Plesk 12.x / Linux :: Redirecting Port In Firewall Module?
Aug 25, 2014How do we redirect port in Plesk firewall module without touching iptables? I saw forwarding but there was no destination port.
View 1 RepliesHow do we redirect port in Plesk firewall module without touching iptables? I saw forwarding but there was no destination port.
View 1 RepliesI temporarily enabled and activated Plesk firewall module (which I wish I didn't the first time) and for some reason it seems to have overwritten the default iptables configuration that was set, leaving my ftp unable to be logged into. I tried to disable the firewall module and reboot the server. It didn't work.
I also noticed that it somehow seem to have changed my hostname to my previous server hostname as well
Is there any way to completely revert back to original iptables settings before enabling the Firewall module?
I have some issues with the plesk firewall:
1. Emails are not delivered:
From some reasons, plesk is blocking incoming 25 port (in plesk shows opened, but it's not)My emails are delivered trough port 25, after doing some tests ( i've sent some emails to an email account hosted in the server) there was no email in the roundcube inbox! All emails were blocked...
a) Firewall was blocking the port 25 on server restart.
b) I have succesfully unblocked it from plesk manager -> tools -> edit/change -> even if i didn't change anything, i saved the "changes" and in my roundcube inbox i recived all the test emails.
c) In /var/log/maillog there is no error.
2. Passive FTP gets blocked in the same way, to successfully connect FireFTP on passive mode i need to repeat 1.b steps even if i've created a special rule to prevent the blocking, opening 49152-65534 ports and set PassivePorts 49152 65534 in /etc/proftpd.conf
The issue appears randomly, because in the last 5 days i didn´t restart the server, the last time i checked it worked. Today, without touching anything, firewall blocked my passive FTP and I had probmels reciving emails from gmail, yahoo etc...
How do they redirect to the Server URL in CPanel.
Eg. <Domain.tld>/cpanel
I looked for directory called /cpanel but non-exist.
I wish to use the same method to redirect to Plesk Panel <Domain.tld>/ppp if possible.
Will the APF firewall work without the "ip_tables" module? I contacted my server management company and told them my previous tech said enabling ip_tables module on any VPS on our system would cause a kernel panic. Their response was to install APF on the VPS in question and not enable ip_tables, saying it should still block IPs and ports that aren't supposed to be open. Is this true? Or am I getting the runaround?
View 5 Replies View RelatedOur server setup is like this, wordpress, vtiger crm and ecommerse applications running on plesk 12 , with apache as backend server and nginx as proxy to serve static content. Now plans are to optimize webpages with Google pagespeed module , As per google documentation, module installation on nginx server need to be build from source. Is it recommended to install ngx_pagespeed module by building nginx from source on Plesk server?
View 3 Replies View Relatedhow to enable bcmath in php.
We have a virtual server running Linux CentOS 6 with plesk 11.5 & PHP 5.4.28
So far I have found info here: [URL]
But can't get the commands to work. I'm not great with putty and the commands but learning a little.
I was also hoping that maybe updating PHP to a newer version and using the --enable-bcmath would work but where to start.
We have several websites installed on the server, some with opencart etc installed so I don't want to break the server!
This is what I get so far:
[root@louks ~]# wget rpms.famillecollet.com/enterprise/6/remi/x86_64/php-bcmath-5.4.28-1.el6.remi.x86_64.rpm
--2014-05-20 11:27:10-- http://rpms.famillecollet.com/enterprise/6/remi/x86_64/php-bcmath-5.4.28-1.el6.remi.x86_64.rpm
[Code].....
I need php imap extension for my server. How can I enable it?
View 3 Replies View RelatedHow do I go about installing the spdy module for nginx? I understand it's now part of nginx 1.6 which comes with Plesk 12 but when I add the directive
Code:
listen 443 ssl spdy;
I get an error saying "nginx: [emerg] the "spdy" parameter requires ngxhttpspdy_module".
How can I allow only one ip or a list of ip addresses to access port 8443.I need to limit access this port to few ip addresses and not everyone
View 6 Replies View RelatedI am receiving below email everyday ....
Subject : Cron <aioftp@main> /usr/bin/php -q /var/www/vhosts/domain.com/subdomains/somedir/httpdocs/dir/cron.php
Failed loading /usr/lib64/php/modules/ioncube_loader_lin_5.4.so: /usr/lib64/php/modules/ioncube_loader_lin_5.4.so: cannot open shared object file: No such file or directory
PHP Warning: Module 'soap' already loaded in Unknown on line 0
PHP Warning: PHP Startup: XCache: Unable to initialize module
Module compiled with module API=20090626
PHP compiled with module API=20100525
These options need to match
in Unknown on line 0
How to install google pagespeed module on nginx and plesk 12
View 5 Replies View RelatedAfter successful upgrade PHP, and not successful with ioncube i get:
Failed loading /usr/lib/php/modules/ioncube_loader_lin_5.4.so: /usr/lib/php/modules/ioncube_loader_lin_5.4.so: cannot open shared object file: No such file or directory
PHP Warning: Module 'ionCube Loader' already loaded in Unknown on line 0
The ionCube PHP Loader is disabled because of startup problems.
