Well I have a problem, one of my customers who just signed up a day ago says that after he paid then he had changed the dns on his domain after that point he says he cant connect to any of our sites. This is also just happening to him and no one else has reported any down time. He just found out recently he could view the site threw a proxy with no problem. Could it be that he got accidentaly banned some how? Like threw iptables, and is there any way that I can edit the iptables?

Thanks

Are you running any security programs such as APF or BFD?

look in /etc/hosts.deny for his ip if you are running some sort of firewall that watches for possible intrustion detection.

BFD is running.

Also /etc/hosts.deny didnt have anything that wasnt commented out.

Hmm is there something I can do with his ip like allow that ip to connect?

He did a tracert and it just times out at 66.79.175.6. Thats the ip right before my servers.

Would the following be bad?

I checked commands I had done recently and I saw this.

iptables -I INPUT -s -j DROP

no ip in the middle, is that bad or would it have given me an error?

Ah I just see I took out his IP like so iptables -I INPUT -s **.**.***.114 -j DROP

How can I "undrop" this ip so he can view the site again?

Restart APF... Since you are most likely using it with BFD, right? :)

It could also be that there is some interference from his hosting to yours. It happened to me before where I couldnt access a site that was there for a few days other then proxy.

:look: I dont have apf running with bfd, only bfd. =/

Does he use his domain for DNS(stupid question but I have to ask)

Its just regular hosting that is setup threw cpanel.

With all of the ips you input into iptables is it possible to take ones you enter out?

It would be something like:

iptables -D INPUT rulenumber

Rulenumber is gotten by counting the number of rules in that specific chain... :)

Would this do the trick?

iptables -D INPUT **.**.***.114 ACCEPT

Im somewhat lost now =/

Is the chain set to "accept" the IP already?

All I know is I dropped the ip and now he cant visit any site that I host.

Can you post a listing of your IPTables ruleset, or maybe ask the person who setup your server where he put the firewall initialization file.

I setup my server, but here is what I have when I run iptables -L

217.44.117.114/host217-44-117-114.range217-44.btcentralplus.com

needs to be unbanned =/


Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- hg18.internetdsl.tpnet.pl anywhere
DROP all -- 218.21.78.22 anywhere
DROP all -- 210.115.49.143 anywhere
DROP all -- host217-44-117-114.range217-44.btcentralplus.com anywhere

DROP all -- 144.230.99.53 anywhere
DROP all -- 221.232.129.107 anywhere
DROP all -- 222.45.45.132 anywhere
DROP all -- 211.248.38.252 anywhere
DROP all -- adsl-66-124-150-74.dsl.sntc01.pacbell.net anywhere

DROP all -- adsl-66-124-150-74.dsl.sntc01.pacbell.net anywhere

DROP all -- 220.70.167.67 anywhere
DROP all -- 61.100.180.125 anywhere
DROP all -- adsl-68-121-176-36.dsl.lsan03.pacbell.net anywhere

DROP all -- 219.148.187.215 anywhere
DROP all -- 217.9.39.50 anywhere
DROP all -- gama.dgsca.unam.mx anywhere
DROP all -- 212.14.253.236 anywhere
DROP all -- 159.226.71.40 anywhere
DROP all -- 212.14.253.236 anywhere
DROP all -- host-66-81-103-102.rev.o1.com anywhere
DROP all -- 61.166.6.60 anywhere
DROP all -- 140.115.238.251 anywhere
DROP all -- 63.105.206.197 anywhere
acctboth all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
acctboth all -- anywhere anywhere

Chain acctboth (2 references)
target prot opt source destination
tcp -- fireball.1337age.com anywhere tcp dpt:http
tcp -- anywhere fireball.1337age.com tcp spt:http
tcp -- fireball.1337age.com anywhere tcp dpt:smtp
tcp -- anywhere fireball.1337age.com tcp spt:smtp
tcp -- fireball.1337age.com anywhere tcp dpt:pop3
tcp -- anywhere fireball.1337age.com tcp spt:pop3
icmp -- fireball.1337age.com anywhere
icmp -- anywhere fireball.1337age.com
tcp -- fireball.1337age.com anywhere
tcp -- anywhere fireball.1337age.com
udp -- fireball.1337age.com anywhere
udp -- anywhere fireball.1337age.com
all -- fireball.1337age.com anywhere
all -- anywhere fireball.1337age.com
tcp -- 205.209.178.121 anywhere tcp dpt:http
tcp -- anywhere 205.209.178.121 tcp spt:http
tcp -- 205.209.178.121 anywhere tcp dpt:smtp
tcp -- anywhere 205.209.178.121 tcp spt:smtp
tcp -- 205.209.178.121 anywhere tcp dpt:pop3
tcp -- anywhere 205.209.178.121 tcp spt:pop3
icmp -- 205.209.178.121 anywhere
icmp -- anywhere 205.209.178.121
tcp -- 205.209.178.121 anywhere
tcp -- anywhere 205.209.178.121
udp -- 205.209.178.121 anywhere
udp -- anywhere 205.209.178.121
all -- 205.209.178.121 anywhere
all -- anywhere 205.209.178.121
tcp -- 205.209.178.122 anywhere tcp dpt:http
tcp -- anywhere 205.209.178.122 tcp spt:http
tcp -- 205.209.178.122 anywhere tcp dpt:smtp
tcp -- anywhere 205.209.178.122 tcp spt:smtp
tcp -- 205.209.178.122 anywhere tcp dpt:pop3
tcp -- anywhere 205.209.178.122 tcp spt:pop3
icmp -- 205.209.178.122 anywhere
icmp -- anywhere 205.209.178.122
tcp -- 205.209.178.122 anywhere
tcp -- anywhere 205.209.178.122
udp -- 205.209.178.122 anywhere
udp -- anywhere 205.209.178.122
all -- 205.209.178.122 anywhere
all -- anywhere 205.209.178.122
tcp -- 205.209.178.123 anywhere tcp dpt:http
tcp -- anywhere 205.209.178.123 tcp spt:http
tcp -- 205.209.178.123 anywhere tcp dpt:smtp
tcp -- anywhere 205.209.178.123 tcp spt:smtp
tcp -- 205.209.178.123 anywhere tcp dpt:pop3
tcp -- anywhere 205.209.178.123 tcp spt:pop3
icmp -- 205.209.178.123 anywhere
icmp -- anywhere 205.209.178.123
tcp -- 205.209.178.123 anywhere
tcp -- anywhere 205.209.178.123
udp -- 205.209.178.123 anywhere
udp -- anywhere 205.209.178.123
all -- 205.209.178.123 anywhere
all -- anywhere 205.209.178.123
all -- anywhere anywhere

Try iptables -D INPUT 4

Done, ah awesome its gone. Thanks alot. =D