Hi, I followed the Perfect Server guide for Debian Wheezy + Nginx + Dovecot and have almost everything working. I'm a little baffled by ports not being open. I've disabled bastille-fireware and ufw, the two firewalls installed (replaced bastille with ufw while trying to figure this out). I added some ports in the ISPConfig3 firewall section but they are not open, so I disabled both firewalls and ran nmap Code: PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 88/tcp open kerberos-sec 110/tcp open pop3 143/tcp open imap 465/tcp open smtps 587/tcp open submission 993/tcp open imaps 995/tcp open pop3s 8000/tcp open http-alt 8080/tcp open http-proxy 8081/tcp open blackice-icecap Here is a list of all running processes on the server. I can't locate a firewall in the list. What else could be blocking ports? (or not allowing listeners?) Code: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 41320 4276 ? Ss Nov01 0:02 /bin/systemd root 2 0.0 0.0 0 0 ? S Nov01 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? S Nov01 0:10 [ksoftirqd/0] root 6 0.0 0.0 0 0 ? S Nov01 0:00 [migration/0] root 7 0.0 0.0 0 0 ? S Nov01 0:03 [watchdog/0] root 8 0.0 0.0 0 0 ? S Nov01 0:00 [migration/1] root 10 0.0 0.0 0 0 ? S Nov01 0:09 [ksoftirqd/1] root 11 0.0 0.0 0 0 ? S Nov01 6:26 [kworker/0:1] root 12 0.0 0.0 0 0 ? S Nov01 0:03 [watchdog/1] root 13 0.0 0.0 0 0 ? S Nov01 0:00 [migration/2] root 15 0.0 0.0 0 0 ? S Nov01 0:10 [ksoftirqd/2] root 16 0.0 0.0 0 0 ? S Nov01 0:03 [watchdog/2] root 17 0.0 0.0 0 0 ? S Nov01 0:00 [migration/3] root 19 0.0 0.0 0 0 ? S Nov01 0:08 [ksoftirqd/3] root 20 0.0 0.0 0 0 ? S Nov01 0:03 [watchdog/3] root 21 0.0 0.0 0 0 ? S Nov01 0:03 [migration/4] root 22 0.0 0.0 0 0 ? S Nov01 0:00 [kworker/4:0] root 23 0.0 0.0 0 0 ? S Nov01 0:03 [ksoftirqd/4] root 24 0.0 0.0 0 0 ? S Nov01 0:03 [watchdog/4] root 25 0.0 0.0 0 0 ? S Nov01 0:03 [migration/5] root 27 0.0 0.0 0 0 ? S Nov01 0:02 [ksoftirqd/5] root 28 0.0 0.0 0 0 ? S Nov01 0:02 [watchdog/5] root 29 0.0 0.0 0 0 ? S Nov01 0:03 [migration/6] root 31 0.0 0.0 0 0 ? S Nov01 0:02 [ksoftirqd/6] root 32 0.0 0.0 0 0 ? S Nov01 0:02 [watchdog/6] root 33 0.0 0.0 0 0 ? S Nov01 0:03 [migration/7] root 35 0.0 0.0 0 0 ? S Nov01 0:02 [ksoftirqd/7] root 36 0.0 0.0 0 0 ? S Nov01 0:02 [watchdog/7] root 37 0.0 0.0 0 0 ? S< Nov01 0:00 [cpuset] root 38 0.0 0.0 0 0 ? S< Nov01 0:00 [khelper] root 39 0.0 0.0 0 0 ? S Nov01 0:00 [kdevtmpfs] root 40 0.0 0.0 0 0 ? S< Nov01 0:00 [netns] root 41 0.0 0.0 0 0 ? S Nov01 0:02 [sync_supers] root 42 0.0 0.0 0 0 ? S Nov01 0:00 [bdi-default] root 43 0.0 0.0 0 0 ? S< Nov01 0:00 [kintegrityd] root 44 0.0 0.0 0 0 ? S< Nov01 0:00 [kblockd] root 45 0.0 0.0 0 0 ? S Nov01 6:14 [kworker/1:1] root 46 0.0 0.0 0 0 ? S Nov01 6:16 [kworker/2:1] root 