commands to log packets temporarily for a certain udp port with the IP information ect.
Any help would be appreciated. As for what I am doing, I am trying to find anything wierd or something that stands out from the packets sent from external IP's to my server.
Feel free to use the following iptable commands below to drop INVALID SYN packets that sometimes are also used to flood the server..
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
For some reason, I want to block port 25 for temporary time while editing the exim config and open it back using iptables -F command.
Anyone can let me know the command to block port 25 using IPtables command.
I'm not that good at IPTables so bare with me. I think I got the rules correct though but it doesn't work Here is what I am trying to do.
I have a server at let's say 111.222.11.10(I will call this server A) and another at 111.222.11.20(I will call this server B).
These servers are in same datacenter.
What I am trying to do here is when a user accesses port 2000 on server A, I want server A to forward/proxy the port to 2000 at Server B. I have tried the following so far.
Non of them worked.
iptables -t nat -I PREROUTING -p tcp --dport 2000 -j DNAT --to 111.222.11.20:2000
iptables -I FORWARD -p tcp -d 111.222.11.20 --dport 2000 -j ACCEPT
[root@n1-cluster ~]# iptables -t nat -I PREROUTING -p tcp --dport 2000 -j DNAT --to 111.222.10.20:2000
[root@n1-cluster ~]# iptables -t nat -A PREROUTING -p udp --dport 2000 -i eth0 -j DNAT --to 111.222.10.20:2000
iptables -A FORWARD -i eth0 -p tcp --dport 2000 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 2000 -j DNAT --to-destination 111.222.10.20:2000
Yes, I have done service iptables save and start.
Also iptables -F
Any ideas on what may be wrong?
I run CentOS 5.2 (Sometimes CentOS 4.6). I have been messing around with IPTables, and cannot find out how to filter zero-length packets.
I believe I might need an unclean module. I have already done hours of reading and researching, but I have come up with nothing, for I do not think this is that common.
If anyone could please let me know the commands to use to filter out all zero-length packets, or the unclean module I need to use with IPTables, I would really appreciate it.
We have a VPS system running with Plesk but after a nightly automatic update there was a error message in Plesk, with a link to 'fix' the problem. After that Plesk stopped functioning. Now, when we log in with correct credentials (we know its correct because we if incorrect, we get a message its incorrect, so thats working) we're presented with this error:
Error: Call to a member function getName() on a non-object (MainMenu.php:48).
Since some days I have the strange issue that all logings from DrWeb is shown directly into the console. For example if I connect to my Server via SSH and then I sned an email to my email accoutn I see the logging of the spool.
root@************:~# 2015 Mar 25 16:44:57 * 127.0.0.1 [13727] /var/spool/drweb/spool/drweb.tmp.tWcneM - archive MAIL
2015 Mar 25 16:44:57 * 127.0.0.1 [13727] >/var/spool/drweb/spool/drweb.tmp.tWcneM/3.part - Ok
2015 Mar 25 16:44:57 * 127.0.0.1 [13727] >/var/spool/drweb/spool/drweb.tmp.tWcneM/4.part - Ok
2015 Mar 25 16:44:57 * 127.0.0.1 [13727] >/var/spool/drweb/spool/drweb.tmp.tWcneM/5.reexport - Ok
2015 Mar 25 16:44:57 * 127.0.0.1 [13727] /var/spool/drweb/spool/drweb.tmp.tWcneM - Ok
this happens in my root shell. if I disable the Email check then this will not happen anymore. another strange issue is that if I restart drweb and I have more than 1 ssh shell open I see the output of the restart on all shells, this issue is only for drweb not for any other service. How to config drweb to log only into logfile not to the console?
I search the web and the only thing I can find was
[URL]
In the FreeBSD operating system, syslog service can intercept information output by Dr.Web Daemon to the console. In this case, the information is logged character-by-character. That occurs when the logging level is set to *.info in the syslog configuration file (syslog.conf).
IPTABLES(Linux Firewalls)
Use Of Iptables?
Filtering packets based on a MAC address and the values of the flags in the TCP header. This is helpful in preventing attacks using malformed packets and in restricting access from locally attached servers to other networks in spite of their IP addresses.
Firewall also keeps track of each connection passing through it and in certaincases will view the contents of data flows in an attempt to anticipate the next action of certain protocols. This is an important feature in the support of active FTP and DNS, as well as many other network services.
How IP Tables works?
