Does ISPConfig 3 use iptables for its firewall? I made some changes and added a port in IPSConfig 3 system/firewall and clicked save. Then I restarted iptables and looked at the status and I do not see the ports I added. Thanks
ISPConfig uses the bastille-firewall script which uses iptables. If you do a change in ispconfig, it takes a minute until they get applied and do not manually restart iptables as iptables will loose it settings if you restart it manually without using the bastille-firewall script.
Is there somewhere I can look to verify that bastile is working and see what ports are open/closed other than in ISPConfig 3? Thanks
With iptable running I can't see my websites, and from I see here port 80 is open. Perhaps the port for DNS is not? Code: [root@server ~]# service iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255 3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080 10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143 11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:23 13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21 16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 17 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:137 18 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138 19 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139 20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:445 21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2049 22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited here is iptables -L Code: [root@server ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:webcache ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:telnet ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
The firewall you are running is not from ispconfig. make sure that the ispconfig firewall is disabled if you use another firewall.
ok, thanks. Someone told me I had to have iptables running in order for fail2ban to work. I will shut down iptables.
Hi Till I'm unable to open port 445 (for direct samba) Port scan say that 445 is close! Can you help? Thank you
check qith: iptables -l if port 445 is open or closed ithe firewall and check with: netstat -ntap of samba is listening on that port. when samba is not listening or not started, then a portsacn will report the port as closed too, so this does not has to be a firewall issue.
Here my iptables -L I think that tcp dpt:microsoft-ds is 445 ? Right? When I start samba, is listen on 137,138,139,445; answer on smbclient -L //serverIP when I'm on samba server but anwser Connection failed (Error NT_STATUS_HOST_UNREACHABLE) on any other machine. When I guest with windows server2008 machine, server tell me that Thank
run netstat -tulpn | egrep "samba|smbd|nmbd|winbind" to see the ports samba uses on your server. You may must open some more ports (tcp and/or udp): https://wiki.samba.org/index.php/Samba_port_usage
