ISPConfig 3 on KVM Guest (Debian 8.6)

Discussion in 'General' started by onastvar, Nov 28, 2016.

  1. onastvar

    onastvar Member

    Hello,

    I'm setting up new server with KVM host using Debian 8.6. I followed 'howto' Virtualization With KVM On A Debian Squeeze Server to setup the KVM host. Created 1st KVM Guest (also used Debian 8.6) for ISPConfig 3.1 followed 'howto' The Perfect Server - Debian 8 Jessie (Apache2, BIND, Dovecot, ISPConfig 3) to setup ISPConfig 3.1.1p1, I can access the control panel fine using private ip 192.168.1.101

    I'm getting UFW Block in system log, I know UFW firewall is installed during perfect setup, my ISPConfig 3 VM is being blocked to access internet.

    Nov 28 16:47:28 aria kernel: [25925.178105] [UFW BLOCK] IN=br0 OUT= MAC=01:00:5e:00:00:01:f6:4b:2a:a5:a1:0c:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=7955 PROTO=2
    Nov 28 16:47:28 aria kernel: [25925.179775] [UFW BLOCK] IN=br0 OUT= MAC=01:00:5e:00:00:01:f6:4b:2a:a5:a1:0c:08:00 SRC=173.165.23.26 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=7956 PROTO=2


    [email protected]:~# ping google.com
    ping: unknown host google.com


    Anyone have similar setup or idea what the issue is?
     
  2. Jesse Norell

    Jesse Norell Active Member

    You can 'ufw disable' to turn it off, and try 'ufw reset' to reset (remove) firewall rules and start over. You could check (to troubleshoot, rather than reset), maybe your outgoing default policy is set to deny.
     
  3. onastvar

    onastvar Member

    Thank You Jesse! I did 'ufw disable' to turn it off, and now it works. I just installed UFW per "howto perfect server", did not configure anything manually. Do you think I could follow this tutorial to setup UFW default policy and other rules? Again thanks for your help!
     
  4. Jesse Norell

    Jesse Norell Active Member

    Yes, you could use that tutorial to configure ufw. From my limited experience, ispconfig's use of ufw command is pretty compatible with what you would do manually, or even what other tools configure (eg. when you install fail2ban, it adds some rules that work right alongside ufw/what ispconfig does). Changing the default policy or limiting by ip address in ufw rules would need to be done manually, and probably anything with protocols other than tcp/udp; for tcp and udp, you can specify port number in the ifconfig interface and it will manage those. Or you could just do it all manually rather than via ispconfig interface if you prefer, in the end it gets the same job done.
     

Share This Page