All packets inspected by iptables pass through a sequence of built-in tables (queues) for processing. Each of these queues is dedicated to a particular type of packet activity and is controlled by an associated packet transformation/filtering chain.
There are three tables in total. The first is the mangle table which is responsible for the alteration of quality of service bits in the TCP header. This is hardly used in a home or SOHO environment.
The second table is the filter queue which is responsible for packet filtering. It has three built-in chains in which you can place your firewall policy rules.
a) INPUT Table b) OUTPUT Table c) FORWARD Table
General Syntax of the iptables is as follows:
IPTABLES -A {INPUT,OUTPUT,FORWARD} -p {tcp,udp} --sport(dport) -s {ip} -j {DROP,REJECT,ACCEPT}
To Block the incomming ip:
IPTABLES -A OUTPUT -p tcp --sport{1..65535} -s {ipaddress} -j DROP {REJECT}
To Block the outcomming ip:
IPTABLES -A INPUT -p tcp --sport{1..65535} -s {ipaddress} -j DROP {REJECT}
You can also use --dport instead of --sport & you can use -d instead of -s which specifies source or destination respectively.
I have a list of bad Ips and would like to add it into iptables, but I don't went to enter one-by-one or by command line, I would like to insert into list file of iptables editing a file or something like that, where and how I can procedure to do this?
View 5 Replies View RelatedOne of my client has the following question but I don't have enough knoweldge on this topic. Hope some network experts out there can give me some advises.
I want to do this:
1. TCP SYN negotiation using fixed port
2. HTTP request
3. ACK
4. Another HTTP request (control words)
5. ACK
6. Another HTTP request (control words)
7. ACK
Unfortunately, I can only accomplish this:
1. TCP SYN negotiation using fixed port
2. HTTP request (control words)
3. ACK
4. FIN
5. TCP SYN negotiation using ANOTHER port
6. HTTP request (control words)
7. ACK
8. FIN
There is too much overhead in the second method. Can you comment on why the first method doesn't work? It processes the first HTTP request but ignore the second, third, etc. HTTP requests. WHY? Do I always have to choose another port to processes another HTTP request?
What does it mean is it indicate ddos attacks?
From 58.32.23.4 - 1160 packets to tcp(1034,1036,1046,1055,1072,1084,1086,1097,1108,1109,1124,1138,1144,1146,1161,1174,1179,1180,1199,1206,1208,1237,1242,1275,1295,1296,1298,1313,1335,1 346,1349,1357,1384,1404,1419,1420,1475,1484,1509,1510,1538,1545,1547,1585,1593,1612,1684,1689,1690,1729,1731,1733,1736,1746,1749,1752,1753,1756,1762,1 763,1765,1768,1770,1779,1782,1784,1785,1786,1787,1789,1792,1794,1800,1806,1856,1877,1879,1885,1930,1988,2004,2005,2022,2027,2073,2077,2099,2109,2113,2 177,2178,2179,2180,2184,2185,2206,2237,2259,2266,2267,2282,2288,2313,2333,2500,2562,2565,2574,2585,2615,2617,2618,2657,2664,2666,2674,2686,2687,2808,2 821,2831,2836,2846,2867,2892,2904,2949,2950,2964,2984,2993,3101,3130,3210,3215,3285,3336,3359,3572,3638,3695,3696,3700,3848,3893,3973,4023,4030,4235,4 269,4293,4358,4370,4380,4398,4414,4472,4509,4549,4571,4585,4606,4608,4635,4685,4766,4778,4780,4812,4836,4844,4858,4902,4903,4909,4912,4916,4935,4936,4 937,4943,4955,4989,5534,5940,6245,6250,6256,6264,6367,7359,7564,7940,8538,9338,10203,10462,10763,11037,11332,11348,11462,11606,11633,11971,12177,12213 ,12242,12267,12276,12283,12307,12361,12399,12457,12472,12584,12645,12648,12793,12829,12842,12906,13197,13438,13807,14465,14493,14762,14765,14768,14769 ,14778,14779,14795,14981,15913,16474,16506,17060,17565,18047,18131,18191,18342,19113,20426,20702,21575,22062,22099,22379,22420,22423,22440,22675,22908 ,23100,23747,23766,24121,24248,24315,24365,24372,24411,24420,24425,24436,24486,24494,24639,25290,25507,26122,26702,26923,26975,27213,27302,27357,27409 ,27947,28731,28821,28982,29197,29227,29249,29285,29448,30472,30554,30564,30584,30632,31346,31628,31899,32074,32093,32306,32562,32566,32657,33968,33980 ,34442,34947,35047,35423,35599,35718,36937,38131,38404,38580,38696,38982,38995,38998,39001,39006,39036,39041,39077,39205,39288,39412,39822,39880,39999 ,40052,40942,41197,42090,42424,43419,43570,43991,43992,44917,46356,46515,46661,46669,46675,46814,46904,47594,48257,50086,50088,50316,50481,50511,50667 ,50786,50789,50790,50791,50792,50798,50802,50811,50930,50941,50951,50959,50999,51002,51008,51532,51650,51655,52362,52441,52448,52459,52531,52587,52612 ,53013,53223,53232,53237,53267,53284,53288,53941,54256,54789,55144,55228,55463,55522,55648,55846,56130,56807,57504,57765,57812,57814,58340,58850,59239 ,59945,60101,60150,60418,60648,60929,61313,61334,61431,61553,61733,61841,61848,61854,61857,61915,61921,61980,62035,62163,62403,62588,62899,62998,63081 ,63097,63198,63302,63379,63715,64214,64373,64380,64434,64442,64485,64491,64495,64501,64505,64514,65151)
I temporarily enabled and activated Plesk firewall module (which I wish I didn't the first time) and for some reason it seems to have overwritten the default iptables configuration that was set, leaving my ftp unable to be logged into. I tried to disable the firewall module and reboot the server. It didn't work.
I also noticed that it somehow seem to have changed my hostname to my previous server hostname as well
Is there any way to completely revert back to original iptables settings before enabling the Firewall module?
Is it normal for a ton of packets to be dropped? My server goes so slow after it gets a bunch of connections, even if I kill everything (i have to restart), and I can't figure out what the problem is. on my other servers it says no packets were dropped. how can i fix this?
ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:1C:C0:C1:8B:3E
inet addr:xx.xx.xx.xx Bcast:xx.xx.xx.255 Mask:255.255.255.0
inet6 addr: fe80::21c:c0ff:fec1:8b3e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:56435 errors:0 dropped:3049109175 overruns:0 frame:0
TX packets:87780 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6804084 (6.4 MiB) TX bytes:118424651 (112.9 MiB)
Interrupt:50 Base address:0xa000
what is packets lost,
I used just-pings.com site and its says my site had 100% losts packets in some locations, what does this mean?
One of my other host doesn't have any packets lost, so for a new package should I go with them, rather than the host which has packets lost?
[url]
When I asked my host they said do not trust just-ping and told me to use,
[url]
Does this site check for packets lost?
My server is being hit by many ICMP packets. Very abnormal but many of them a from indonesian IP.
My server runs on cPanel + CSF.
Should I change CSF to APF? I read most antiDOS attack articles ICMP; eth0; 48 bytes; from 68.66.136.118.fast.net.id to pete.myserver.com; fragment
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 125.167.122.253 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ICMP; eth0; 48 bytes; from 179.subnet125-160-99.speedy.telkom.net.id to pete.myserver.com; fragment
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1468 bytes; from 118.100.245.111 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ARP request for 202.71.103.231; eth0; 40 bytes; from 0011bb064fc1 to ffffffffffff
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 202.152.37.210 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 202.152.37.210 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 202.6.234.126 to pete.myserver.com; echo req
note: pete.myserver.com is my server
please advise solution it's causing me 10mbps of inbound bandwidth. my bandwidth is sufficient to handle those for now, but not for long if they increase. my munin shows 20mbps last night
I'm getting slow server response times I've been struggling with this for quite some while.
Here is what I know so far:
1. My website divinelightingdotcom through justping returns average 60-80% packets lost for all locations but Santa Clara, which usually has 0-20% loss.
2. My VPS is in Dallas
3. My ISP is also in Dallas, yet justping their website returns 0 packets lost
4a. When I ping my site from Atlanta, the avg trip is 44 ms
4b. However, the first access of my website through a browser usually takes about 5-10 seconds to respond
4c. I assume that my customers have this same experience (if so, this is killing me on my sponsored search advertising)
5. subsequent navigation through the website is usually acceptably fast.
