LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   huge problem with apf and csf on ubuntu 10.04 (https://www.linuxquestions.org/questions/linux-security-4/huge-problem-with-apf-and-csf-on-ubuntu-10-04-a-831116/)

bartoszx 09-09-2010 12:34 AM
huge problem with apf and csf on ubuntu 10.04
 
Hi List.
I have huge problem with above firewalls scripts and can't find solutions.
I use apf on few ubuntu 9.X servers with standard configuration. Port 80,25,110,587 is open. I also open all ports for my company's IP.
I did the same on ubuntu 10.04 but server is not accessible for anyone except me. I've checked conf.apf several time, I've also download conf.apf from ubuntu 9.X server and got the same situation.

After several days of trying I've decided to use another script - csf.
CSF seemed to work ok except one strange behavior. Every morning I can't access my server from dynamic IP at my home. Last login to pop3 at 23:30 with ip 95.49.X.X. Next day I have still the same IP but can't access any port. I've greped logs and iptable -L -v and found nothing.

Any hint? This is very annoying!

Noway2 09-10-2010 05:22 AM
It looks like both programs use iptables and running iptables -L, assuming you ran as sudo, should tell you if iptables is responsible for the problem. Have you tried running a traceroute to see where the connection stops? Are you going through any other switches or routers that could possibly be the problem?

What action do you take to rectify the situation? Does it require a reboot?

When you say "not accessible" what do you mean by this? Is it totally not accessible or just SSH? If it is just ssh, make sure you don't have a funky configuration like binding to the wrong IP address. If it is totally not accessible, you may have a DNS problem. Make sure that you are resolving to the correct IP address and try pinging the server. Note, iptables may block this and you may need to enable the ICMP traffic.

Are you running any other sort of security application like fail2ban, denyhosts, ossec, etc that could be temporarily or permanently locking you out inadvertently?


If you do an iptables flush (ipables -F) to temporarily clear all blocking, are you then able to connect? If you haven't tried this you may want to consider it. The ports in Linux will be closed unless an application opens them so the 'risk' associated with running iptables tables bypassed for a short period of time should be minimal. This would at least rule out whether or not the firewall is the problem.

Also try this: in the failed state, run a netstat and ps command and filter for the ports that should be open and the applications that should be listening and make sure that they are.


All times are GMT -5. The time now is 01:09 PM.