I do not know too much about iptables in general as I mostly use APF or CSF firewall.
However, I have a virtuozzo vps node that uses iptables by default and it always locks up on a reboot. Even that, it even causes the server to lock up as well, then needing a reboot. What would cause that and how do I remedy this? The node is using Centos 3.6 at this time. Right now, it just pings intermittently.
I'm running CentOS 4.4 32 bit.
At the moment every time I reboot my server I have to execute:
# iptables --flush
# iptables --zero
just to be able to access the server. (Though it does allow SSH to access before executing those).
And I figured out that I must do something to /etc/sysconfig/iptables to permanently be able to access the server without those commands after reboot. Right?
Below is the file's contents:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
What do I need to do?
We changed our SSH port (for the slight added security that this offers) and updated our CSF config with the new port so that we can accept connections on this port.
We restarted CSF and we could connect successfully on the new port. When the server is rebooted connections are refused on the port until we *RESTART* CSF then it's all good again.
I would think being that we opened the port in CSF's config that on reboot the port would be opened back up but this is not happening and any time the server is rebooted we have to restart the firewall.
Does anybody have any suggestions on how to "fix" this or at least make it so we don't have to manually restart the firewall?
I'm having problem on my server AMD x 2 4200.
When insurance button F5 to refresh the page of my site server climbs the load and lock, when i restart Apache it back to normal.
I just have a website with a dedicated IP address and shared SSL generated in CPanel.
I ask then my host to finish install, which they did.
Now, when I get into the certificated pages (HTTPS), I can see the https:// in the address box of the browser, however the lock sign does not show up.
How can I fix this? I would like to show this lock sign to show the site is secured, since not everybody knows what is a https connection.
[url]
experience with teamviewer launching its own webserver and preventing apache from starting.
This is a confirmed teamviewer "feature" that launches a web server showing teamviewer advertising.
Jaguarpc lock up all the VPS forcing us to upgrade. could anyone please report to Police or other authority in concern, It 's hijacking and blackmailing.
View 14 Replies View RelatedWe have a customer requirement to enable Direct Push email on our Outlook Web Access servers to a number of mobile devices the customer will be supplied from Vodafone - running Windows Mobile 5
Therefore we need to create a public HTTPS address to allow access to the OWA/OMA part.
We do NOT (at this stage) want to allow general access to OWA over HTTPS (we have an eGap solution with RSA for this) so we need to be able to lock down access to the OWA server only to specific devices. One way would be to use Firewall Rules at the Outer DMZ and lock down by the IP ranges of the phone but thats prohibitive to other devices and will fail when the phones change IP (i.e. international roaming)
Therefore Im wondering if we can use self signed SSL certs where there is no trusted CA provider (if there was all browsers would simply be prompted to trust the source and then get access). If we use our own self signed certs and have them installed on the client devices would this work? What would be the downsides (i.e. less cryptogrpahy without the CA part?)
we have a brute force attack:
Code:
188.132.180.106 - - [14/Jul/2014:22:03:37 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:38 +0200] "GET /administrator/index.php HTTP/1.0" 200 7244 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:38 +0200] "GET /administrator/index.php HTTP/1.0" 200 7117 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:39 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
[code]....
And so on, but the Fail2Ban doesn't lock this ip address, why? And how can we manually lock about the webinterface this ip?
I execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
I'm wondering if someone can recommend a host to me. I know that researching a host before I go with it is important, this is part of my research.
I would like to make a site with ASP.NET 2.0 and a database (MS SQL preferred).
I'm just starting, so I don't have any traffic, but I don't want to rule out the possibility in the future.
I'd like a host that has no lock-in (Does not own my domain name, lets me backup and download my own database files) to a host that scales (allows me to upgrade plans easily, or purchase add-on space and bandwidth), although both are useful, I really don't want to be locked-in.
The site is not for profit (personal) and budget is a concern.
Right now Lunarpages Windows plan is looking good, it does give me a ‘free domain’, but specifies that they do not own it. Does anyone know how easy it is to transfer a free domain from lunarpages to godaddy or another registry? Has anyone had experience with this host for asp.net?
I'm also interested in finding a unbiased, legitimate host searching site that allows me to search hosts by features, with no affiliate links to the hosts reviewed, that do not sell hosting, etc.
if i can lock a file from being downloaded or viewed in ftp editor even if i give some one ftp access?
View 3 Replies View Relatedevery 4 or 5 days the lock table permission keeps getting revoked, does anyone have anything that can point me in the general direction of what would cause this? The only thing i can think of is a cpanel layer 2 update has occured a few times during hte periods where the permission is revoked
unfortunately whenever it happens it results in my SQL backup script failing
It's a VPS host running CentOS btw.
How do I lock down my Windows 2003 server so NO ONE can terminal service in UNLESS they are connected through the PRIVATE network? The server is hosted with Softlayer which allows a private network.
Basically, I want to connect to the SL private network and then terminal service in to get in.
When I connect to the private network, my primary IP/network is STILL my ISP's network. If I goto ipchicken.com, I see my ISP's ip.
However, if I do an ipconfig listing, I see the SL private network ip listed as well (it's just not primary). Hopefully, that won't restrict me from terminal servcing in when I lock down the server.
I have a dedicated server, on Debian Etch.
When I type a command with putty, the connection is closed immediately. I tried shutdown-r now and reboot, halt, do nothing to console closes and nothing happens.
After a hundred connection, I can use ls, su and kill.
I think it's the fact that the partition is corrupted. I can not Hardware reboot the server because CTN1 is "out of business".
Do you know another way to restart the server
VPS isn't rebooting by itself when it goes down. Anyone has any program/script that monitors heartbeat of the server? Like when it goes down, the program will automatically reboots the system. I know there's such a script out there but I forgot what it called.