48 0.0 0.0 0 0 ? S Nov01 0:56 [kworker/4:1] root 49 0.0 0.0 0 0 ? S Nov01 0:24 [kworker/5:1] root 50 0.0 0.0 0 0 ? S Nov01 0:13 [kworker/6:1] root 51 0.0 0.0 0 0 ? S Nov01 0:25 [kworker/7:1] root 52 0.0 0.0 0 0 ? S Nov01 0:00 [khungtaskd] root 53 0.0 0.0 0 0 ? S Nov01 0:02 [kswapd0] root 54 0.0 0.0 0 0 ? SN Nov01 0:00 [ksmd] root 55 0.0 0.0 0 0 ? SN Nov01 0:00 [khugepaged] root 56 0.0 0.0 0 0 ? S Nov01 0:00 [fsnotify_mark] root 57 0.0 0.0 0 0 ? S< Nov01 0:00 [crypto] root 205 0.0 0.0 0 0 ? S Nov01 0:00 [khubd] root 210 0.0 0.0 0 0 ? S< Nov01 0:00 [ata_sff] root 231 0.0 0.0 0 0 ? S Nov01 0:00 [scsi_eh_0] root 232 0.0 0.0 0 0 ? S Nov01 0:00 [scsi_eh_1] root 233 0.0 0.0 0 0 ? S Nov01 0:00 [scsi_eh_2] root 234 0.0 0.0 0 0 ? S Nov01 0:00 [scsi_eh_3] root 235 0.0 0.0 0 0 ? S Nov01 0:00 [scsi_eh_4] root 236 0.0 0.0 0 0 ? S Nov01 0:00 [scsi_eh_5] root 240 0.0 0.0 0 0 ? S Nov01 0:06 [kworker/u:4] root 241 0.0 0.0 0 0 ? S Nov01 0:23 [kworker/u:5] root 273 0.0 0.0 0 0 ? S Nov01 0:14 [jbd2/sda4-8] root 274 0.0 0.0 0 0 ? S< Nov01 0:00 [ext4-dio-unwrit] root 290 0.0 0.0 0 0 ? S Nov01 4:05 [kworker/3:2] root 305 0.0 0.0 0 0 ? S Nov01 0:15 [kworker/6:2] root 310 0.0 0.0 0 0 ? S Nov01 0:00 [kworker/5:2] root 312 0.0 0.0 0 0 ? SN Nov01 4:56 [kipmi0] root 321 0.0 0.0 66148 4476 ? Ss Nov01 0:58 /lib/systemd/systemd-journald root 322 0.0 0.0 0 0 ? S Nov01 0:00 [kworker/7:2] root 324 0.0 0.0 0 0 ? S Nov01 0:00 [kauditd] root 325 0.0 0.0 21764 1948 ? Ss Nov01 0:00 /sbin/udevd root 537 0.0 0.0 21712 1344 ? S Nov01 0:00 /sbin/udevd root 538 0.0 0.0 21712 1344 ? S Nov01 0:00 /sbin/udevd root 556 0.0 0.0 0 0 ? S< Nov01 0:00 [edac-poller] root 645 0.0 0.0 0 0 ? S Nov01 0:13 [flush-8:0] root 657 0.0 0.0 0 0 ? S Nov01 0:00 [kworker/0:2] root 1005 0.0 0.0 21832 732 ? S Nov01 0:00 /usr/sbin/ipmievd open daemon www-data 1032 0.0 0.0 10472 396 ? Ss Nov01 0:00 /usr/sbin/fcgiwrap root 1140 0.0 0.0 0 0 ? S Nov01 0:00 [kworker/1:2] bind 1371 0.0 0.2 235048 22924 ? Ssl Nov01 0:00 /usr/sbin/named -u bind root 1401 0.0 0.0 4112 880 ? Ss Nov01 0:00 /usr/sbin/acpid daemon 1434 0.0 0.0 16668 156 ? Ss Nov01 0:00 /usr/sbin/atd root 1459 0.0 0.0 119296 4816 ? Ssl Nov01 0:32 /usr/sbin/rsyslogd -n -c5 nobody 1490 0.0 0.0 133040 1268 ? Sl Nov01 0:21 /usr/bin/memcached -m 64 -p 11211 -u nobody -l 127.0.0.1 root 1512 0.0 0.0 16252 924 tty1 Ss+ Nov01 0:00 /sbin/agetty tty1 38400 root 1530 0.0 0.0 20404 1060 ? Ss Nov01 0:04 /usr/sbin/cron root 1560 0.0 0.0 20408 732 ? Ss Nov01 0:38 /usr/sbin/irqbalance list 1600 0.0 0.1 62828 8872 ? Ss Nov01 0:00 /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start list 1614 0.0 0.1 62676 10980 ? S Nov01 1:04 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s list 1615 0.0 0.1 62696 11012 ? S Nov01 1:07 