Iptables Locking Me Out
Mar 2, 2007
[root@server001 root]# iptables --flush
[root@server001 root]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter mangle nat [ OK ]
Unloading iptables modules: [FAILED]
Applying iptables firewall rules: [ OK ]
As soon as I restarted it, I got locked out again. Disabling iptables enables me back in ssh. What can I do to fix this?
View 9 Replies
ADVERTISEMENT
May 10, 2007
I don't know why, but the server locks up daily at different times of the day. I have to reboot, flush iptables and it will happen again hours later.
I don't know what to look for, what logs, etc.
I'm confident it is something within iptables
I have apf/bfd installed and dos deflate as well.
How can I trace this?
Nothing suspicious in /tmp either
View 4 Replies
View Related
Mar 31, 2009
How do I lock SSH down to just my IP range and with a key?
View 7 Replies
View Related
Jun 26, 2009
Ive been having some issues with my cpanel lately... it seems everytime I add an account via whm or a subdomain via cpanel it locks up when "Restarting Apache"
I have 2 identical servers, 1 runs fine... this one though ive reinstalled apache...multiple times with no results... now im reinstalling cpanel and it seems forzen at 50% and just says
Apache ... ... ... ... for about 100 lines.
View 9 Replies
View Related
Feb 28, 2007
i have question about locking in homedir.. i bought few weeks ago debian box, and i need to create shell accounts with locking axx to user home directory.. or block access to other users directory..
chown 701? jail? how to?
View 2 Replies
View Related
Dec 18, 2007
a way to lock users in their directory. E.g. if I host a domain mydomain.com, I need that the owner of this domain can access (read, write, execute via ssh) only the folder www/mydomain.com and nothing else. The solution does not to be a ultrasecure one.
1] adjusting privileges (e.g. deny execute on dirs for the "others") seems a sure way to make the server unfunctional
2] rbash - when I set shell to rbash for a test user, the user can no longer connect to server through winscp
View 9 Replies
View Related
Jul 13, 2008
I have a (dedicated) server out of control. It is managed by a 3rd party company who has never been able to get the spam and server load under control. Loads average over 5! and there is no activity in top other than sendmail and mailscanner (with Ensim).
I turned off mailscanner and sendmail while I typed this and server load went to .08.
I'm going to switch (dedicated) servers to a new provider (for reasons above plus a few others) which will include managed service from the server provider as well.
There are only a few programs that need to run on this server. VBulletin is the main concern.
I want to lock down all mail access. I want vbulletin to be able to send outgoing email as part of its administration and as part of its member notifications.
I don't want ANYONE OUTSIDE THE SERVER to be able to send mail through this server.
One idea I have had is to use DNS to assign all MX records of every domain on the machine to the free gmail service.
I have one domain on this machine (and important domain) that gets thousands and thousands of spam. I assigned its' MX records to NO-IP.com who filters and forwards email to me. That has worked - but server load never budged.
View 1 Replies
View Related
Feb 28, 2008
the load of my server is high,
i login whm and check the CPU/Memory/MySQL Usage
User Domain %CPU %MEM MySQL Processes
mysql 3.30 45.97 0.0
Top Process %CPU 1.0 /usr/sbin/mysqld --basedir/ --datadir/var/lib/mysql --usermysql --pid-file/var/lib/mysql/hostname.com.pid --skip-locking
Top Process %CPU 0.7 /usr/sbin/mysqld --basedir/ --datadir/var/lib/mysql --usermysql --pid-file/var/lib/mysql/hostname.com.pid --skip-locking
Top Process %CPU 0.6 /usr/sbin/mysqld --basedir/ --datadir/var/lib/mysql --usermysql --pid-file/var/lib/mysql/hostname.com.pid --skip-locking
the values are higher before,
i want to ask what is skip-locking and if i add skip-locking in my.cnf,
will the problem been improved? and will it take any effect or problem?
View 7 Replies
View Related
Feb 6, 2008
I'm running apache to serve PHP files on (/home/www/) and thttpd to serve images on (/home/www/images)
thttpd runs on a different IP than apache, apache only listens to its IP.
After doing this, the number of apache processes decreased significantly, however performance has gone down, and apache is starting to crash very frequently (swapping).
