Plesk 12.x / Linux :: Firewall Module Modified Iptables - FTP Not Working Now
Feb 13, 2015
I temporarily enabled and activated Plesk firewall module (which I wish I didn't the first time) and for some reason it seems to have overwritten the default iptables configuration that was set, leaving my ftp unable to be logged into. I tried to disable the firewall module and reboot the server. It didn't work.
I also noticed that it somehow seem to have changed my hostname to my previous server hostname as well
Is there any way to completely revert back to original iptables settings before enabling the Firewall module?
View 4 Replies
ADVERTISEMENT
Aug 25, 2014
How do we redirect port in Plesk firewall module without touching iptables? I saw forwarding but there was no destination port.
View 1 Replies
View Related
Aug 23, 2014
When I modify rules using the firewall panel it is not generating rules correctly when selecting allow from selected sources deny from others.
View 2 Replies
View Related
Mar 28, 2015
In plesk I have set the ssh rule to allow from source, deny others and added my IP. However, if I connect my PC to my work VPN, I can still login via ssh, even when I am on a different IP as the allowed IP
View 18 Replies
View Related
Aug 19, 2014
I am running Plesk 12 . Centos 6.5
I have Plesk Firewall Installed.
After the Plesk Firewall was enabled the FTP Stopped working in passive Mode.
I searched the net and found the following :
Code:
/etc/sysconfig/iptables-config and change the line with IPTABLES_MODULES to: IPTABLES_MODULES="ip_conntrack_ftp"
It started working.
I changed the default FTP port from proftpd.conf
Code:
port 2392
and /etc/services
Code:
ftp 2392/tcp
ftp 2392/udp fsp fspd
I allowed the new port in Plesk Firewall in Incoming connection and disabled port 21
Now I am not able to connect to the ftp, I get the following error. Have I missed anything ?
Code:
Response:257 "/" is the current directory
Command:TYPE I
Response:200 Type set to I
Command:PASV
Response:227 Entering Passive Mode (85,25,51,34,216,46).
Command:MLSD
Error:Connection timed out
Error:Failed to retrieve directory listing
View 4 Replies
View Related
Jun 25, 2015
When I deny all other traffic for the "System policy for incoming traffic" to secure the server by only allowing the explicit ports I've requested to open, my server stops operating correctly.
It appears when I set the "System policy for incoming traffic" to deny, it appears to be disrupting various functions such as web traffic over ports 80/443, FTP, SSH, they either work extremely slow or don't work at all.
I brought this up with my Plesk license provider and they stated that the Plesk firewall doesn't add any tracking for ephemeral ports, therefore if you set the policy to drop for incoming/outgoing, it's not going to allow proper TCP communication since the return socket can't be opened. Also that the firewall is an explicit deny system rather than explicit allow based system.
Am I doing something wrong? All I want to do is to block all ports other than the ones I've set to allow. Is this how it is supposed to work?
View 1 Replies
View Related
Apr 9, 2014
I'm in the process of installing PPA on infrastructure running Parallels Cloud Server. Each container has 2 interfaces, one public facing and a private interface for inter-server communication.
No problems installing PPA 11.5 (specifying IP's on commandline) or adding service nodes however, the firewall rules the documentation speaks of are nowhere to be seen? i.e.:
Important: After the installation, PPA creates the special firewall chain PPA-SN-Rules-INPUT used for communication with service nodes. Do not change it, otherwise, you will not be able to add service nodes to PPA.Click to expand...
Has this been dropped from PPA 11.5 ? (I recall seeing the firewall settings in 11.1) There is also no sign of the ppa.firewall tool that is also mentioned.
The only rule I see inserted is for Postgres on the management node, and 2 for pleskd on all of the nodes (open to world!).
View 2 Replies
View Related
May 27, 2009
how can i chek that my iptables firewall have this module?
ipt_recent
and if it is not installed...