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s list 1616 0.0 0.1 62688 10984 ? S Nov01 1:05 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s list 1617 0.0 0.1 62636 10976 ? S Nov01 1:04 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s list 1618 0.0 0.1 62700 11048 ? S Nov01 1:04 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s list 1619 0.0 0.1 62676 11084 ? S Nov01 1:07 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s list 1620 0.0 0.1 62724 10984 ? S Nov01 1:05 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s list 1621 0.0 0.1 62728 10976 ? S Nov01 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s amavis 2113 0.0 1.1 225468 96224 ? Ss Nov01 0:06 /usr/sbin/amavisd-new (master) root 2180 0.0 0.0 21516 988 ? Ss Nov01 0:04 /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf dovecot 2199 0.0 0.0 13044 1048 ? S Nov01 0:01 dovecot/anvil root 2200 0.0 0.0 13172 1228 ? S Nov01 0:01 dovecot/log clamav 2402 0.0 2.9 307172 241328 ? Ssl Nov01 4:46 /usr/sbin/clamd clamav 2526 0.0 0.0 43376 2212 ? Ss Nov01 9:42 /usr/bin/freshclam -d --quiet ntp 2613 0.0 0.0 38988 2368 ? Ss Nov01 0:27 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:110 root 3563 0.0 0.0 85952 3876 ? Ss 08:18 0:00 sshd: agrothe [priv] agrothe 3565 0.0 0.0 85952 1940 ? S 08:18 0:00 sshd: agrothe@pts/1 agrothe 3566 0.0 0.0 21436 4164 pts/1 Ss 08:18 0:00 -bash root 3661 0.0 0.0 50560 2068 pts/1 S 08:19 0:00 sudo su root 3662 0.0 0.0 52008 1700 pts/1 S 08:19 0:00 su root 3663 0.0 0.0 19480 2236 pts/1 S 08:19 0:00 bash root 3967 0.0 0.1 327780 8696 ? Ss 08:24 0:00 php-fpm: master process (/etc/php5/fpm/php-fpm.conf) web1 3968 0.0 0.0 327420 7172 ? S 08:24 0:00 php-fpm: pool web1 web1 3969 0.0 0.0 327420 7172 ? S 08:24 0:00 php-fpm: pool web1 ispapps 3970 0.0 0.0 327580 7168 ? S 08:24 0:00 php-fpm: pool apps ispapps 3971 0.0 0.0 327580 7172 ? S 08:24 0:00 php-fpm: pool apps web2 3972 0.0 0.0 327420 7176 ? S 08:24 0:00 php-fpm: pool web2 web2 3973 0.0 0.0 327420 7176 ? S 08:24 0:00 php-fpm: pool web2 web4 3974 0.0 0.0 327420 7176 ? S 08:24 0:00 php-fpm: pool web4 web4 3975 0.0 0.0 327420 7176 ? S 08:24 0:00 php-fpm: pool web4 5003 3976 0.0 0.2 328624 16452 ? S 08:24 0:00 php-fpm: pool ispconfig 5003 3977 0.0 0.2 329600 18752 ? S 08:24 0:00 php-fpm: pool ispconfig www-data 3978 0.0 0.4 632020 38444 ? S 08:24 0:00 php-fpm: pool www www-data 3979 0.0 0.5 637380 43692 ? S 08:24 0:00 php-fpm: pool www root 4096 0.0 0.0 85952 3868 ? Ss 08:29 0:00 sshd: agrothe [priv] agrothe 4098 0.0 0.0 85952 1832 ? S 08:29 0:00 sshd: agrothe@pts/2 agrothe 4099 0.0 0.0 21436 4176 pts/2 Ss 08:29 0:00 -bash root 4184 0.0 0.0 50560 2076 pts/2 S 08:29 0:00 sudo su root 4185 0.0 0.0 52008 1700 pts/2 S 08:29 0:00 su root 4186 