Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 7th October 2013, 17:40
joelyuk joelyuk is offline
Junior Member
 
Join Date: Oct 2013
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default ISPConfig IPTables/Port Blocking

Hi all,

I've used ISPConfig for some time, and recently I have noticed that for some reason I keep finding myself unable to access the ISPConfig control panel at port 8080, and also other services like UnrealIRCD unable to be reached at port 6667 etc.

Web services and other services (mail etc) all seem fine when I can't access these others.

I've noticed that the only way I can seemingly access these services on port 8080 and 6667 is by logging in remotely with SSH and telling IPtables to start accepting stuff on these ports again.

I kinda know my way around the basics of Linux and managed to figure out that the command:

iptables -I INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 6667 -j ACCEPT


will fix my access to the ISPConfig panel.

However, some time later (haven't worked out how long exactly) I find that I can not access it again, and must issue the same command in SSH to gain access again, which is getting frustrating now.

What on earth keeps resetting iptables (at a guess, I'm not sure exactly what it is doing) and blocking my access to these ports?

Many thanks for your help
Reply With Quote
Sponsored Links
  #2  
Old 7th October 2013, 17:53
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Sems as if you run a firewall on your server which blocks these ports the ispconfig firewall has port 8080 open by default and it will also not reenable port blocking after some time, so you must run a different firewall.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 10th October 2013, 17:37
joelyuk joelyuk is offline
Junior Member
 
Join Date: Oct 2013
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi till,

Thanks for the follow up reply.

I had a good look through the ISPConfig panel to make sure I wasn't missing anything obvious, and when I logged in as admin, I noticed that my firewall option was set to bastille, and under System > Firewall there was no records that existed.

I clicked 'Add Firewall Record' and it defaulted to add a bunch of ports that are used by default by the looks. I added my custom ports to it for the ircd, and touch wood that seems to be OK so far.

Usually within a day or so the ports would be blocked again, but I made that change a couple of days back and it seems to have kept the ports open.

Not sure if this was the issue, but thanks again for your assistance
Reply With Quote
  #4  
Old 11th October 2013, 08:40
Quaxth Quaxth is offline
Senior Member
 
Join Date: Sep 2013
Location: Samut Prakan, Thailand
Posts: 440
Thanks: 48
Thanked 34 Times in 31 Posts
Send a message via Skype™ to Quaxth
Default Ports in Firewall

If you used the Firewall option in System->Firewall and added some ports to it, you'll also need to add those ports to the config file of Bastille here: /etc/Bastille/bastille-firewall.cfg

If you didn't add the ports in the .cfg file, they will not work.

I use port 8088 for the CP and added first in System->Firewall that port and wasn't able to restart the CP. After adding to the .cfg file as mentioned above, I could use the CP again.
__________________
*************
Have a nice day.
Reply With Quote
  #5  
Old 11th October 2013, 08:43
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Quote:
If you used the Firewall option in System->Firewall and added some ports to it, you'll also need to add those ports to the config file of Bastille here: /etc/Bastille/bastille-firewall.cfg
There is no need to edit that file, ispconfig is adding the ports there automatically.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 11th October 2013, 08:57
Quaxth Quaxth is offline
Senior Member
 
Join Date: Sep 2013
Location: Samut Prakan, Thailand
Posts: 440
Thanks: 48
Thanked 34 Times in 31 Posts
Send a message via Skype™ to Quaxth
Default

Quote:
Originally Posted by till View Post
There is no need to edit that file, ispconfig is adding the ports there automatically.
It wasn't work on my server! If it had worked, I wouldn't had written that post!

Also, after adding the Port 8088 to the Firewall in CP ->System->Firewall, I wasn't able to access the CP anymore. I restarted the Server and still could not access CP! Used Putty on Server and opened the bastille-firewall.cfg and found that Port 8088 wasn't there, so I added it and restarted the server again. Now I could access the CP again. Than checked on CP System->Firewall and saw the the port there was missing and added it also there (again), saved and now it's there too!

There was nothing done automatic adding Ports.

Thanks.
__________________
*************
Have a nice day.
Reply With Quote
  #7  
Old 11th October 2013, 10:26
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Just tested it here on a debian wheezy server and a ubuntu server, the firewall rules are written correctly to the config file on both servers in ISPConfig 3.0.5.3.

please note that it takes 1 mnute until changes were written to disk. It might also be that you have a additional firewall installed on your server which conflicted with the bastille firewall rules and that blocked access to your server.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 11th October 2013, 11:04
Quaxth Quaxth is offline
Senior Member
 
Join Date: Sep 2013
Location: Samut Prakan, Thailand
Posts: 440
Thanks: 48
Thanked 34 Times in 31 Posts
Send a message via Skype™ to Quaxth
 
Default

Thanks for your replay.

And NO, not any firewall is running except Smoothwall, which runs as Hardware Firewall and is located between WAN and LAN. The Desktop I use for to administer the Server while connecting via CP or PuTTY or WinSCP to the server, are in the same LAN and also the same Switch. So Smoothwall will not have any effect on that.

There also not any 3rd party apps installed on Server yet, neither an other firewall as Bastille which were installed by Debian and/or ISPConfig.
__________________
*************
Have a nice day.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Relay access denied when using SMTP to external recipients Kamran Shah Installation/Configuration 110 25th January 2014 16:58
Domain creation problem - OpenVZ DKLeader Installation/Configuration 11 26th October 2012 23:04
chroot SSH IspConfig2 kextra1 General 4 20th January 2011 18:41
PHP warnings after upgrade to ISP config 3.03 stevegjacobs Installation/Configuration 5 30th October 2010 14:31
Loads of mysql connections to dbispconfig StrikerNL General 2 5th March 2009 14:31


All times are GMT +2. The time now is 09:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.