I have strange problem. ISP installed from https://www.howtoforge.com/perfect-...hp-mysql-pureftpd-bind-dovecot-ispconfig-3-p4. Under System -> Server Config -> Server tab -> field "Firewall" I have "ufw" but in console when I put "ufw status" I got response "Status: inactive". I am confused - ufw works or not?
That's just the firewall type selector, it does not indicate if you have an active firewall. Did you setup a firewall under System > Firewall ?
Thank You for answer. I haven't anything in System -> Firewall. After click "Add firewall record" I see two inputs with allowed/opened tcp and udp ports and active checkbox. Does it enable the ufw firewall? I only saw adding some rules in console like ex. sudo ufw enable sudo ufw allow 22 sudo ufw allow proto tcp from 192.168.0.2 to any port 22
I added default record for firewall under ISP, ufw was enabled, ufw status output: Code: Status: active To Action From -- ------ ---- 20/tcp ALLOW Anywhere 21/tcp ALLOW Anywhere 22/tcp ALLOW Anywhere 25/tcp ALLOW Anywhere 53/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 110/tcp ALLOW Anywhere 143/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 587/tcp ALLOW Anywhere 993/tcp ALLOW Anywhere 995/tcp ALLOW Anywhere 3306/tcp ALLOW Anywhere 8080/tcp ALLOW Anywhere 8081/tcp ALLOW Anywhere 10000/tcp ALLOW Anywhere 53/udp ALLOW Anywhere 3306/udp ALLOW Anywhere 20/tcp (v6) ALLOW Anywhere (v6) 21/tcp (v6) ALLOW Anywhere (v6) 22/tcp (v6) ALLOW Anywhere (v6) 25/tcp (v6) ALLOW Anywhere (v6) 53/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 110/tcp (v6) ALLOW Anywhere (v6) 143/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) 587/tcp (v6) ALLOW Anywhere (v6) 993/tcp (v6) ALLOW Anywhere (v6) 995/tcp (v6) ALLOW Anywhere (v6) 3306/tcp (v6) ALLOW Anywhere (v6) 8080/tcp (v6) ALLOW Anywhere (v6) 8081/tcp (v6) ALLOW Anywhere (v6) 10000/tcp (v6) ALLOW Anywhere (v6) 53/udp (v6) ALLOW Anywhere (v6) 3306/udp (v6) ALLOW Anywhere (v6) but after turn on firewall I can't get into ftp under filezilla. I have message "listing directories" and after 20s I got error that it can't listing directories. After turn off ufw I can normally log in to ftp and get list of directories.
Thank Till. Seriosly I thought I should add ports 20 and 21 to UDP line in firewall in ISP. Where setup port range in pure-ftpd? How it should looks in firewall in ISP?
I would like to know why I have to setup port range if I use ftp on one (default) port? And why exactly that range not another? PS I can't send emails too using dovecot with these default ufw open tcp/udp ports.
The server listens on a default/well-known port for the control connect, but ftp protocol uses other ports for data connections, which are specified in the control connection. Stateful firewalls and nats have to see that control connection traffic in order to know what ports should be opened - if the control connection is encrypted (ftps), they can't see that. Any open/unused range above 1024 would work. dovecot is an imap/pop server, for receiving, not sending, email; sending would use postfix, typically on port 587. Is postfix listening on port 587? can you connect to 587 from your client? if so you should be able to submit email, at which point check mail logs to see why it's not delivering.
When I turn off ufw in ISP panel I haven't problem with sending email. I don't remove/add extra ports in ufw open tcp and open udp ports - it's default config.
Sounds like you need to add some ports there, then. I don't remember what the default config is, no ports are opened, or ?
I normally can find what I need without having to ask. So, I don't know whether to take over this thread or start new. I'm on ISPConfig3 + Postfix + Dovecot. Just like the op above, ufw is enabled and the relative ports are open. With an email client sending directly through this server, I can send out to anyone. (And, can receive email from anyone else sending through this server). But, with ufw enabled other mail hosts can't send email to this server. I have tried to follow iptables and compared the diff between ufw enabled vs disabled, and I am stumped. Code: iptables -L # with ufw enabled: http://paste.ubuntu.com/24457693/ iptables -L # with ufw disabled: http://paste.ubuntu.com/24457695/ I recognize this is not a ISPConfig problem; I am sure it is something simple with ufw, but it alludes me. This is where I get all my other answers from, so I am hoping you can shed some light for me. Thanks.
You allow "submission" (port 587), but not "smtp" (port 25), which is what mail servers send on. Allow port 25 and you should be good.
Thanks, I did not realize that other servers would still be looking to port 25, but that makes sense. I have now opened port 25/tcp and all works. Thanks again.