6. wait an hour or so, and the initial page load has 5-10 second response delay again (can be any page on the site)
7. perhaps related, WinMTR from my location in Atlanta shows an comcast IP in virginia that consistently has 20% loss. I have opened a trouble ticket with Comcast.
ping: 64.191.50.55
location result min. rrt avg. rrt max. rrt
Santa Clara, U.S.A. Okay 108.6 127.3 165.2
Florida, U.S.A. Okay 86.9 94.8 110.9
San Francisco, U.S.A. Okay 101.0 115.2 142.9
New York, U.S.A. Packets lost (30%) 47.0 50.2 54.3
Austin1, U.S.A. Packets lost (10%) 80.7 88.9 118.2
Austin, U.S.A. Packets lost (10%) 77.1 86.4 116.8
Vancouver, Canada Okay 172.9 185.3 240.5
Chicago, U.S.A. Packets lost (10%) 59.2 66.1 71.5
London, United Kingdom Okay 102.2 113.3 119.9
Amsterdam3, Netherlands Packets lost (30%) 126.7 129.9 132.7
Amsterdam2, Netherlands Packets lost (30%) 112.7 117.5 123.5
Stockholm, Sweden Packets lost (10%) 139.2 145.6 148.2
Cologne, Germany Packets lost (10%) 129.3 135.5 143.4
Amsterdam, Netherlands Packets lost (10%) 121.9 126.4 130.0
Krakow, Poland Packets lost (20%) 139.0 147.2 152.5
Madrid, Spain Packets lost (10%) 129.2 136.5 143.3
Paris, France Packets lost (10%) 129.4 132.1 135.7
Munchen, Germany Packets lost (20%) 133.5 137.0 142.0
Copenhagen, Denmark Packets lost (20%) 110.9 120.2 124.2
Lille, France Packets lost (10%) 117.8 123.5 127.6
Cagliari, Italy Packets lost (20%) 156.8 159.3 162.8
Sydney, Australia Packets lost (20%) 251.4 264.2 268.4
Melbourne, Australia Okay 280.7 291.1 301.5
Zurich, Switzerland Packets lost (10%) 155.3 163.6 169.1
Shanghai, China Okay 321.8 328.5 337.7
Hong Kong, China Packets lost (30%) 282.9 292.8 304.5
Porto Alegre, Brazil Packets lost (10%) 200.1 208.8 217.1
Singapore, Singapore Packets lost (20%) 311.3 333.3 371.3
Mumbai, India Packets lost (20%) 240.5 245.2 249.7
Johannesburg, South AfricaPackets lost (40%) 390.4 427.0 517.8
It is bad than my vps on vps4less.de .
I currently have my own dedicated server located with the following prefs;
Linux: CentOS 4.6 (final)
Kernel Version: 2.6.9-67.0.15.ELsmp
I know this is possible, but I am seeking how to drop empty udp packets automatically with iptables.
I have a strange issue on a Plesk 12 VPS. Sometimes the sites result in a "502 Bad Gateway (nginx)". This happens 1 or 2 times a day on different times.
In the httpd log I see a record "can't apply process slot" and in nginx log I see "connect() failed (111: Connection refused) while connecting to upstream" but restarting apache and/or nginx will not always result in a working site.
When I restart iptables everything is working fine again.
I execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
I am facing very unique issue at two of my servers hosted at hivelocity from last 3 or 4 months.
In every couple of days all incoming and outgoing activity get stopped except on port 3386 (RDP) i.e. no one can get website hosted on the server or neither I can access any website from the server but all other services continue to work. A reboot to the server will solve the issue but that is only a temp solution.
I have checked event logs one by one but no issue or error found on it. I have even run the server without firewall but still it stops working.
Scanned the server from 3 different antiviruses one by one but they didn't found any virus.
Datacenter tech staff monitored the server and found no DoS or other such kind of attack on the server or IP.
I am totally clueless on this issue on how to solve it.... anybody here who can help me?
OS: Windows 2003
Firewall: Previous hardware based, then software based and now windows firewall (same issue with all)
Third party softwares: No
Scripts: ASP, ASP.NET, PHP
Database: SQL and MySQL
No other software installed on the server
On my way searching for an hosting provider, I try pinging every host.. some of them have packets lost, one between 20-30%.
