20th September 2011, 11:42
|
|
Junior Member
|
|
Join Date: Sep 2011
Posts: 15
Thanks: 3
Thanked 0 Times in 0 Posts
|
|
exactly. I can open all sites from server, use SSH and receive/send mail by POP/SMTP while IPSConfig panel is blocked for me.
Right now it happens again. I don't suppose that IPSCOnfig is blocked because all sites are working well.
do you interesting in
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
TMP_DROP all -- anywhere anywhere
TALLOW all -- anywhere anywhere
TDENY all -- anywhere anywhere
TGALLOW all -- anywhere anywhere
TGDENY all -- anywhere anywhere
DROP tcp -- anywhere anywhere tcp dpts:epmap:netbios-ssn
DROP udp -- anywhere anywhere udp dpts:epmap:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP tcp -- anywhere anywhere tcp dpt:login
DROP udp -- anywhere anywhere udp dpt:who
DROP tcp -- anywhere anywhere tcp dpt:efs
DROP udp -- anywhere anywhere udp dpt:router
DROP tcp -- anywhere anywhere tcp dpt:microsoft-ds
DROP udp -- anywhere anywhere udp dpt:microsoft-ds
DROP tcp -- anywhere anywhere tcp dpt:ms-sql-s
DROP udp -- anywhere anywhere udp dpt:ms-sql-s
DROP tcp -- anywhere anywhere tcp dpt:ms-sql-m
DROP udp -- anywhere anywhere udp dpt:ms-sql-m
DROP tcp -- anywhere anywhere tcp dpt:search-agent
DROP udp -- anywhere anywhere udp dpt:search-agent
DROP tcp -- anywhere anywhere tcp dpt:ingreslock
DROP udp -- anywhere anywhere udp dpt:ingreslock
DROP tcp -- anywhere anywhere tcp dpt:ctx-bridge
DROP udp -- anywhere anywhere udp dpt:ctx-bridge
IN_SANITY all -- anywhere anywhere
FRAG_UDP all -- anywhere anywhere
PZERO all -- anywhere anywhere
P2P all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:omirr
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT udp -- anywhere anywhere udp dpt:ftp
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable limit: avg 60/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp redirect limit: avg 60/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp time-exceeded limit: avg 60/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-reply limit: avg 60/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp type 30 limit: avg 60/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 60/sec burst 5
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- rs1.service.softlayer.com anywhere udp spt:domain dpts:1023:65535
ACCEPT tcp -- rs1.service.softlayer.com anywhere tcp spt:domain dpts:1023:65535
DROP tcp -- anywhere anywhere tcp spt:domain dpts:1023:65535
DROP udp -- anywhere anywhere udp spt:domain dpts:1023:65535
ACCEPT udp -- 10.0.80.12 anywhere udp spt:domain dpts:1023:65535
ACCEPT tcp -- rs2.service.softlayer.com anywhere tcp spt:domain dpts:1023:65535
DROP tcp -- anywhere anywhere tcp spt:domain dpts:1023:65535
DROP udp -- anywhere anywhere udp spt:domain dpts:1023:65535
ACCEPT tcp -- anywhere anywhere tcp spts:1023:65535 dpt:ftp state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ssh dpts:login:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ssh flags:FIN,SYN,RST,ACK/SYN state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:ssh state ESTABLISHED
ACCEPT udp -- anywhere anywhere state NEW udp dpts:traceroute:33534
DROP tcp -- anywhere anywhere
DROP udp -- anywhere anywhere
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
TMP_DROP all -- anywhere anywhere
TALLOW all -- anywhere anywhere
TDENY all -- anywhere anywhere
TGALLOW all -- anywhere anywhere
TGDENY all -- anywhere anywhere
DROP tcp -- anywhere anywhere tcp dpts:epmap:netbios-ssn
DROP udp -- anywhere anywhere udp dpts:epmap:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP tcp -- anywhere anywhere tcp dpt:login
DROP udp -- anywhere anywhere udp dpt:who
DROP tcp -- anywhere anywhere tcp dpt:efs
DROP udp -- anywhere anywhere udp dpt:router
DROP tcp -- anywhere anywhere tcp dpt:microsoft-ds
DROP udp -- anywhere anywhere udp dpt:microsoft-ds
DROP tcp -- anywhere anywhere tcp dpt:ms-sql-s
DROP udp -- anywhere anywhere udp dpt:ms-sql-s
DROP tcp -- anywhere anywhere tcp dpt:ms-sql-m
DROP udp -- anywhere anywhere udp dpt:ms-sql-m
DROP tcp -- anywhere anywhere tcp dpt:search-agent
DROP udp -- anywhere anywhere udp dpt:search-agent
DROP tcp -- anywhere anywhere tcp dpt:ingreslock
DROP udp -- anywhere anywhere udp dpt:ingreslock
DROP tcp -- anywhere anywhere tcp dpt:ctx-bridge
DROP udp -- anywhere anywhere udp dpt:ctx-bridge
OUT_SANITY all -- anywhere anywhere
FRAG_UDP all -- anywhere anywhere
PZERO all -- anywhere anywhere
P2P all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere rs1.service.softlayer.com udp spts:1023:65535 dpt:domain
ACCEPT tcp -- anywhere rs1.service.softlayer.com tcp spts:1023:65535 dpt:domain
ACCEPT udp -- anywhere rs1.service.softlayer.com udp spts:1023:65535 dpt:domain
ACCEPT tcp -- anywhere rs1.service.softlayer.com tcp spts:1023:65535 dpt:domain
ACCEPT udp -- anywhere rs2.service.softlayer.com udp spts:1023:65535 dpt:domain
ACCEPT tcp -- anywhere 10.0.80.12 tcp spts:1023:65535 dpt:domain
ACCEPT udp -- anywhere rs2.service.softlayer.com udp spts:1023:65535 dpt:domain
ACCEPT tcp -- anywhere 10.0.80.12 tcp spts:1023:65535 dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:ftp dpts:1023:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state NEW udp dpts:traceroute:33534
ACCEPT all -- anywhere anywhere
Chain FRAG_UDP (2 references)
target prot opt source destination
DROP udp -f anywhere anywhere
Chain IN_SANITY (1 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG
DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
Chain OUT_SANITY (1 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH
DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG
Chain P2P (2 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:kazaa reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spt:kazaa dpts:1024:65534 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:1024:65534 dpt:kazaa reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spt:kazaa dpts:1024:65534 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:3d-nfsd reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spt:3d-nfsd dpts:1024:65534 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:1024:65534 dpt:3d-nfsd reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spt:3d-nfsd dpts:1024:65534 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spts:1024:65534 dpts:smaclmgr:traversal reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spts:smaclmgr:traversal dpts:1024:65534 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:1024:65534 dpts:smaclmgr:traversal reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:smaclmgr:traversal dpts:1024:65534 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:6257 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spt:6257 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:1024:65534 dpt:6257 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spt:6257 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:6699 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spt:6699 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:1024:65534 dpt:6699 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spt:6699 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:gnutella-svc reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spt:gnutella-svc dpts:1024:65534 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:1024:65534 dpt:gnutella-svc reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spt:gnutella-svc dpts:1024:65534 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:gnutella-rtr reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spt:gnutella-rtr dpts:1024:65534 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:1024:65534 dpt:gnutella-rtr reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spt:gnutella-rtr dpts:1024:65534 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spts:1024:65534 dpts:6881:6889 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spts:6881:6889 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:1024:65534 dpts:6881:6889 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:6881:6889 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:gnutella-svc reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spt:gnutella-svc dpts:1024:65534 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:1024:65534 dpt:gnutella-svc reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spt:gnutella-svc dpts:1024:65534 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:interwise reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spt:interwise dpts:1024:65534 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:1024:65534 dpt:interwise reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spt:interwise dpts:1024:65534 reject-with icmp-port-unreachable
Chain PROHIBIT (0 references)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain PZERO (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:spr-itunes
DROP udp -- anywhere anywhere udp dpt:0
DROP tcp -- anywhere anywhere tcp spt:spr-itunes
DROP udp -- anywhere anywhere udp spt:0
Chain RESET (0 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
Chain TALLOW (2 references)
target prot opt source destination
ACCEPT all -- 66.228.118.0-static.reverse.networklayer.com/23 anywhere
ACCEPT all -- anywhere 66.228.118.0-static.reverse.networklayer.com/23
ACCEPT all -- 173.192.118.0-static.reverse.softlayer.com/23 anywhere
ACCEPT all -- anywhere 173.192.118.0-static.reverse.softlayer.com/23
ACCEPT all -- 67.228.118.0-static.reverse.networklayer.com/23 anywhere
ACCEPT all -- anywhere 67.228.118.0-static.reverse.networklayer.com/23
ACCEPT all -- 208.43.118.0-static.reverse.networklayer.com/23 anywhere
ACCEPT all -- anywhere 208.43.118.0-static.reverse.networklayer.com/23
Chain TDENY (2 references)
target prot opt source destination
Chain TGALLOW (2 references)
target prot opt source destination
Chain TGDENY (2 references)
target prot opt source destination
Chain TMP_DROP (2 references)
target prot opt source destination
[root@joomla etc]# iptables --flush
after iptables --flush I get access to IPSConfig.
Last edited by emanation; 20th September 2011 at 11:48.
|
20th September 2011, 12:22
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 31,911
Thanks: 693
Thanked 4,198 Times in 3,213 Posts
|
|
Looks like am problem with your firewall and not ispconfig. The iptable rules that you posted are not from ispconfig, so you must use a third party firewall which seem to block the ispconfig port or the firewall you use is not compatible with fail2ban.
|
|
The Following User Says Thank You to till For This Useful Post:
|
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +2. The time now is 00:47.
|
English | 
Deutsch
Recent comments
1 day 54 min ago
1 day 1 hour ago
1 day 5 hours ago
1 day 12 hours ago
1 day 13 hours ago
1 day 14 hours ago
1 day 18 hours ago
2 days 1 hour ago
2 days 5 hours ago
2 days 7 hours ago