LinuxQuestions.org - Getting "banned" on Slackware 12

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - Getting "banned" on Slackware 12 (https://www.linuxquestions.org/questions/slackware-14/getting-banned-on-slackware-12-a-646777/)

Getting "banned" on Slackware 12

Hello.
I have set up a Slackware 12 box as a web server, FTP, DNS, use some simple iptables rules. The problem is that if I have a SSH connection open, after some half hour, maybe hour, the SSH disconnects and I can't acces any of the web services on the server - no http, no ftp, nothing. It seems, that server just bans my IP and forbid any access. Nothing of that shows up in log files.
Then if I plug from wireless to wired, my IP changes and I can access the server again.
Maybe anybody have some ideas, what's wrong? Is it some anti-spam protection or what?
Sorry, if this is discussed before.
Thank you for any help.

try adding your IP to the hosts.allow file in /etc.

Other than that, try using fail2ban or denyhosts, they keep track of all the banning of most hacking attempts. That is what i used whn i had an SSH and FTP server running. i just left Iptables alone and the two programs filled it in for me.

Hope this helps

what are your "simple iptables rules"?

Are you talking about a home-based computer?

If so, your ISP might not allow you to run servers of any sort unless you upgrade to a "business" type internet plan. It sucks, but that's the way it works...

Quote:

Originally Posted by rkelsen (Post 3174338)

If all the tests were done on the local network this shouldn't be a problem, though.

Thank you for your reply.

rkelsen> yes, it is a home based computer, but it is behind a NAT firewall (ports forwarded) and I am accessing the server from local network. SSH is not allowed to outside world.
My ISP allows to run servers.

shadowsnipes> my simple rules

Code:

#Firewal rules



iptables -F

iptables -P INPUT DROP

iptables -P FORWARD DROP

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT

iptables -A INPUT -p icmp -j ACCEPT





iptables -A INPUT -p udp --dport 53 -j ACCEPT



iptables -A INPUT -p tcp --dport 20 -j ACCEPT

iptables -A INPUT -p tcp --dport 21 -j ACCEPT

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

iptables -A INPUT -p tcp --dport 25 -j ACCEPT

iptables -A INPUT -p tcp --dport 53 -j ACCEPT

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

iptables -A INPUT -p tcp --dport 110 -j ACCEPT

iptables -A INPUT -p tcp --dport 143 -j ACCEPT

iptables -A INPUT -p tcp --dport 443 -j ACCEPT

iptables -A INPUT -p tcp --dport 587 -j ACCEPT

iptables -A INPUT -p tcp --dport 3128 -j ACCEPT

iptables -A INPUT -p tcp --dport 8000 -j ACCEPT

iptables -A INPUT -p udp --dport 8000 -j ACCEPT



iptables -A INPUT -p tcp --dport 4081 -j ACCEPT

iptables -A INPUT -p tcp --dport 4001 -j ACCEPT



iptables -A INPUT -p tcp --dport 10000 -j ACCEPT

iptables -A INPUT -p tcp --dport 20000 -j ACCEPT

Anyway, the problem is not so big to me. I just thought, maybe someone had this same problem.

Quote:

Originally Posted by AigarsABCD (Post 3173733)

Then if I plug from wireless to wired, my IP changes and I can access the server again.

Wait a minute, do you still have access to a network or internet during this time? Sounds like an issue with your wireless connection losing connectivity, not your server. Is the server on wireless or wired?

Server is wired.
My laptop ir connected to wireless AP, which is connected to local network.
But I think this is not a Wireless problem, since internet/lan still works and if I restart the server, then I can access it again.