View 2 Replies View Relatedhow to configure a periodic reboot, for example, each 4h the server will be reboot automatic.
i think i do configure a cron, but i can't find anything for periodic rebooting on freebsd.
this is a temporary solution for a issue of php.
I had to reboot my server and about 20 minutes later I tried to access the web site but the page was not found... I am able to login to SSH. However, I am not familiar with *nix or the workings of CPanel... What should I do to get the sites back online?
View 9 Replies View RelatedAfter a graceful reboot I am having problems with a few things.
First cpsrvd and lfd failed to start, but I fixed it doing this:
rm -f /usr/local/cpanel/cpanel
rm -f /scripts/installgd
rm -f /scripts/cleanmd5
rm -f /scripts/upcp
But next to all the drives it says "No DMA! (Click to Enable)", I click that and it says things:
Quote:
EIDE Hard Drive Optimizations Enabled
/dev/hdc:
setting 32-bit IO_support flag to 1
IO_support = 1 (32-bit)
But after going back to Service Status it still says that.
So I tried to enable it through a command by typing:
sudo hparm -d1 /dev/hdc5
And get this error:
Quote:
/dev/hdc5:
setting using_dma to 1 (on)
HDIO_SET_DMA failed: Invalid argument
using_dma = 0 (off)
so my server dies every day and requires human intervention to fully restart all service to have my site work properly. i suspect sigterm issues as it fails to restart all service as website is still down so i always have to reboot it.
Tried recompile apache with no success
[Tue Mar 18 06:51:27 2008] [error] [client 203.160.1.39] request failed: erroneous characters after protocol string: If-Modified-Since: Wed, 21 Nov 2007 06:16:52 GMT
[Tue Mar 18 10:03:18 2008] [error] Bad pid (7465) in scoreboard slot 16
[Tue Mar 18 10:03:18 2008] [error] Bad pid (27848) in scoreboard slot 17
[Tue Mar 18 10:03:18 2008] [error] Bad pid (27434) in scoreboard slot 18
[Tue Mar 18 10:03:18 2008] [error] Bad pid (30782) in scoreboard slot 19
[Tue Mar 18 10:03:18 2008] [error] Bad pid (7465) in scoreboard slot 16
[Tue Mar 18 10:03:18 2008] [error] Bad pid (27848) in scoreboard slot 17
[Tue Mar 18 10:03:18 2008] [error] Bad pid (27434) in scoreboard slot 18
[Tue Mar 18 10:03:18 2008] [error] Bad pid (30782) in scoreboard slot 19
[Tue Mar 18 10:03:18 2008] [error] Bad pid (7465) in scoreboard slot 16
[Tue Mar 18 10:03:18 2008] [error] Bad pid (27848) in scoreboard slot 17
[Tue Mar 18 10:03:18 2008] [error] Bad pid (27434) in scoreboard slot 18
[Tue Mar 18 10:03:18 2008] [error] Bad pid (30782) in scoreboard slot 19
[Tue Mar 18 10:03:18 2008] [notice] caught SIGTERM, shutting down
[Tue Mar 18 10:03:20 2008] [notice] mod_security/1.9.5 configured - Apache/1.3.39 (Unix) PHP/5.2.5
[Tue Mar 18 10:03:20 2008] [notice] Any You Like mod_ssl/2.8.30 OpenSSL/0.9.8g mod_perl/1.29 FrontPage/5.0.2.2510 configured -- resuming normal operations
[Tue Mar 18 10:03:20 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Mar 18 10:03:20 2008] [notice] Accept mutex: sysvsem (Default: sysvsem)
I'm finding that my server doesn't like to reboot gracefully. Either selecting "graceful server reboot" in WHM or actually typing "reboot" in SSH, which then tells me the server is shutting down. My server is then incommunicato indefinitely until I actually do a hard reset remotely.
Is this common? Is there some way to find out why this is happening?
I'm worried a server is dead, and I haven't made any backups of the database
Server went down last night, submitted a reboot request and now the server is not responding to SSH.
It does respond to ping, so I'm assuming Linux might have booted up OK
Has anyone experience with this type of issue?
What's an acceptable time for rebooting a machine?
I send an email to midphase to get my machine rebooted and I wait nearly half an hour. Even put 911.
Pacifirack would have got it done in under 5 minutes
reboot my vps every 30 min automatically in my hypervm control panel. How can i do that?
View 12 Replies View Relatedfor testing reboots? Basically, the goal is to avoid having a reboot fail leading to support or reinstall costs.
Right now, I'm using qemu -snapshot /dev/hda, but that obviously has limitations.
way to make remote reboot/start/shutdown?
it could be cool to be able to do it from a web interface in stead off by hand
So I was trying to run a backup process in Plesk 8.1 and the whole panel froze up on me (it's happened numerous times before).
Anyway, since the panel was all frozen up I just went into SSH and did a simple "reboot" (also, as done before many times). Only problem is, this time after I did the reboot the server never actually came back online... it seems to be locked up or something, I have no idea what.
I called my host and they are looking into it but they have no idea what's going on either and it's taking them forever to figure it out all the meanwhile my sites are down.... this isn't good.
Does anyone have any suggestions or advice as to why this could be occuring?
I know there are tons out there, but what's the best bang for your buck?
What's a good remote reboot that allows client to do it themselves that doesn't hurt your pockets too much?
Just a general question regarding the frequency which you all reboot your linux servers.
Mine has been up for 178 days, and is running sweet as a nut (touch wood). I was just wondering if it's worth giving it a reboot anytime soon, or if not, how long to give it before rebooting?
