ispconfig3 firewall ?

Discussion in 'Installation/Configuration' started by rlischer, Aug 11, 2009.

  1. rlischer

    rlischer HowtoForge Supporter

    Does ISPConfig 3 use iptables for its firewall? I made some changes and added a port in IPSConfig 3 system/firewall and clicked save. Then I restarted iptables and looked at the status and I do not see the ports I added.

    Thanks
     
  2. till

    till Super Moderator

    ISPConfig uses the bastille-firewall script which uses iptables. If you do a change in ispconfig, it takes a minute until they get applied and do not manually restart iptables as iptables will loose it settings if you restart it manually without using the bastille-firewall script.
     
  3. rlischer

    rlischer HowtoForge Supporter

    Is there somewhere I can look to verify that bastile is working and see what ports are open/closed other than in ISPConfig 3?

    Thanks
     
  4. till

    till Super Moderator

    As with any Linux firewall, run:

    iptables -L
     
  5. rlischer

    rlischer HowtoForge Supporter

    With iptable running I can't see my websites, and from I see here port 80 is open. Perhaps the port for DNS is not?

    Code:
    [root@server ~]# service iptables status
    Table: filter
    Chain INPUT (policy ACCEPT)
    num  target     prot opt source               destination
    1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
    
    Chain FORWARD (policy ACCEPT)
    num  target     prot opt source               destination
    1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
    
    Chain OUTPUT (policy ACCEPT)
    num  target     prot opt source               destination
    
    Chain RH-Firewall-1-INPUT (2 references)
    num  target     prot opt source               destination
    1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
    2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
    3    ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
    4    ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
    5    ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
    6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
    7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:631
    8    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8080
    10   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:143
    11   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
    12   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:23
    13   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25
    14   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80
    15   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:21
    16   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443
    17   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:137
    18   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:138
    19   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:139
    20   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:445
    21   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:2049
    22   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
    
    

    here is iptables -L

    Code:
    
    [root@server ~]# iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    RH-Firewall-1-INPUT  all  --  anywhere             anywhere
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    RH-Firewall-1-INPUT  all  --  anywhere             anywhere
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain RH-Firewall-1-INPUT (2 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     icmp --  anywhere             anywhere            icmp any
    ACCEPT     esp  --  anywhere             anywhere
    ACCEPT     ah   --  anywhere             anywhere
    ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:webcache
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:imap
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:telnet
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
    ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:netbios-ns
    ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:netbios-dgm
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:netbios-ssn
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:microsoft-ds
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:nfs
    REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited
    
    
     
  6. till

    till Super Moderator

    The firewall you are running is not from ispconfig. make sure that the ispconfig firewall is disabled if you use another firewall.
     
  7. rlischer

    rlischer HowtoForge Supporter

    ok, thanks. Someone told me I had to have iptables running in order for fail2ban to work. I will shut down iptables.
     

Share This Page