post the output of:

iptables -L

vibrancy 11th December 2007 16:44

Code:

Chain INPUT (policy DROP)
target    prot opt source              destination
DROP      tcp  --  anywhere            loopback/8
ACCEPT    0    --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    0    --  anywhere            anywhere
DROP      0    --  BASE-ADDRESS.MCAST.NET/4  anywhere
PUB_IN    0    --  anywhere            anywhere
PUB_IN    0    --  anywhere            anywhere
PUB_IN    0    --  anywhere            anywhere
PUB_IN    0    --  anywhere            anywhere
DROP      0    --  anywhere            anywhere

Chain FORWARD (policy DROP)
target    prot opt source              destination
ACCEPT    0    --  anywhere            anywhere            state RELATED,ESTABLISHED
DROP      0    --  anywhere            anywhere

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination
PUB_OUT    0    --  anywhere            anywhere
PUB_OUT    0    --  anywhere            anywhere
PUB_OUT    0    --  anywhere            anywhere
PUB_OUT    0    --  anywhere            anywhere

Chain INT_IN (0 references)
target    prot opt source              destination
ACCEPT    icmp --  anywhere            anywhere
DROP      0    --  anywhere            anywhere

Chain INT_OUT (0 references)
target    prot opt source              destination
ACCEPT    icmp --  anywhere            anywhere
ACCEPT    0    --  anywhere            anywhere

Chain PAROLE (10 references)
target    prot opt source              destination
ACCEPT    0    --  anywhere            anywhere

Chain PUB_IN (4 references)
target    prot opt source              destination
ACCEPT    icmp --  anywhere            anywhere            icmp destination-unreachable
ACCEPT    icmp --  anywhere            anywhere            icmp echo-reply
ACCEPT    icmp --  anywhere            anywhere            icmp time-exceeded
ACCEPT    icmp --  anywhere            anywhere            icmp echo-request
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:ftp
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:ssh
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:smtp
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:domain
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:www
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:81
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:pop3
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:https
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:webmin
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:mysql
ACCEPT    udp  --  anywhere            anywhere            udp dpt:domain
ACCEPT    udp  --  anywhere            anywhere            udp dpt:8085
ACCEPT    udp  --  anywhere            anywhere            udp dpt:3724
DROP      icmp --  anywhere            anywhere
DROP      0    --  anywhere            anywhere

Chain PUB_OUT (4 references)
target    prot opt source              destination
ACCEPT    0    --  anywhere            anywhere


till 11th December 2007 16:48

As you see in the output, both ports are opened for udp. If you application needs them for tcp too, you should add them as tcp ports too.

Code:

ACCEPT    udp  --  anywhere            anywhere            udp dpt:8085
ACCEPT    udp  --  anywhere            anywhere            udp dpt:3724


vibrancy 11th December 2007 20:39

I did add them from within ISPConfig - wonder why it did not fix it in the iptables? When I open up the firewall in ispconfig - here is what I have...

Code:

  Name            Port            Type            Active
  FTP            21            tcp            yes
  SSH            22            tcp            yes
  SMTP            25            tcp            yes
  DNS            53            tcp            yes
  DNS            53            udp            yes
  WWW            80            tcp            yes
  ISPConfig            81            tcp            yes
  POP3            110            tcp            yes
  SSL (www)            443            tcp            yes
  Webmin            10000            tcp            yes
  phpMyadmin            3306            tcp            yes
  Worldd            8085            tcp            yes
  Realmd            3724            tcp            yes
  WorlddU            8085            udp            yes
  RealmdU            3724            udp            yes


vibrancy 12th December 2007 02:02

ok I got it fixed, but had to manually edit:

/etc/Bastille/bastille-firewall.cfg

and

/root/ispconfig/isp/conf/bastille-firewall.cfg.master

I don't know why when I would add the TCP rule for those ports it would not update in that file, but this seems to have fixed it, everything works fine now.

Thanks for the help

till 12th December 2007 09:50

The last time I tested it, it worked on my server. I will add this to the bugtracker for further testing.

falko 31st January 2008 01:34

I've just tested it. It's working fine for me - I can't reproduce the problem... :confused:


All times are GMT +2. The time now is 17:43.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.