View 2 Replies
View Related
May 28, 2009
I've bought a basic unmanaged VPS, purely to learn things from it. The best way to learn imo is to hammer the hell out of things, break it, then try to fix it. Anyway, I think I'm part way there, pretty sure I've broken something
When I start the consoleSSH I get this at the top:
Warning: Unknown iptable module: xt_NFQUEUE, skipped
Warning: Unknown iptable module: xt_mark"IPTABLES="ipt_REJECT, skipped
Warning: Unknown iptable module: xt_NFQUEUE, skipped
Warning: Unknown iptable module: xt_mark"IPTABLES="ipt_REJECT, skipped
Warning: Unknown iptable module: xt_NFQUEUE, skipped
Warning: Unknown iptable module: xt_mark, skipped
Any ideas what's causing it and how I can fix it? ..............
View 5 Replies
View Related
Oct 6, 2006
root@myserver [/etc/apf]# apf -r
Opening /proc/modules: No such file or directory
Unable to load iptables module (ip_tables), aborting.
View 8 Replies
View Related
Oct 12, 2007
Will the APF firewall work without the "ip_tables" module? I contacted my server management company and told them my previous tech said enabling ip_tables module on any VPS on our system would cause a kernel panic. Their response was to install APF on the VPS in question and not enable ip_tables, saying it should still block IPs and ports that aren't supposed to be open. Is this true? Or am I getting the runaround?
View 5 Replies
View Related
Mar 16, 2015
Our server setup is like this, wordpress, vtiger crm and ecommerse applications running on plesk 12 , with apache as backend server and nginx as proxy to serve static content. Now plans are to optimize webpages with Google pagespeed module , As per google documentation, module installation on nginx server need to be build from source. Is it recommended to install ngx_pagespeed module by building nginx from source on Plesk server?
View 3 Replies
View Related
May 20, 2014
how to enable bcmath in php.
We have a virtual server running Linux CentOS 6 with plesk 11.5 & PHP 5.4.28
So far I have found info here: [URL]
But can't get the commands to work. I'm not great with putty and the commands but learning a little.
I was also hoping that maybe updating PHP to a newer version and using the --enable-bcmath would work but where to start.
We have several websites installed on the server, some with opencart etc installed so I don't want to break the server!
This is what I get so far:
[root@louks ~]# wget rpms.famillecollet.com/enterprise/6/remi/x86_64/php-bcmath-5.4.28-1.el6.remi.x86_64.rpm
--2014-05-20 11:27:10-- http://rpms.famillecollet.com/enterprise/6/remi/x86_64/php-bcmath-5.4.28-1.el6.remi.x86_64.rpm
[Code].....
View 18 Replies
View Related
Nov 27, 2014
I need php imap extension for my server. How can I enable it?
View 3 Replies
View Related
Sep 17, 2014
How do I go about installing the spdy module for nginx? I understand it's now part of nginx 1.6 which comes with Plesk 12 but when I add the directive
Code:
listen 443 ssl spdy;
I get an error saying "nginx: [emerg] the "spdy" parameter requires ngxhttpspdy_module".
View 6 Replies
View Related
Aug 7, 2014
I am receiving below email everyday ....
Subject : Cron <aioftp@main> /usr/bin/php -q /var/www/vhosts/domain.com/subdomains/somedir/httpdocs/dir/cron.php
Failed loading /usr/lib64/php/modules/ioncube_loader_lin_5.4.so: /usr/lib64/php/modules/ioncube_loader_lin_5.4.so: cannot open shared object file: No such file or directory
PHP Warning: Module 'soap' already loaded in Unknown on line 0
PHP Warning: PHP Startup: XCache: Unable to initialize module
Module compiled with module API=20090626
PHP compiled with module API=20100525
These options need to match
in Unknown on line 0
View 1 Replies
View Related
Dec 21, 2014
How to install google pagespeed module on nginx and plesk 12
View 5 Replies
View Related
Sep 2, 2014
After successful upgrade PHP, and not successful with ioncube i get:
Failed loading /usr/lib/php/modules/ioncube_loader_lin_5.4.so: /usr/lib/php/modules/ioncube_loader_lin_5.4.so: cannot open shared object file: No such file or directory
PHP Warning: Module 'ionCube Loader' already loaded in Unknown on line 0
The ionCube PHP Loader is disabled because of startup problems.
