Getting "banned" on Slackware 12

AigarsABCD · 06-03-2008, 04:46 PM

Hello.
I have set up a Slackware 12 box as a web server, FTP, DNS, use some simple iptables rules. The problem is that if I have a SSH connection open, after some half hour, maybe hour, the SSH disconnects and I can't acces any of the web services on the server - no http, no ftp, nothing. It seems, that server just bans my IP and forbid any access. Nothing of that shows up in log files.
Then if I plug from wireless to wired, my IP changes and I can access the server again.
Maybe anybody have some ideas, what's wrong? Is it some anti-spam protection or what?
Sorry, if this is discussed before.
Thank you for any help.

C-Sniper · 06-03-2008, 05:58 PM

try adding your IP to the hosts.allow file in /etc.

Other than that, try using fail2ban or denyhosts, they keep track of all the banning of most hacking attempts. That is what i used whn i had an SSH and FTP server running. i just left Iptables alone and the two programs filled it in for me.

Hope this helps

shadowsnipes · 06-03-2008, 10:00 PM

what are your "simple iptables rules"?

rkelsen · 06-04-2008, 06:26 AM

Are you talking about a home-based computer?

If so, your ISP might not allow you to run servers of any sort unless you upgrade to a "business" type internet plan. It sucks, but that's the way it works...

shadowsnipes · 06-04-2008, 10:33 AM

Quote:

Originally Posted by rkelsen

Are you talking about a home-based computer?

If so, your ISP might not allow you to run servers of any sort unless you upgrade to a "business" type internet plan. It sucks, but that's the way it works...

If all the tests were done on the local network this shouldn't be a problem, though.

AigarsABCD · 06-05-2008, 01:25 PM

Thank you for your reply.

rkelsen> yes, it is a home based computer, but it is behind a NAT firewall (ports forwarded) and I am accessing the server from local network. SSH is not allowed to outside world.
My ISP allows to run servers.

shadowsnipes> my simple rules

Code:

#Firewal rules

iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT


iptables -A INPUT -p udp --dport 53 -j ACCEPT

iptables -A INPUT -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
iptables -A INPUT -p udp --dport 8000 -j ACCEPT

iptables -A INPUT -p tcp --dport 4081 -j ACCEPT
iptables -A INPUT -p tcp --dport 4001 -j ACCEPT

iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
iptables -A INPUT -p tcp --dport 20000 -j ACCEPT

Anyway, the problem is not so big to me. I just thought, maybe someone had this same problem.

trickykid · 06-05-2008, 01:46 PM

Quote:

Originally Posted by AigarsABCD

Then if I plug from wireless to wired, my IP changes and I can access the server again.

Wait a minute, do you still have access to a network or internet during this time? Sounds like an issue with your wireless connection losing connectivity, not your server. Is the server on wireless or wired?

AigarsABCD · 06-05-2008, 03:44 PM

Server is wired.
My laptop ir connected to wireless AP, which is connected to local network.
But I think this is not a Wireless problem, since internet/lan still works and if I restart the server, then I can access it again.