PHP Warning: Module 'ionCube Loader' already loaded in Unknown on line 0
The ionCube PHP Loader is disabled because of startup problems.
PHP 5.4.32 (cli) (built: Aug 21 2014 07:33:35)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
with the ionCube PHP Loader v4.6.1, Copyright (c) 2002-2014, by ionCube Ltd., andClick to expand...
I have a brand new Plesk 12 Installation with just a first Subscription/Domain for my test. Enabling fail2ban jails brings me the following error for the jails plesk-proftpd and ssh. All others went on.
error 'f2bmng failed: ERROR No file(s) found for glob /var/log/secure'.
I see that /var/log/secure is missing, althoug I already used ssh and ftp to log in once. I can go to touch the /var/log/secure file or adjust the jail configs to proper log file location? Which is the way to go?
Hosting Settings
There is no php support - so i can´t change or choose running as apache module or cgi application (s. screenshot)...
OS Ubuntu 12.04.5 LTS
Panel version 11.5.30 Update #50, last updated at July 17, 2015 03:46 AM
Is it possible to change the port of ftp, similarly to what you can do with SSH?
View 13 Replies View RelatedHow to activate/enable the firewall by cli, does this is possible?
Firewall module is installed.
Option in plesk GUI working well.
Does this is possible ? If yes how ?
installing a softarwe that used port 8088, but that port is used by plesk. What ports not used by plesk and how do I assigned one to this new software.
server Centos 5 +
Is that possible to block baidu without specifying whole list of IDs it's using ?
View 1 Replies View RelatedI have these problems since version 11.5. Now I have installed version 12 on centos . FTP works fine and is super fast and speedy until i enable PLEK FIREWALL, I also tried to add passive port range 60000-65534 to Plesk Firewall rules.
But nothing works.
It takes like 10 times longer to Login + List Files + Make changes using FTP. We applying changes via FTp and its very slow. We can use plesk file manager but its very inconvenient way for quick file uploads and changes.
I already posted this as a bug report and now wanted to inform other users.
Starting with Plesk 11.5, the file "/opt/psa/var/modules/firewall/firewall-emergency.sh" contains the following line:
Code:
rm -f /opt/psa/var/modules/firewall/active.flag
That line stems from updating
Code:
Preparing to replace psa-firewall 11.0.9-debian6.0.build110120608.16 (using .../psa-firewall_11.5.30-debian6.0.build115130819.13_amd64.deb) ...
Unpacking replacement psa-firewall ...
Now, when you stop the firewall, you cannot start it again, cause deleting the active.flag disables the firewall:
Code:
# ll /opt/psa/var/modules/firewall/active.flag
-rw-r--r-- 1 root root 0 2013-11-26 09:22 /opt/psa/var/modules/firewall/active.flag
# /etc/init.d/psa-firewall stop
psa-firewall: firewall successfully disabled
# ll /opt/psa/var/modules/firewall/active.flag
ls: cannot access /opt/psa/var/modules/firewall/active.flag: No such file or directory
# /etc/init.d/psa-firewall start
psa-firewall: service is disabled
You then have to manually "touch" the active.flag to be able to start the firewall again. A workaround is to remove the line:
Code:
sed -i 's:rm -f /opt/psa/var/modules/firewall/active.flag::' /opt/psa/var/modules/firewall/firewall-emergency.sh'
I really hope that Parallels fixes this asap, as normally you won't notice that the firewall is not active when every works fine (nothing is blocked) and Plesk still shows all the rules.
I currently have the Web Application Firewall (ModSecurity) installed but would like a visual interface to block IP's, subnets etc.. Can I install the Plesk firewall as well without any conflict with the Web Application Firewall?
View 3 Replies View RelatedI have a brand new and fresh installed server with:
Parallels Plesk v12.0.18
openSUSE 13.1
My Problem is, every day i have to click on activate in the settings of the firewall. Otherwise i have no Mail. The rest (Hosting, etc.) works fine.
No changes in the firewall settings where made, just a migration from my old server.
Plesk Firewall has no effect on IPv6?
I am writing today regarding the Plesk Firewall. It seemed to be pretty handy for quickly blocking troublesome users from *replace-with-whatever-IP-block-is-giving-you-trouble*. Yet I am unable to block IPv6 addresses, and the fire wall seems to let some blocked IPv4s right in. I did not see any distinction as to v4 or v6 in the Firewall dialog for adding custom rules, so...