0.0 0.0 19472 2200 pts/2 S 08:29 0:00 bash root 4250 0.0 0.0 12640 1660 pts/2 S+ 08:30 0:00 nano topaz.bordereastcreative.com.vhost web4 4536 3.0 0.0 59884 3076 ? S 08:40 1:54 pure-ftpd (IDLE) root 4537 0.0 0.0 51032 1516 ? S 08:40 0:00 pure-ftpd (PRIV) dovenull 4737 0.0 0.0 24184 3108 ? S 08:50 0:00 dovecot/imap-login vmail 4740 0.0 0.0 37820 3216 ? S 08:50 0:00 dovecot/imap root 5260 0.0 0.0 37788 2496 ? Ss Nov02 0:07 /usr/lib/postfix/master postfix 5262 0.0 0.0 59460 3312 ? S Nov02 0:01 qmgr -l -t fifo -u postfix 5289 0.0 0.0 42528 3572 ? S Nov02 0:01 tlsmgr -l -t unix -u -c root 5781 0.0 0.0 77032 2056 ? Ss 09:25 0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on; www-data 5782 0.0 0.0 77532 4092 ? S 09:25 0:00 nginx: worker process www-data 5783 0.0 0.0 77240 2364 ? S 09:25 0:00 nginx: worker process www-data 5784 0.0 0.0 77240 2364 ? S 09:25 0:00 nginx: worker process www-data 5785 0.0 0.0 77240 2364 ? S 09:25 0:00 nginx: worker process www-data 8544 0.0 0.1 381236 10808 ? S 09:34 0:00 /usr/sbin/apache2 -k start dovenull 8634 0.0 0.0 24184 3112 ? S 09:35 0:00 dovecot/imap-login vmail 8638 0.0 0.0 37820 3220 ? S 09:35 0:00 dovecot/imap root 8780 0.0 0.0 7932 960 pts/1 T 09:41 0:00 less postfix 8791 0.0 0.0 39856 2376 ? S 09:42 0:00 pickup -l -t fifo -u -c root 8805 0.0 0.0 16832 1280 pts/1 R+ 09:43 0:00 ps aux root 10715 0.0 0.3 381156 25944 ? Ss Nov10 0:01 /usr/sbin/apache2 -k start amavis 11499 0.0 1.1 236148 98188 ? S Nov10 0:02 /usr/sbin/amavisd-new (ch17-avail) mysql 12509 0.0 0.5 423088 47496 ? Sl Nov10 0:33 mysqld --skip-grant-tables root 12929 0.0 0.0 0 0 ? S Nov07 2:23 [kworker/3:0] root 12952 0.0 0.0 128524 1856 ? Ss Nov07 0:00 nginx: master process /opt/nginx-stream/sbin/nginx-stream root 12953 0.0 0.0 128988 2928 ? S Nov07 0:00 nginx: worker process amavis 14201 0.0 1.1 236284 98244 ? S Nov10 0:02 /usr/sbin/amavisd-new (ch15-avail) root 17535 0.0 0.0 0 0 ? S Nov10 0:00 [kworker/2:2] root 17546 0.0 0.1 63916 8912 ? S Nov10 0:11 python /usr/sbin/denyhosts --daemon --purge --config=/etc/denyhosts.conf root 27061 0.0 0.0 23260 2980 ? S 04:35 0:00 dovecot/config root 31220 0.0 0.0 49848 1244 ? Ss Nov02 0:00 /usr/sbin/sshd root 31315 0.0 0.0 42616 2248 ? Ss 06:25 0:00 pure-ftpd (SERVER) www-data 31373 0.0 0.1 381236 10668 ? S 06:25 0:00 /usr/sbin/apache2 -k start www-data 31374 0.0 0.1 381244 10808 ? S 06:25 0:00 /usr/sbin/apache2 -k start www-data 31376 0.0 0.1 381236 10768 ? S 06:25 0:00 /usr/sbin/apache2 -k start www-data 31377 0.0 0.1 381244 10672 ? S 06:25 0:00 /usr/sbin/apache2 -k start www-data 31379 0.0 0.1 381236 10680 ? S 06:25 0:00 /usr/sbin/apache2 -k start
You can see the firewall rules with: iptables -L if there is a firewall, then the rules must be listed in iptables.