Could there be a file-locking issue? Do I have to separate the images folder from the www folder?
View 0 Replies
View Related
May 26, 2008
I've seen that a similar topic was posted earlier today, but I have more specific question. I'm looking for the e-mail only hosting. Requirements:
* dedicated IP
* SMTP + SSL (TLS)
* POP3/IMAP + SSL (TLS)
* up to 10 e-mail addresses from various domains
* forwarders (10 or more)
* 1-5 GB storage
* 10 GB bandwidth
* budget: the less the better, but I'll pay any reasonable amount of money if the service is good. Basically I need to find a provider at which I can keep my e-mail address once and for all. (I need a few e-mails only, a few forwarders, 100 MB storage and 1 GB bandwidth but I stated more so I don't run out on resources)
Is there any significant difference between SSL and TLS or is it all mainly in the proprietary vs open standard?
Is there any good reason why not to use Google Apps for this purpose? I've read that some people are concerned about privacy. Is there any pro that can comment on this (privacy issue) and remain objective?
One last (dumb?) question. What is the purpose of domain locking? Before AuthCodes were introduced I could see the reason for locking domains, but why would anyone want to lock the domain these days? (and yet I see majority still does) I mean, noone can initiate the transfer without providing AuthCode (can he?) and isn't that alone good enough to keep the domain safe? And if someone manages to gain control to the control panel to read AuthCode then he can easily unlock the domain so I see no additional layer of security.
View 5 Replies
View Related
Jan 5, 2008
I execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
View 2 Replies
View Related
Aug 4, 2006
I am experiencing a strange problem with iptables: after in activate them, they are gone in a few minutes. For example, I drop traffic from an ip and after few seconds, all rules are flushed without touching anything!
View 2 Replies
View Related
Jan 20, 2008
I need to block about 5000 IPs .. Is it possible to add this amount of IPs to iptables?
I mean ... Will this slow down the machine response?
View 7 Replies
View Related
May 24, 2007
What do you prefer or what do you think is better, iptables or apf for a firewall?
View 9 Replies
View Related
Apr 13, 2009
i install csf on centos,
my server is working but the network is unreachable,
i try to run "service iptables stop",
and the server is unreachable now,
i check from whm,it shows csf is working,
but i ssh the server and type "service iptables status",
it shows "firewall is stopped",
is it correct?
is not,how can i fix the issue?
View 11 Replies
View Related
Apr 10, 2009
Is there a way for me to whitelist myself or something?
I get up everyday and have to call LSN because my server has blocked me for some reason...
View 10 Replies
View Related
Feb 4, 2007
If I keep getting spam from a certain IP, can I add that IP to Iptables? Will it stop me receiving spam from that IP? I'm not quite sure how it all works.
Or what is the most effective method to stop spam?
View 14 Replies
View Related
Sep 21, 2007
I've got two VPS's and both have the same ruleset for outbound EG_TCP
Code:
EGF="1"
EG_TCP_CPORTS="21,25,37,43,53,80,110,113,123,443,873,2089,3306"
EG_UDP_CPORTS="53,465,873,6277"
Whenever I turn EGF to 1 my VPS locks me out of everything, I need togo into hyperVM to turn it off and restart my firewall.
What would cause this?
It's Fedora Core 5 on OpenVZ i've googled and cannot seem to find a reason why it would do that. Could be something in the host node kernel that may need adjusting?
View 2 Replies
View Related
May 15, 2007
I am working with iptables and am trying to figure out the best ruleset for cpanel servers.
I have a few custom ports for a few services, but other than that, does anyone have a recommended ruleset for the typical cpanel cluster?
View 5 Replies
View Related
Sep 12, 2007
how can i clear iptables?
i enter many ip in it that most of them is worng and i must clear it
View 2 Replies
View Related
Oct 29, 2007
Do you find iptables enough or do you use a hardware firewall for linux? I haven't used anything less than hardware firewalls for years but I gather than most simply rely on iptables. Is that a smart choice?
View 6 Replies
View Related
Mar 25, 2007
I got blocked by my server. Hivelocity helped me to gain access by my server.