View 10 Replies View RelatedI am having a problem with a client who's using Mail.app and it seems to be sending invalid packets to the server. Here is a sample of the report from the firewall:
Code:
Hits: 21
Blocked: permanently
Sample of block hits:
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=48970 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=5724 DF PROTO=TCP SPT=49173 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=23624 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=49421 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:15 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=10507 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=38488 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=25402 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:29 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=18975 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:29 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=52260 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:29 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=18208 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=30469 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=36698 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=7445 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=47645 DF PROTO=TCP SPT=49173 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=30465 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=44590 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=2887 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=35090 DF PROTO=TCP SPT=49173 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:26:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=4986 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:26:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=42867 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:26:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=1310 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
The report just says Invalid IN. Does anybody have any suggestions on what would be causing this? I use Mail.app myself and have never had problems with it triggering the firewall.
installing a softarwe that used port 8088, but that port is used by plesk. What ports not used by plesk and how do I assigned one to this new software.
server Centos 5 +
Each migration in the last years I'm running into this bug that Postfix wants to run on port 587 even though this is turned OFF in the Plesk Panel.
Sometimes it does this after some update.
Because another process is running on port 587 this means that postfix does not start and I have some downtime until I "repair" this.
"Repairing" means going into Plesk panel and turning ON SMTP-Auth.... Wait a moment for it to apply and then turning it OFF again....
This unwanted behaviour can be easily reproduced by having this option turned off in the Plesk panel and then running /usr/local/psa/admin/sbin/mchk --without-spam
This will end up in a non-running postfix if another process is already running on port 587.
This shouldn't be happening. Especially because I reported this behaviour years ago..
I would like to close port 25 and use other port for SMTP service and so avoid a lot of attempts to Access my SNTP port.
I followed all the steps in [URL] ... included the last one, about close port 25 from external.
And now qmail can send mails but can not receive from external senders. Is there any solution for solve it? or qmail must listen port 25?
I need changing the nginx port. I've followed various threads and have created a custom nginxDomainVirtualHost.php file at: /usr/local/psa/admin/conf/templates/custom/domain, while the website indeed moves to the port I have set, a second nginx thread starts at port 80 and takes over in it's place.
I need to put varnish at port 80 and cannot do so until all services relinquish control on port 80.
Followed clues here: [URL] ....
some here: [URL] .....
Turn's out to be able to change the nginx port to a non-standard port you need to edit 6 files
nginx.php
nginxDomainForwarding.php
nginxDomainForwardingIpDefault.php
nginxDomainVhost.php
nginxDomainVhostIpDefault.php
nginxWebmail.php
For the time being i disabled SSL support for my test domain as I didn't need it. The line you need to look for the in above files is:
Code:
$VAR->server->nginx->httpPort
So the line would finally become from this:
Code:
<?php echo $VAR->includeTemplate('server/nginxVhosts.php', array(
'ssl' => false,
'frontendPort' => $VAR->server->nginx->httpPort,
'backendPort' => $VAR->server->webserver->httpPort,
)) ?>
to this:
Code:
<?php echo $VAR->includeTemplate('server/nginxVhosts.php', array(
'ssl' => false,
'frontendPort' => "8888",
'backendPort' => $VAR->server->webserver->httpPort,
)) ?>
To get this to work you'll need to create a custom directory at: /usr/local/psa/admin/conf/templates
And copy the files over from the root of /usr/local/psa/admin/conf/templates/default
I need to access plesk 11.0 over a subdomain at port 80 rather than port 8443 as my office firewall blocks the port 8443.
I tried KB article [URL] .... but its not working.
E.g.: I would like to access plesk panel @ portal.example.com rather than @ example.com/8443or8880
I have ample of spare IPs to use it...
I want to add a new port for SMTP (1024) as a client's ISP block 25, 587 and 2525. I tried following this guide: [URL] ... but it doesn't work with Parallels Plesk Panel 11.5 ...
How to add an additional SMTP port to Qmail in Plesk 11.5?
i'm running 12.0.18#34 on PCS dedicated server. i recently discovered that some of the default jails on fail2ban that is shipped with Plesk 12 were not working correctly. Let me explain what i mean. For instance, the plesk-panel jail. The logs were parsed correctly, the command was successfully appended in iptables list, the fail2ban log was updated. Still, the intruder was not blocked. I kept reading "already banned" on the fail2ban.log but actually there was no blocking.
After some checks, i found out that fail2ban default configuration states SSH as default blocking port.
that means, the block was working but only for ssh hits. thus the plesk-panel admin page hits were passing through.
since i added port=http,https on jail.local > plesk-panel and did it a restart on fail2ban service, only then did it start to actually block incoming hits.
I think this should be verified by programmers group and maybe include a fix in some future minor update.
I have to change what file and how to modify it to allow only one subdomain to have access through port 8015 and not using port 80?
View 7 Replies View Related