ISPConfig IPTables/Port Blocking

Hi all,

I've used ISPConfig for some time, and recently I have noticed that for some reason I keep finding myself unable to access the ISPConfig control panel at port 8080, and also other services like UnrealIRCD unable to be reached at port 6667 etc.

Web services and other services (mail etc) all seem fine when I can't access these others.

I've noticed that the only way I can seemingly access these services on port 8080 and 6667 is by logging in remotely with SSH and telling IPtables to start accepting stuff on these ports again.

I kinda know my way around the basics of Linux and managed to figure out that the command:

iptables -I INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 6667 -j ACCEPT


will fix my access to the ISPConfig panel.

However, some time later (haven't worked out how long exactly) I find that I can not access it again, and must issue the same command in SSH to gain access again, which is getting frustrating now.

What on earth keeps resetting iptables (at a guess, I'm not sure exactly what it is doing) and blocking my access to these ports?

Many thanks for your help

 

Hi till,

Thanks for the follow up reply.

I had a good look through the ISPConfig panel to make sure I wasn't missing anything obvious, and when I logged in as admin, I noticed that my firewall option was set to bastille, and under System > Firewall there was no records that existed.

I clicked 'Add Firewall Record' and it defaulted to add a bunch of ports that are used by default by the looks. I added my custom ports to it for the ircd, and touch wood that seems to be OK so far.

Usually within a day or so the ports would be blocked again, but I made that change a couple of days back and it seems to have kept the ports open.

Not sure if this was the issue, but thanks again for your assistance

 

Ports in Firewall

If you used the Firewall option in System->Firewall and added some ports to it, you'll also need to add those ports to the config file of Bastille here: /etc/Bastille/bastille-firewall.cfg

If you didn't add the ports in the .cfg file, they will not work.

I use port 8088 for the CP and added first in System->Firewall that port and wasn't able to restart the CP. After adding to the .cfg file as mentioned above, I could use the CP again.

 

It wasn't work on my server! If it had worked, I wouldn't had written that post!

Also, after adding the Port 8088 to the Firewall in CP ->System->Firewall, I wasn't able to access the CP anymore. I restarted the Server and still could not access CP! Used Putty on Server and opened the bastille-firewall.cfg and found that Port 8088 wasn't there, so I added it and restarted the server again. Now I could access the CP again. Than checked on CP System->Firewall and saw the the port there was missing and added it also there (again), saved and now it's there too!

There was nothing done automatic adding Ports.

Thanks.

 

Thanks for your replay.

And NO, not any firewall is running except Smoothwall, which runs as Hardware Firewall and is located between WAN and LAN. The Desktop I use for to administer the Server while connecting via CP or PuTTY or WinSCP to the server, are in the same LAN and also the same Switch. So Smoothwall will not have any effect on that.

There also not any 3rd party apps installed on Server yet, neither an other firewall as Bastille which were installed by Debian and/or ISPConfig.

 

Big problem

I have an ISPConfig installation on a Debian Squeeze 6.0.9.... problem is that this machine must also have to do ip_forward.....
The problem comes with the Firewall from ISPConfig installation. When enables it does :FORWARD DROP [0:0], and I need to change this automaticaly, so if I restart this server it doesn't change this again to Drop forward requests.....
How to do this?

 

Anybody? Help?