I was told that to avoid being blocked again I should type
iptables -A INPUT 202.155.151.185 -j ACCEPT
What I ended up was
iptables -A INPUT 202.155.151.185 -j ACCEPT
Bad argument `202.155.151.185'
Try `iptables -h' or 'iptables --
View 5 Replies
View Related
Sep 27, 2007
i have code :
1. IF=`/sbin/route | grep -i 'default' | awk '{print$8}'`
2. IP=`/sbin/ifconfig $IF | grep "inet addr" | awk -F":" '{print$2}' | awk '{print $1}'`
3. IPT="/usr/sbin/iptables"
4. NET="any/0"
5. DNS="xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy"
6. SERV_TCP="22 80 443 "
7. SERV_UDP="53 123"
8. HI_PORTS="1024:65535"
........
i dont know line of 5's sense .I am must changed warrant is what?
View 5 Replies
View Related
Oct 6, 2007
Code:
# iptables -D INPUT -s 25.55.55.55 -j DROP
iptables v1.3.8: Couldn't load target `standard':/usr/local/lib/iptables/libipt_standard.so: cannot open shared object file: No such file or directory
What is going on? The libipt_standard.so file is located in /lib/iptables, but not /usr/local/lib/iptables. I tried moving all of the libipt files into the /usr/local/lib/iptables directory, but I got segmentation errors.
View 1 Replies
View Related
Nov 7, 2006
I have installed APF on box and set ports for in and out and enabled it.. of course, iptables is running from booting..
[root@localhost /]# runlevel
N 3
[root@localhost /]# chkconfig --list | grep iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@localhost /]# chkconfig --list | grep apf
apf 0:off 1:off 2:off 3:on 4:on 5:on 6:off
but when I check it like this
[root@localhost ~]# service iptables status
Firewall is stopped.
[root@localhost ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter [ OK ]
Unloading iptables modules: ^[[A [ OK ]
[root@localhost ~]# service iptables status
Firewall is stopped.
it said iptables is stop...even I start manually...
I am not sure APF is running correctly because of iptables..
View 10 Replies
View Related
Sep 10, 2006
# apf -r
Unable to load iptables module (ip_tables), aborting.
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# uname -a
Linux servername 2.6.17.9 #1 SMP Sun Aug 27 17:08:11 ICT 2006 i686 athlon i386 GNU/Linux
is there any reason that I cannot use iptables? If I edit monokern option in apf to 1, I cannot use ftp in passive mode
View 14 Replies
View Related
Feb 7, 2008
I have CSF installed on one of our server.
CSF dont ban the IP and if manually it is done I get following error.
----------------
csf -d 195.88.65.47
Adding 195.88.65.47 to csf.deny and iptables DROP...
iptables: Index of insertion too big
DROP all opt -- in !lo out * 195.88.65.47 -> 0.0.0.0/0
Error: iptables command [/sbin/iptables -v -I INPUT 2 -i ! lo -s 195.88.65.47 -j DROP] failed, at line 864
-------------------
Also iptables is not running on server.
If status is checked it says its stopped.
I have many sites on my server I dont want to get any downtime.
Please let us know how can we fix this issue as soon as possible.
I have tried reinstall CSF but still the issue remains same.
View 3 Replies
View Related
Sep 16, 2007
I keep trying to flush my iptables on my linux server but every time i try to do so my server seems to freeze (i lose access and have to reboot it for it to come back online), how can I go about deleting those ips manually rather than executing the flushing command? what options do I have?
View 4 Replies
View Related
Jun 4, 2007
root@xxxx[~]# service iptables status
Firewall is stopped.
root@xxxx[~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
root@xxxx[~]# service iptables status
Firewall is stopped.
why not iptables don't start ?
View 4 Replies
View Related
Apr 23, 2009
i create a template for xen ( hypervm ) from jailtime site. now i install iptables , but iptables do not work and when i enter " service iptables restart" , iptables do not start. ( i check it from "service iptables status" )
View 4 Replies
View Related
Apr 23, 2007
I used a script to block some unwanted countries from accessing my site. In total I had about 3000 lines with ipranges. Now I just went ahead and put this on one of the servers, one that I really don't need the traffic on. But I am wondering what kind of affect this may have on the speeds. Will it really affect it more then a few ms? And anything else I should maybe worry about? Except maybe the loading time at reboots.
View 2 Replies
View Related
