Results 1 to 15 of 15
Thread: Firewall issue
-
05-11-2005, 12:06 PM #1Junior Guru
- Join Date
- Dec 2003
- Posts
- 231
Firewall issue
Hello,
I am running FC2 with cPanel & APF.
Whenever I start the firewall, I cannot log into webmail or the webhost manager. When I stop the firewall, everything works fine.
I have the following ports open:
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306,6666,7786,3000_3500"
IG_UDP_CPORTS="21,53,465,873,6277"
IG_ICMP_TYPES="3,5,11,0,30,8"
EG_TCP_CPORTS="21,25,37,43,53,80,110,113,443,465,873,2089,3306"
EG_TCP_CPORTS="20,21,53,465,873,6277"
EG_ICMP_TYPES="all"
Any thoughts on what might be happening?
Thanks.
-
05-11-2005, 01:20 PM #2WHT Addict
- Join Date
- Oct 2004
- Posts
- 133
It seems to me that the FW blocks the WHM/Cpanel/Webmail ports, though they are opened.
If you wish you can install a cgi proxy which allows WHM/Cpanel/Webmail to be accessed only from port 80.
You can find the cgi proxy here
If you do this, remember to change your password after the install.
-
05-11-2005, 01:24 PM #3Junior Guru
- Join Date
- Dec 2003
- Posts
- 231
Originally posted by Arny
It seems to me that the FW blocks the WHM/Cpanel/Webmail ports, though they are opened
I even tried to remove APF and re-install but the problem persists.
Am I missing something here?
Thanks.
-
05-11-2005, 01:25 PM #4Junior Guru
- Join Date
- Oct 2003
- Location
- Long Island, New York
- Posts
- 220
This looks correct.. tail -f your /var/log/messages and see what it says when you try to get to WHM. Perhaps that may give you some clues.
Here is my firewall setting:
IG_TCP_CPORTS="21,22,25,26,80,110,143,443,465,993,995,2082_2083,2086_2087,2095_2096,50000_50200"
EG_TCP_CPORTS="20,21,22,25,37,53,43,80,113,443,465,873,2087,2089"
Note my DNS server is not on this machine,
IG_UDP_CPORTS=""
EG_UDP_CPORTS="20,21,53"TWSites.com - Business Web Hosting Solutions & Server Management Since 2003
-
05-11-2005, 01:43 PM #5Junior Guru
- Join Date
- Dec 2003
- Posts
- 231
Originally posted by DoCk
This looks correct.. tail -f your /var/log/messages and see what it says when you try to get to WHM. Perhaps that may give you some clues.
Here is my firewall setting:
IG_TCP_CPORTS="21,22,25,26,80,110,143,443,465,993,995,2082_2083,2086_2087,2095_2096,50000_50200"
EG_TCP_CPORTS="20,21,22,25,37,53,43,80,113,443,465,873,2087,2089"
Note my DNS server is not on this machine,
IG_UDP_CPORTS=""
EG_UDP_CPORTS="20,21,53"
Ouch. I did tail -f /var/log/messages, started APF and got a continuous flow of the following error messages:
May 11 13:37:13 [machine] kernel: ** OUT_UDP DROP ** IN= OUT=eth0 SRC=[ip] DST=[ip] LEN=117 TOS=0x00 PREC=0x00 TTL=64 ID=1558 DF PROTO=UDP SPT=53 DPT=53 LEN=97
May 11 13:37:13 [machine] named[4801]: client [ip#53]: error sending response: host unreachable
Of course, when I stop APF everything goes back to normal.
Any thoughts??
-
05-11-2005, 02:21 PM #6Junior Guru
- Join Date
- Oct 2003
- Location
- Long Island, New York
- Posts
- 220
Make sure you have port 53 enabled for egress UDP
TWSites.com - Business Web Hosting Solutions & Server Management Since 2003
-
05-11-2005, 02:24 PM #7WHT Addict
- Join Date
- Oct 2004
- Posts
- 133
The idea for the proxy is to solve a part of the problem
In other cases it is useful when you are at work and the officee FW block certain prots, like the Webmail port (2096).
-
05-11-2005, 02:27 PM #8Junior Guru
- Join Date
- Dec 2003
- Posts
- 231
Originally posted by DoCk
Make sure you have port 53 enabled for egress UDP
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306,6666,7786,3000_3500"
IG_UDP_CPORTS="21,53,465,873,6277"
IG_ICMP_TYPES="3,5,11,0,30,8"
EG_TCP_CPORTS="21,25,37,43,53,80,110,113,443,465,873,2089,3306"
EG_TCP_CPORTS="20,21,53,465,873,6277"
EG_ICMP_TYPES="all"
Is there another way to open that port??
-
05-11-2005, 02:34 PM #9Junior Guru
- Join Date
- Dec 2003
- Posts
- 231
Damn! Thanks.
You just made me realize that I wrote EG_TCP_CPORTS twice!
EG_TCP_CPORTS="21,25,37,43,53,80,110,113,443,465,873,2089,3306"
EG_TCP_CPORTS="20,21,53,465,873,6277" <-- SHOULD BE EG_UDP_CPORTS
Been looking at the computer tooooooooooooooooooo long.
Thanks again.
-
05-11-2005, 02:50 PM #10Junior Guru
- Join Date
- Oct 2003
- Location
- Long Island, New York
- Posts
- 220
Well that's good then...
TWSites.com - Business Web Hosting Solutions & Server Management Since 2003
-
05-11-2005, 03:34 PM #11Junior Guru
- Join Date
- Dec 2003
- Posts
- 231
Originally posted by DoCk
Well that's good then...
May 11 15:30:51 matrix kernel: ** IN_UDP DROP ** IN=eth0 OUT= MAC=00:02:b3:e8:25:37:00:0f:34:6d:77:00:08:00 SRC=[remote-ip] DST=[local-ip] LEN=505 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=47303 DPT=1027 LEN=485
Thanks again.
-
05-11-2005, 03:53 PM #12Junior Guru
- Join Date
- Oct 2003
- Location
- Long Island, New York
- Posts
- 220
Yes it is quite normal. My server has dropped about 53,000 packets in the last two days alone... you'll be hit with all sorts of stuff, that's what the firewall is there for.
TWSites.com - Business Web Hosting Solutions & Server Management Since 2003
-
05-11-2005, 04:34 PM #13Junior Guru
- Join Date
- Dec 2003
- Posts
- 231
Originally posted by DoCk
Yes it is quite normal. My server has dropped about 53,000 packets in the last two days alone... you'll be hit with all sorts of stuff, that's what the firewall is there for.
-
05-11-2005, 04:36 PM #14Junior Guru
- Join Date
- Oct 2003
- Location
- Long Island, New York
- Posts
- 220
You could, but manually adding all of these is a huge waste of time. Don't worry too much about it too much, just let the firewall do its thing.
TWSites.com - Business Web Hosting Solutions & Server Management Since 2003
-
05-11-2005, 05:54 PM #15Junior Guru
- Join Date
- Dec 2003
- Posts
- 231
Originally posted by DoCk
You could, but manually adding all of these is a huge waste of time. Don't worry too much about it too much, just let the firewall do its thing.