View Single Post
  #5  
Old 28th May 2009, 19:47
giganet giganet is offline
Senior Member
 
Join Date: Aug 2007
Location: California
Posts: 243
Thanks: 116
Thanked 1 Time in 1 Post
Send a message via AIM to giganet
Arrow

Good day Falko

Thank you for the reply and input...

As it turns up I am utilizing Shorewall, IPTables and the ISPConfig FW, I didn't even consider that as a potential cause of network connectivity failure

I removed all FW rules possible from ISPConfig including POP, SMTP, HTTP & DNS.

After doing this I found that I had to add rules back to the ISPConfig FW for HTTP, SMTP, & SSH which I runs on :54000.
This was to re-enable access to these services.

Below are my current ISPConfig FW rules applied

Code:
Name    Port    Type    Active    
SSH    22    tcp    yes   
ISPConfig    81    tcp    yes    
HTTP    80    tcp    yes    
SMTP    25    tcp    yes    
POP3    110    tcp    yes    
SSH    54000    tcp    yes
My question will now come to what would be a best practice in the FW rules of Shorewall & IPTables.

Should I remove any similar rules from Shorewall and IPTables to avoid conflict with the FW of ISPConfig?
Alike in Shorewall wouldn't I need to modify '/etc/shorewall/rules' ?

Below are Shorewall' /etc/shorewall/rules from this box...
Code:
#############################################################################################################
#ACTION            SOURCE       DEST    PROTO   DEST    SOURCE  ORIGINAL        RATE            USER/
#                                                       PORT    PORT(S)         DEST            LIMIT           GROUP

ACCEPT               net        $FW     tcp       -         -         -           -
ACCEPT               net:65.197.209.3   $FW       tcp       80        -           -           20/sec:24
ACCEPT               net        all     tcp       21        -         -           -
ACCEPT               net        $FW     tcp       23        -         -           -
ACCEPT               net        $FW     tcp       25        -         -           -
ACCEPT               $FW        net     udp       53        -         -           -
ACCEPT               net        $FW     udp       53        -         -           -
ACCEPT               $FW        net     tcp       53        -         -           -
ACCEPT               net        $FW     tcp       53        -         -           -
ACCEPT               net:65.197.209.0   $FW       tcp       69        -           -           -
ACCEPT               net:65.197.209.0   $FW       udp       69        -           -           -
ACCEPT               net        $FW     tcp       80        -         -           20/sec:24
ACCEPT               net        $FW     tcp       81        -         -           20/sec:24
ACCEPT               net        $FW     tcp       110       -         -           -
ACCEPT               net        $FW     tcp       143       -         -           -
ACCEPT               net        $FW     udp       143       -         -           -
ACCEPT               net        $FW     tcp       161       -         -           -
ACCEPT               net        $FW     udp       161       -         -           -
ACCEPT               net        $FW     tcp       443       -         -           20/sec:24
Ping/ACCEPT          net        $FW     -         -         -         -           5/sec:8
ACCEPT               net        $FW     tcp       3306      -         -           -
ACCEPT               net        $FW     tcp       54000     -         -           -
ACCEPT               net:65.197.209.0/24 $FW tcp 54000      -         -           -
ACCEPT               net:~00-03-25-21-FA-23 $FW tcp 54000   -         -           -
Web/DNAT             net        $FW:65.197.209.3     tcp    -         -           -
Thanking you in advance for your time and support Falko.

Best Regards
Reply With Quote