That's the funny thing: Code: :~$ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Yet the Ports are not open... ? Or maybe something is misconfiguration? For example, I setup Nginx with the rtmp module on this Debian 7 system and another Ubuntu system, following very similar Perfect Server guides and the ubunut server gives me Code: sockstat USER PROCESS PID PROTO SOURCE ADDRESS FOREIGN ADDRESS STATE root sshd 976 tcp4 *:22 *:* LISTEN root ntpd 5366 udp4 *:123 *:* CLOSED root ntpd 5366 udp4 127.0.0.1:123 *:* CLOSED root ntpd 5366 udp4 198.61.166.106:123 *:* CLOSED root ntpd 5366 udp4 10.177.1.155:123 *:* CLOSED root sshd 11378 tcp4 198.61.166.106:22 99.251.248.253:6346 ESTABLISHED root smtpd 12055 tcp4 *:25 *:* LISTEN root nginx 13595 tcp4 *:88 *:* LISTEN root nginx 13595 tcp4 *:1935 *:* LISTEN root nginx 13596 tcp4 *:88 *:* LISTEN root nginx 13596 tcp4 *:1935 *:* LISTEN root pure-ftpd-mysql 20860 tcp4 *:21 *:* LISTEN mysql mysqld 22056 tcp4 127.0.0.1:3306 *:* LISTEN root master 22438 tcp4 *:25 *:* LISTEN root master 22438 tcp4 *:587 *:* LISTEN root master 22438 tcp4 *:465 *:* LISTEN root master 22438 tcp4 127.0.0.1:10025 *:* LISTEN amavis amavisd 22462 tcp4 127.0.0.1:10024 *:* LISTEN amavis amavisd 22941 tcp4 127.0.0.1:10024 *:* LISTEN amavis amavisd 22946 tcp4 127.0.0.1:10024 *:* LISTEN root dovecot 23214 tcp4 *:110 *:* LISTEN root dovecot 23214 tcp4 *:995 *:* LISTEN root dovecot 23214 tcp4 *:143 *:* LISTEN root dovecot 23214 tcp4 *:993 *:* LISTEN bind named 23298 tcp4 127.0.0.1:53 *:* LISTEN bind named 23298 tcp4 198.61.166.106:53 *:* LISTEN bind named 23298 tcp4 10.177.1.155:53 *:* LISTEN bind named 23298 tcp4 127.0.0.1:953 *:* LISTEN bind named 23298 udp4 127.0.0.1:53 *:* CLOSED bind named 23298 udp4 198.61.166.106:53 *:* CLOSED bind named 23298 udp4 10.177.1.155:53 *:* CLOSED root sshd 27348 tcp4 198.61.166.106:22 99.251.248.253:63738 ESTABLISHED Debian gives me: Code: sockstat USER PROCESS PID PROTO SOURCE ADDRESS FOREIGN ADDRESS STATE Yet I see nginx in the ps aux output so I know it's running.
After a reboot, I get the following from iptables: The first line is suspicious to me. Code: iptables -L Chain INPUT (policy DROP) target prot opt source destination DROP tcp -- anywhere loopback/8 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP all -- base-address.mcast.net/4 anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere DROP all -- anywhere anywhere Code: Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP all -- anywhere anywhere Code: Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere Code: Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere Code: Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere Code: Chain PAROLE (17 references) target prot opt source destination ACCEPT all -- anywhere anywhere Code: Chain PUB_IN (5 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request PAROLE tcp -- anywhere anywhere tcp dpt:ftp-data PAROLE tcp -- anywhere anywhere tcp dpt:ftp PAROLE tcp -- anywhere anywhere tcp dpt:ssh PAROLE tcp -- anywhere anywhere tcp dpt:smtp PAROLE tcp -- anywhere anywhere tcp dpt:domain PAROLE tcp -- anywhere anywhere tcp dpt:http PAROLE tcp -- anywhere anywhere tcp dpt:pop3 PAROLE tcp -- anywhere anywhere tcp dpt:imap2 PAROLE tcp -- anywhere anywhere tcp dpt:https PAROLE tcp -- anywhere anywhere tcp dpt:ssmtp PAROLE tcp -- anywhere anywhere tcp dpt:submission PAROLE tcp -- anywhere anywhere tcp dpt:imaps PAROLE tcp -- anywhere anywhere tcp dpt:pop3s PAROLE tcp -- anywhere anywhere tcp dpt:mysql PAROLE tcp -- anywhere anywhere tcp dpt:http-alt PAROLE tcp -- anywhere anywhere tcp dpt:tproxy PAROLE tcp -- anywhere anywhere tcp dpt:webmin ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:mysql DROP icmp -- anywhere anywhere DROP all -- anywhere anywhere How can I remove that first line? I think it's blocking a lot if I'm reading that right.
Ok, getting closer. After I did the reboot and found the above iptables rules, I checked the bastille-firewall config file, and realized that ISPConfig3 isn't updating bastille firewall. I removed Bastille from the startup but that command must have failed as it is still running. I opened the rtmp port by editing the bastille config manually and it worked. Seems a reboot was needed.