The question is...
(1) Is the Plesk Firewall *supposed* to apply rules to IPv6 by default?
If yes...
(2) Is there a setting or a switch that has to be configured for this to work?
If yes...
(3) Where are said configuration options located?
Okay, when I run /sbin/ip6tables -L (CentOS) I get output that resembles the iptables (no 6) output, only... what, converted to IP6? Not sure. Example output:
DROP tcp ::ffff:31.0.0.0/104 ::/0 tcp dpts:1:10000
In that particular instance I added a drop for the 31.0.0.0/8 block (using the Plesk Firewall interface), in order to create the script that's loaded into iptables (and ip6tables as well, apparently) when one elects to "Apply Configuration". It worked great, executed perfectly, and the iptables output list output looked to be (and remember, I have grossly insufficient background knowledge in this area) accurate.
Yet at the time of this writing I can see via live traffic monitor that an address in the 31.0.0.0/8 block (IPv4) is pounding away at a website. This is curious, as the live traffic monitor indicates an IPv4 address. So... can an IPv4 address be detected and recorded from a host that is only able to connect via IPv6? While an interesting question, I was more concerned with just blocking the IPv6 address and get more academic with it later.
But this raises another question; why would Plesk populate ip6tables and not provide an interface to actually submit IPv6 addresses.
When I modify rules using the firewall panel it is not generating rules correctly when selecting allow from selected sources deny from others.
View 2 Replies View RelatedRunning plesk 12.018 on OpenSUSE 13.1
What causes the firewall to change / reset itself periodically? I enabled the plesk firewall, but some time later it is reset itself and switched to the opensuse firewall (completely different rule set, which blocks most of the ports).
I then disabled the plesk firewall and loaded my own iptables rule set via iptables-restore command. However a few hours later, it also gets reset to the opensuse firewall. The std. opensuse firewall closes most of the ports, so then our email is blocked.
I would like to permanently switch off any plesk handling of the firewall and manage the iptables myself. How to do this?
I also have fail2ban running and defined my own jail.local files.
Each migration in the last years I'm running into this bug that Postfix wants to run on port 587 even though this is turned OFF in the Plesk Panel.
Sometimes it does this after some update.
Because another process is running on port 587 this means that postfix does not start and I have some downtime until I "repair" this.
"Repairing" means going into Plesk panel and turning ON SMTP-Auth.... Wait a moment for it to apply and then turning it OFF again....
This unwanted behaviour can be easily reproduced by having this option turned off in the Plesk panel and then running /usr/local/psa/admin/sbin/mchk --without-spam
This will end up in a non-running postfix if another process is already running on port 587.
This shouldn't be happening. Especially because I reported this behaviour years ago..
I would like to close port 25 and use other port for SMTP service and so avoid a lot of attempts to Access my SNTP port.
I followed all the steps in [URL] ... included the last one, about close port 25 from external.
And now qmail can send mails but can not receive from external senders. Is there any solution for solve it? or qmail must listen port 25?
I need changing the nginx port. I've followed various threads and have created a custom nginxDomainVirtualHost.php file at: /usr/local/psa/admin/conf/templates/custom/domain, while the website indeed moves to the port I have set, a second nginx thread starts at port 80 and takes over in it's place.
I need to put varnish at port 80 and cannot do so until all services relinquish control on port 80.
Followed clues here: [URL] ....
some here: [URL] .....
Turn's out to be able to change the nginx port to a non-standard port you need to edit 6 files
nginx.php
nginxDomainForwarding.php
nginxDomainForwardingIpDefault.php
nginxDomainVhost.php
nginxDomainVhostIpDefault.php
nginxWebmail.php
For the time being i disabled SSL support for my test domain as I didn't need it. The line you need to look for the in above files is:
Code:
$VAR->server->nginx->httpPort
So the line would finally become from this:
Code:
<?php echo $VAR->includeTemplate('server/nginxVhosts.php', array(
'ssl' => false,
'frontendPort' => $VAR->server->nginx->httpPort,
'backendPort' => $VAR->server->webserver->httpPort,
)) ?>
to this:
Code:
<?php echo $VAR->includeTemplate('server/nginxVhosts.php', array(
'ssl' => false,
'frontendPort' => "8888",
'backendPort' => $VAR->server->webserver->httpPort,
)) ?>
To get this to work you'll need to create a custom directory at: /usr/local/psa/admin/conf/templates
And copy the files over from the root of /usr/local/psa/admin/conf/templates/default
I have a friend who usually manages my server, but he's been hard to contact, and these forums are officially my best friend
I figured out how to change the sshd config, and restarting the service to change the port. My friend installed a firewall due to ddos attacks, and I think i need to manually unblock the port that I would like to be the new sshd port. How can I find out what firewall I'm running, and where can I add a new port to the allow list?