Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 2nd May 2013, 17:35
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

What are the outputs of
Code:
netstat -tap
and
Code:
iptables -L
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Sponsored Links
  #12  
Old 2nd May 2013, 18:56
DUCKFACE DUCKFACE is offline
Member
 
Join Date: Dec 2008
Location: Bulgaria
Posts: 92
Thanks: 2
Thanked 2 Times in 2 Posts
Default

netstat -tap
Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost:10024         *:*                     LISTEN      10288/amavisd-new (
tcp        0      0 localhost:10025         *:*                     LISTEN      10269/master
tcp        0      0 *:mysql                 *:*                     LISTEN      17841/mysqld
tcp        0      0 *:netbios-ssn           *:*                     LISTEN      1117/smbd
tcp        0      0 *:pop3                  *:*                     LISTEN      11242/dovecot
tcp        0      0 *:imap2                 *:*                     LISTEN      11242/dovecot
tcp        0      0 localhost:spamd         *:*                     LISTEN      2372/spamd.pid
tcp        0      0 *:sunrpc                *:*                     LISTEN      1155/rpcbind
tcp        0      0 *:webmin                *:*                     LISTEN      3669/perl
tcp        0      0 *:8181                  *:*                     LISTEN      9216/dansguardian
tcp        0      0 10.9.1.1:domain         *:*                     LISTEN      11341/named
tcp        0      0 10.8.0.1:domain         *:*                     LISTEN      11341/named
tcp        0      0 192.168.1.2:domain      *:*                     LISTEN      11341/named
tcp        0      0 localhost:domain        *:*                     LISTEN      11341/named
tcp        0      0 *:ftp                   *:*                     LISTEN      11319/pure-ftpd (SE
tcp        0      0 *:ssh                   *:*                     LISTEN      1425/sshd
tcp        0      0 localhost:3128          *:*                     LISTEN      1828/squid3
tcp        0      0 10.8.0.1:3128           *:*                     LISTEN      1828/squid3
tcp        0      0 localhost:953           *:*                     LISTEN      11341/named
tcp        0      0 *:smtp                  *:*                     LISTEN      10269/master
tcp        0      0 *:microsoft-ds          *:*                     LISTEN      1117/smbd
tcp        0      0 *:imaps                 *:*                     LISTEN      11242/dovecot
tcp        0      0 *:41602                 *:*                     LISTEN      1164/rpc.statd
tcp        0      0 *:pop3s                 *:*                     LISTEN      11242/dovecot
tcp        0      0 192.168.1.2:48133       c13020.dip.tu-dres:http TIME_WAIT   -
tcp        0      0 localhost:mysql         localhost:59180         ESTABLISHED 17841/mysqld
tcp        0      0 localhost:59078         localhost:mysql         ESTABLISHED 11222/amavisd-new (
tcp        0      0 localhost:59180         localhost:mysql         ESTABLISHED 11221/amavisd-new (
tcp        0   1220 192.168.1.2:ssh         212-233-136-95-pl:42978 ESTABLISHED 31007/sshd: nikolay
tcp        0      0 localhost:mysql         localhost:59078         ESTABLISHED 17841/mysqld
tcp6       0      0 [::]:netbios-ssn        [::]:*                  LISTEN      1117/smbd
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      11242/dovecot
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      11242/dovecot
tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN      1155/rpcbind
tcp6       0      0 [::]:http-alt           [::]:*                  LISTEN      11297/apache2
tcp6       0      0 [::]:http               [::]:*                  LISTEN      11297/apache2
tcp6       0      0 [::]:tproxy             [::]:*                  LISTEN      11297/apache2
tcp6       0      0 [::]:domain             [::]:*                  LISTEN      11341/named
tcp6       0      0 [::]:ftp                [::]:*                  LISTEN      11319/pure-ftpd (SE
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      1425/sshd
tcp6       0      0 ip6-localhost:953       [::]:*                  LISTEN      11341/named
tcp6       0      0 [::]:smtp               [::]:*                  LISTEN      10269/master
tcp6       0      0 [::]:https              [::]:*                  LISTEN      11297/apache2
tcp6       0      0 [::]:microsoft-ds       [::]:*                  LISTEN      1117/smbd
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      11242/dovecot
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      11242/dovecot
tcp6       0      0 [::]:56036              [::]:*                  LISTEN      1164/rpc.statd
and iptables -L
Code:
Chain INPUT (policy DROP)
target     prot opt source               destination
fail2ban-dovecot-pop3imap  tcp  --  anywhere             anywhere             multiport dports pop3,pop3s,imap2,imaps
fail2ban-pureftpd  tcp  --  anywhere             anywhere             multiport dports ftp
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
IP_BAN     tcp  --  anywhere             anywhere             tcp
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
fail2ban-squirrelmail  tcp  --  anywhere             anywhere             multiport dports http,https
DROP       tcp  --  anywhere             anywhere             tcpflags: SYN,RST/SYN,RST
SYNFLOOD   tcp  --  anywhere             anywhere             state NEW
DROP       tcp  --  anywhere             anywhere             tcpflags: FIN,SYN/FIN,SYN
DDoS       tcp  --  anywhere             anywhere             tcpflags: SYN,RST,ACK/SYN
DROP       tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
ScanD      tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/NONE
ScanD      tcp  --  anywhere             anywhere             tcpflags: FIN,SYN/FIN,SYN
ScanD      tcp  --  anywhere             anywhere             tcpflags: SYN,RST/SYN,RST
ScanD      tcp  --  anywhere             anywhere             tcpflags: FIN,RST/FIN,RST
ScanD      tcp  --  anywhere             anywhere             tcpflags: FIN,ACK/FIN
ScanD      tcp  --  anywhere             anywhere             tcpflags: PSH,ACK/PSH
ScanD      tcp  --  anywhere             anywhere             tcpflags: ACK,URG/URG
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     udp  --  acacia.bilink.it     anywhere             udp dpt:ntp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     udp  --  anywhere             anywhere             udp dpt:openvpn
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http-alt
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8181
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webmin
ACCEPT     udp  --  anywhere             anywhere             udp spt:domain dpts:1024:65535
DROP       tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP       tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
DROP       tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/NONE
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: ACK/ACK
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             state ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             state RELATED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:81
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:auth
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ntp
ACCEPT     udp  --  anywhere             anywhere             udp dpt:netbios-ns
ACCEPT     udp  --  anywhere             anywhere             udp dpt:netbios-dgm
ACCEPT     udp  --  anywhere             anywhere             udp dpt:netbios-ssn
ACCEPT     udp  --  anywhere             anywhere             udp dpt:microsoft-ds
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:3128
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http-alt
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8181
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webmin
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:auth