PHP Warning: Module 'ionCube Loader' already loaded in Unknown on line 0
The ionCube PHP Loader is disabled because of startup problems.
PHP 5.4.32 (cli) (built: Aug 21 2014 07:33:35)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
with the ionCube PHP Loader v4.6.1, Copyright (c) 2002-2014, by ionCube Ltd., andClick to expand...
View 4 Replies
View Related
Mar 4, 2015
I have a brand new Plesk 12 Installation with just a first Subscription/Domain for my test. Enabling fail2ban jails brings me the following error for the jails plesk-proftpd and ssh. All others went on.
error 'f2bmng failed: ERROR No file(s) found for glob /var/log/secure'.
I see that /var/log/secure is missing, althoug I already used ssh and ftp to log in once. I can go to touch the /var/log/secure file or adjust the jail configs to proper log file location? Which is the way to go?
View 2 Replies
View Related
Jan 5, 2009
Is it me or that anyone else experiencing the VZ master node not properly configured for those front-end firewall programs?
I recently purchased couple Linux VPSs (OpenVZ) from different vendors and both seems not having iptables properly configured. One of them finally got resolved, but took like a week for them to figure out what's wrong with it.
I'm currently still stuck with second VPS not protected.
I have not check into which iptables modules APF or CSF requires, but VPS vendors/resellers should expect their clients would be using those and properly configure their VZ master prior to deployments.
I'm begin to wonder people that purchases VPS slices, are they using any decent firewall front-end or not.
It always seems that ip_conntrack is missing. When exists, everything works.
View 2 Replies
View Related
Jun 22, 2015
I have a list of bad Ips and would like to add it into iptables, but I don't went to enter one-by-one or by command line, I would like to insert into list file of iptables editing a file or something like that, where and how I can procedure to do this?
View 5 Replies
View Related
Jul 17, 2015
Hosting Settings
There is no php support - so i can´t change or choose running as apache module or cgi application (s. screenshot)...
OS Ubuntu 12.04.5 LTS
Panel version 11.5.30 Update #50, last updated at July 17, 2015 03:46 AM
View 4 Replies
View Related
Jun 8, 2009
after turning on the iptables firewall i can't receive emails anymore on a dedicated centos 5.3 server with postfix and dovecot.
with iptables firewall turned off everythin works fine.
following is the /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
# -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
# ************ tried doing this first ************
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 110 -j ACCEPT --syn
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT --syn
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 143 -j ACCEPT --syn
# ************ tried doing this too ************
-A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 72.233.54.234 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -s 72.233.54.234 --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -s 72.233.54.234 --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -s 0/0 --sport 25 -d 72.233.54.234 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
as you can see here i have tried opening ports 110, 25, 143 earlier. still did not work.
View 2 Replies
View Related
Oct 21, 2009
Hello !
I've got problems with my APF firewall. Here is are the errors I get :
[root@ks123456 ~]# apf -r
apf(6493): {glob} flushing & zeroing chain policies
apf(6493): {glob} firewall offline
apf(6530): {glob} activating firewall
Opening /proc/modules: No such file or directory
apf(6570): {glob} unable to load iptables module (ip_tables), aborting.
apf(6530): {glob} firewall initalized
apf(6530): {glob} fast load snapshot saved
The /var/log/apf_log file is full of these errors.
I've been told that it was a compatibility issue with the server's kernel. So I upgraded the kernel to the last version, but the problem still remains and I get the same errors...
Can you advise about what I should do now ?
Thank you !
