ISPConfig 3 firewall problem

Discussion in 'Installation/Configuration' started by ob1kenobi, May 11, 2013.

  1. ob1kenobi

    ob1kenobi New Member

    Hi everybody,

    Just new to the forums and to ISPConfig.

    I was just setting up my new dedicated box following the perfect wheezy server guide.

    I managed to get everything working but when enabled ufw as firewall, ISPConfig interface stoped responding. To make things worse I dont use default port in sshd. I know it sounds like I am been locked out, but I thought that I could revert changes through ISPConfig interface.

    Any ideas why this is happening?
     
  2. tahunasky

    tahunasky New Member

    I am guessing the firewall rules that IPSConfig setup have been over written.

    You will need to change the firewall settings on the server and to open up the ports needed by IPSConfig and SSH. If ssh is blocked, you will need to do this at the server using keyboard and monitor.

    iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
    iptables -I INPUT -p tcp --dport 22 -j ACCEPT

    The above commands will only open up the ports until next reboot, so you will need to edit the script that sets up the firewall at boot.
     
  3. ob1kenobi

    ob1kenobi New Member

    The thing is that http & https is blocked rendering ISPConfig interface useless and not allowing me to change firewall setup within ISPConfig
    What makes it even stranger is that when I configured ufw from the command line I allowed http and https and when I enabled it through ISPConfig the default setup is allowing http and https as well.

    So when was it blocked? something is missing here...

    Anyhow thank you for you reply, unfortunately keyboard and monitor are not available...
     
  4. tahunasky

    tahunasky New Member

    Unless i could see the rules that have been setup i can't tell you what is blocking what.

    Basically once you have setup a firewall script and saved it, and it is blocking ssh/http/https the only way to get into the server is with keyboard and monitor.

    You should only have one firewall script running, and because you are using ISPConfig to manage your server you should stay with that.

    I know this is not much help now, but what i always do when i am playing around with a firewall on a remote system is setup a cron job script that will reset/flush the firewall rules and open all ports every 5 mins, so if i stuff up something i just have to wait 5 mins for access - and even though i have been using iptables for years now on servers and routers i still stuff it up from time to time.
     
    Last edited: May 11, 2013
  5. ob1kenobi

    ob1kenobi New Member

    The idea witht the cron job is pretty smart, never had thought about it.
    Anyhow box is up and running..

    thanks for your time.
     

Share This Page