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain Banned (0 references)
target     prot opt source               destination
LOG        tcp  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[TCP Banned] "
LOG        udp  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[UDP Banned] "
LOG        icmp --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[ICMP Banned] "
LOG        all  -f  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[FRAG Banned] "
DROP       all  --  anywhere             anywhere

Chain DDoS (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere             limit: avg 1/sec burst 10
LOG        all  --  anywhere             anywhere             LOG level warning prefix "[DOS Attack/SYN Scan?] "
DROP       all  --  anywhere             anywhere

Chain IANA (0 references)
target     prot opt source               destination
LOG        tcp  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[IANA Reserved - TCP] "
LOG        udp  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[IANA Reserved - UDP] "
LOG        icmp --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[IANA Reserved - ICMP] "
LOG        all  -f  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[IANA Reserved - FRAG] "
DROP       all  --  anywhere             anywhere

Chain IP_BAN (1 references)
target     prot opt source               destination
DROP       all  --  unallocated.star.net.uk  anywhere
DROP       all  --  117.239.105.115      anywhere
DROP       all  --  64.34.253.100        anywhere
DROP       all  --  13-48-143-63.datacenter.lgvhost.com.br  anywhere
DROP       all  --  no-record-set.rijndata.nl  anywhere

Chain LnR (0 references)
target     prot opt source               destination
LOG        tcp  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[TCP reject] "
LOG        udp  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[UDP reject] "
LOG        icmp --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[ICMP reject] "
LOG        all  -f  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[FRAG reject] "
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain SYNFLOOD (1 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere             limit: avg 1/sec burst 5 tcpflags: FIN,SYN,RST,ACK/SYN
REJECT     tcp  --  anywhere             anywhere             reject-with tcp-reset

Chain ScanD (7 references)
target     prot opt source               destination
LOG        tcp  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level warning prefix "[TCP Scan?] "
LOG        udp  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level warning prefix "[UDP Scan?] "
LOG        icmp --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level warning prefix "[ICMP Scan?] "
LOG        all  -f  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level warning prefix "[FRAG Scan?] "
DROP       all  --  anywhere             anywhere

Chain fail2ban-dovecot-pop3imap (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-pureftpd (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-squirrelmail (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-ssh (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
Reply With Quote
  #13  
Old 6th May 2013, 21:16
DUCKFACE DUCKFACE is offline
Member
 
Join Date: Dec 2008
Location: Bulgaria
Posts: 92
Thanks: 2
Thanked 2 Times in 2 Posts
 
Default

anyone can help ?
Reply With Quote
Reply

Bookmarks

Tags
500, application, error, softexception, upgrade

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Upgrade to Ubuntu 13.04 Raring Ringtail in less than 20 minutes without problems maknesiumblog Installation/Configuration 0 29th April 2013 16:50
Upgrade 3.0.3 -> 3.0.4.1 (bug fix release) failed Snowman Installation/Configuration 7 13th December 2011 16:55
site down after apt-get upgrade adnese General 1 20th November 2011 22:31
debian upgrade broken.. apt-get stuck guthrie Installation/Configuration 3 31st March 2009 04:29
Ubunto 8.05 upgrade to 8.10 + ebox planet_fox Server Operation 2 14th November 2008 13:10


All times are GMT +2. The time now is 12:23.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.