View 2 Replies
View Related
Jun 6, 2007
Hello,
I have two similar VPS plans with identical software setups.
I installed APF Firewall on VPS A, modified the conf.apf file to
change the interfaces to venet0 and set monokern to 1 and
then opened all the ingress ports required. Started the firewall
with 'service apf start' and everything went fine, and everything
is working fine with no errors.
I did the same on VPS B but when I start apf I get the following
error that reoccurs during the startup sequence:
iptables: No chain/target/match by that name
While the firewall does seem to be running (by checking iptables -L)
I am unable to download files on the VPS, via wget or yum ...
View 4 Replies
View Related
Oct 27, 2006
I have a Virtuozzo VPS running Debian Sarge. I installed apf. My /etc/apf/conf.apf looks like:
IFACE_IN="venet0"
IFACE_OUT="venet0"
SET_MONOKERN="1"
IG_TCP_CPORTS="21,22,53,80,443,25,465,110,995,143,993,137,139,445,10000,3306"
IG_UDP_CPORTS="53"
Am am getting several "iptables: Invalid arguments" message. I traced this to these iptables calls from within /etc/apf/firewall. Each of these iptables calls gives "iptables: Invalid arguments":
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL NONE -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags SYN,RST SYN,RST -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags FIN,RST FIN,RST -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ACK,FIN FIN -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ACK,URG URG -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ACK,PSH PSH -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL FIN,URG,PSH -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL ALL -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL FIN -j IN_SANITY
Any thoughts? According to my ISP, I have these iptables modules:
iptable_filter
iptable_mangle
ipt_limit
ipt_multiport
ipt_tos
ipt_TOS
ipt_REJECT
ipt_TCPMSS
ipt_tcpmss
ipt_ttl
ipt_LOG
ipt_length
ip_conntrack
ip_conntrack_ftp
ip_conntrack_irc
ipt_conntrack
ipt_state
ipt_helper
iptable_nat
ip_nat_ftp
ip_nat_irc
View 0 Replies
View Related
Apr 4, 2008
When I click Start Firewall
I get this
iptables LKM ip_tables missing so this firewall cannot function unless you enable MONOLITHIC_KERNEL in /etc/csf/csf.conf
Error: aborted, at line 156
View 3 Replies
View Related
Oct 31, 2008
I find it hard to configure IP tables for firewall, can I find already made scripts anywhere?
View 1 Replies
View Related
Feb 7, 2008
I have CSF installed on one of our server.
CSF dont ban the IP and if manually it is done I get following error.
----------------
csf -d 195.88.65.47
Adding 195.88.65.47 to csf.deny and iptables DROP...
iptables: Index of insertion too big
DROP all opt -- in !lo out * 195.88.65.47 -> 0.0.0.0/0
Error: iptables command [/sbin/iptables -v -I INPUT 2 -i ! lo -s 195.88.65.47 -j DROP] failed, at line 864
-------------------
Also iptables is not running on server.
If status is checked it says its stopped.
I have many sites on my server I dont want to get any downtime.
Please let us know how can we fix this issue as soon as possible.
I have tried reinstall CSF but still the issue remains same.
View 3 Replies
View Related
Aug 5, 2008
After I start iptables:
service iptables start
There is not any message coming up.
When use
service iptables status,
It said:
iptables: Firewall is not running.
My os is fedora core 6
View 10 Replies
View Related
Apr 25, 2008
I use
iptables -I INPUT -s 60.216.238.212 -j DROP
To block ip, not working
After issue
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
I can still see
87 218.86.252.158
163 219.150.191.62
301 60.216.238.212
60.216.238.212 still has 301 connection, any idea.
Basically, I use ddos-deflate to block ddos attack.
I already set the max conection to 25.
But it seems not working.
all the connections over 25 have not been blocked.
Did I miss something?
I mean after I issue
iptables -I INPUT -s 60.216.238.212 -j DROP
Do I need to do something like refresh iptables?
View 0 Replies
View Related
