Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 15th July 2010, 01:49
Romoku Romoku is offline
Junior Member
 
Join Date: Jun 2010
Posts: 14
Thanks: 4
Thanked 9 Times in 3 Posts
Default Firewall not installed by default?

After doing some searching I figured out the firewall wasn't installed by default and I just want someone to check that I installed it alright.

I read in the comments section of the debian lenny guide to use

Code:
# apt-get install bastille -y
To install the firewall. I kept the already installed script from ispconfig. I got a weird error from psad

Code:
ERR: Syslog has not been configured to send messages to /var/lib/psad/psadfifo. Please configure it as described in psad(8).
So I googled it and found basic lowdown and the way to debug psad.

I used
Code:
# echo -e ’kern.info\t|/var/lib/psad/psadfifo’ >> /etc/syslog.conf
To fix the original error and I edited the /etc/psad/psad.conf

Code:
EMAIL_ADDRESSES <myemailaddress>;

HOSTNAME                    <myhostname>;

SYSLOG_DAEMON               rsyslogd;

### Only send email alert if danger level >= to this value.
EMAIL_ALERT_DANGER_LEVEL    3;
I went back into my ispconfig 3 webface and deleted the rule and remade.

Open TCP ports: 20,21,22,25,53,80,110,143,443,3306,8080,10000
Open UDP ports: 53,3306

and now my 'iptables -L'

Code:
administrator@web1:~$ sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       tcp  --  anywhere             loopback/8
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  BASE-ADDRESS.MCAST.NET/4  anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere

Chain INT_IN (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain INT_OUT (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain PAROLE (12 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain PUB_IN (4 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp-data
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ssh
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:www
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imap2
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:mysql
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:http-alt
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:webmin
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:mysql
DROP       icmp --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain PUB_OUT (4 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain fail2ban-ssh (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
Do the iptables look alright? I'm not very experienced in the lingo, yet.
Reply With Quote
Sponsored Links
  #2  
Old 15th July 2010, 15:37
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,503
Thanks: 813
Thanked 5,264 Times in 4,128 Posts
Default

ISPConfig comes with its own copy of bastille. Please do not install it with apt, it will corrupt the firewall setup from ISPConfig!

You can enable the firewall by creating a firewall record in ispconfig under system.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
juan_g (17th September 2010)
Reply

Bookmarks

Tags
iptables, ispconfig 3. firewall

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Email Could not send and receive piseth Installation/Configuration 16 17th July 2010 18:27
Squirrelmail login failure Cracklefish Installation/Configuration 9 30th June 2010 20:38
Mail server using Postfix, Dovecot, Mysql... Postfix virtual maps doesn't work?? tarasbuljba HOWTO-Related Questions 33 28th May 2010 14:33
421 Unexpected failure Lizard King Installation/Configuration 20 7th July 2009 20:43
pop3 service alone is failed in "The Perfect Setup - Debian Sarge (3.1)" nandhu HOWTO-Related Questions 60 5th August 2008 15:15


All times are GMT +2. The time now is 18:43.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.