Hey guys, I've been looking at the forums and I've seen a few people with the same problem and the same thing keeps coming up, it's not an ISPconfig problem but a DNS problem. The problem is as I'm experiencing it, is I can resolve DNS queries, I can ping outside and do RBL lookups but anything that requires an actual connection i.e. FTP from the server or browsing (using lynx) won't work. I suspect that the high number ports that the outgoing connection would latch on to is closed by ISPconfig's bastille firewall. Has anyone else experienced this or has an idea of a solution? I'm using Centos 5.3 on a VPS using VMware. Ashley
Yes, it all works perfectly with no firewall. I'm also using fail2ban but other then that I haven't added any iptables rules other then those the VPS operator has. Ashley
That's strange, because the firewall should block only incoming connections. What's the output of Code: iptables -L when the firewall is on?
Falko, The output is: Chain INPUT (policy DROP) target prot opt source destination DROP tcp -- anywhere 127.0.0.0/8 DROP all -f anywhere anywhere ACCEPT all -- anywhere anywhere DROP all -- 224.0.0.0/4 anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain PAROLE (9 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain PUB_IN (4 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request PAROLE tcp -- anywhere anywhere tcp dpt:ftp PAROLE tcp -- anywhere anywhere tcp dpt:ssh PAROLE tcp -- anywhere anywhere tcp dpt:smtp PAROLE tcp -- anywhere anywhere tcp dpt:domain PAROLE tcp -- anywhere anywhere tcp dpt:http PAROLE tcp -- anywhere anywhere tcp dpt:hosts2-ns PAROLE tcp -- anywhere anywhere tcp dptop3 PAROLE tcp -- anywhere anywhere tcp dpt:imap PAROLE tcp -- anywhere anywhere tcp dpt:https ACCEPT udp -- anywhere anywhere udp dpt:domain DROP icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain PUB_OUT (4 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain fail2ban-BadBots (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-ProFTPD (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-SSH (0 references) target prot opt source destination DROP all -- 202.109.242.18 anywhere DROP all -- 122.129.245.231 anywhere DROP all -- host9.abaks.pl anywhere DROP all -- 61.152.175.61 anywhere RETURN all -- anywhere anywhere Chain fail2ban-sasl (0 references) target prot opt source destination RETURN all -- anywhere anywhere Ashley
Turning off fail2ban doesn't change anything, it still won't talk to the outside world. In case it helps, with fail2ban off, here is the output of /etc/init.d/bastille-firewall status: Chain INPUT (policy DROP 1 packets, 92 bytes) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- !lo * 0.0.0.0/0 127.0.0.0/8 316 140K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 240 26190 PUB_IN all -- eth+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- ppp+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- slip+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- venet+ * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 316 packets, 140K bytes) pkts bytes target prot opt in out source destination 208 67955 PUB_OUT all -- * eth+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * ppp+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * slip+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * venet+ 0.0.0.0/0 0.0.0.0/0 Chain INT_IN (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain INT_OUT (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PAROLE (10 references) pkts bytes target prot opt in out source destination 225 23620 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PUB_IN (4 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 172 13484 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 53 10136 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:81 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:953 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:993 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:995 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:953 0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 15 2570 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PUB_OUT (4 references) pkts bytes target prot opt in out source destination 208 67955 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 and iptables -L Chain INPUT (policy DROP) target prot opt source destination DROP tcp -- anywhere 127.0.0.0/8 ACCEPT all -- anywhere anywhere DROP all -- 224.0.0.0/4 anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain PAROLE (10 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain PUB_IN (4 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request PAROLE tcp -- anywhere anywhere tcp dpt:ftp PAROLE tcp -- anywhere anywhere tcp dpt:ssh PAROLE tcp -- anywhere anywhere tcp dpt:smtp PAROLE tcp -- anywhere anywhere tcp dpt:domain PAROLE tcp -- anywhere anywhere tcp dpt:http PAROLE tcp -- anywhere anywhere tcp dpt:hosts2-ns PAROLE tcp -- anywhere anywhere tcp dptop3 PAROLE tcp -- anywhere anywhere tcp dpt:imap PAROLE tcp -- anywhere anywhere tcp dpt:https PAROLE tcp -- anywhere anywhere tcp dpt:rndc ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:imaps ACCEPT udp -- anywhere anywhere udp dptop3s ACCEPT udp -- anywhere anywhere udp dpt:rndc DROP icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain PUB_OUT (4 references) target prot opt source destination ACCEPT all -- anywhere anywhere