Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 29th August 2007, 01:58
coen coen is offline
Junior Member
 
Join Date: Aug 2007
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default ISPConfig firewall problem closing Port 21

Hi,

I'm running a webserver with Suse 10.2 configured with ispconfig.
Also I'm using the ispconfig firewall, but can't configure that well for port 21.
I do run proftpd but I run this on a different port, when I try to close port 21 in ispconfig it keeps open although proftpd is running on another port?
The bastille-firewall.cfg shows under TCP_PUBLIC_SERVICES the non-default ftp port, other running services and ftp pasv mode ports.
Port 21 isn't in there but I'm not able to get it closed, could anyone help me out?

TCP_PUBLIC_SERVICES="4321 22 80 81 443 2000:2019" # MINIMAL/SAFEST
UDP_PUBLIC_SERVICES="" # MINIMAL/SAFEST
TCP_INTERNAL_SERVICES="" # MINIMAL/SAFEST
UDP_INTERNAL_SERVICES=""
Reply With Quote
Sponsored Links
  #2  
Old 29th August 2007, 09:25
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,796
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

How did you test if the port is open? Did you test it from a external server or workstation?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 29th August 2007, 12:21
coen coen is offline
Junior Member
 
Join Date: Aug 2007
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default

I tried two different port scanners running on a seperate PC (Laptop on UMTS connection).
Other ports seem to respond to changes made in isp config firewall, only changes on port 21 doesn't seem to sort any effect.
ProFTPD is running on different port, shutting down ProFTPD and closing the other ProFTPD port makes no difference.
What else could keep this port to stay open?
Reply With Quote
  #4  
Old 29th August 2007, 12:32
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,796
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

Are you sure that there is no other firewall installed on your server? Please post the output of:

iptables -L
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 29th August 2007, 17:10
coen coen is offline
Junior Member
 
Join Date: Aug 2007
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default

As far as I know of none, I just followed the tutorial The Perfect Setup - OpenSuSE 10.2 (32-bit) and moved the ProFTPD port to a non-default port in its config file by changing these two lines in proftpd.conf
Port 4321
PassivePorts 2000 2019

iptables -L output gives:
--------------------------------------------------------
Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere loopback/8
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere
PUB_IN 0 -- anywhere anywhere
PUB_IN 0 -- anywhere anywhere
PUB_IN 0 -- anywhere anywhere
PUB_IN 0 -- anywhere anywhere
DROP 0 -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
DROP 0 -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT 0 -- anywhere anywhere
PUB_OUT 0 -- anywhere anywhere
PUB_OUT 0 -- anywhere anywhere
PUB_OUT 0 -- anywhere anywhere

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP 0 -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere

Chain PAROLE (6 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere

Chain PUB_IN (4 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ctsd
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:http
PAROLE tcp -- anywhere anywhere tcp dpt:hosts2-ns
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpts:cslistener:2019
DROP icmp -- anywhere anywhere
DROP 0 -- anywhere anywhere

Chain PUB_OUT (4 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
Reply With Quote
  #6  
Old 30th August 2007, 09:19
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,796
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

Port 21 is closed in the firewall according to the iptables output.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 30th August 2007, 10:05
coen coen is offline
Junior Member
 
Join Date: Aug 2007
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default

yeah, I agree ;-)
But when I do a portscan it says the port is open?
When I try to connect to port 21 using FTP it says connected (but doesn't seem to be able to find a service behind the port).
The non-default FTP port connects fine...
When I move the ProFTPD service back to port 21 and try to connect using a dos shell it gives me: connected to <ip>. (but it doesn't login).
Although if I connect to a different port it doens't give me the: connected to <ip> message but instead: ftp connect: unknown error number.
What could cause this difference in behaviour?
Reply With Quote
  #8  
Old 30th August 2007, 22:15
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Are there any Proftpd errors in your logs?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 4th September 2007, 19:25
coen coen is offline
Junior Member
 
Join Date: Aug 2007
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
 
Default

finally I found out it doesn't have anything to do with my ispconfig configuration, but my speedstream seems to respond with a P21 open, even if nothing is connected to it
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig Problem weslkers Installation/Configuration 3 20th May 2007 14:00
SP-Server Setup - Ubuntu 5.10 "Breezy Badger" - Page 6 (changes) LuisC-SM HOWTO-Related Questions 0 21st April 2006 16:16
FTP very slow in LAN, "fast" from WAN-> Firewall problem? Pasco Server Operation 6 7th March 2006 16:17
Firewall problem davidg Installation/Configuration 4 14th August 2005 14:15
Problem opening firewall port weedguy General 15 12th August 2005 02:05


All times are GMT +2. The time now is 23:19.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.