Hi all, First the setup: ISPConfig 3.0.2.2 ( with BIND, not mydns ) Ubuntu 10.04 64bit Server is a VM Firewall settings in ISPConfig: Open TCP ports - 20,21,22,25,53,80,110,143,443,3306,8080,10000 Open UDP Ports - 53,3306 For some reason everytime I reboot the server I need to run /etc/init.d/bastille-firewall restart ( or just "start" ). Before I restart it and after I have rebooted, web and email don't work ( haven't checked dns ) but I can ssh into it, so I assume port 22 is open but no others? Any ideas why this might be?
Please run Code: update-rc.d bastille-firewall defaults Bastille should then be started automatically at boot time.
Code: System start/stop links for /etc/init.d/bastille-firewall already exist. Thanks falko, Got the above ^ output, and then rebooted, and same thing. ran "/etc/init.d/bastille-firewall status" Code: root@server1:~# /etc/init.d/bastille-firewall status Chain INPUT (policy DROP 52 packets, 3443 bytes) pkts bytes target prot opt in out source destination 63 4704 fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 111 7545 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 328 36351 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 119.252.x.x icmp type 255 0 0 ACCEPT tcp -- * * 0.0.0.0/0 119.252.x.x tcp dpt:22 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 426 packets, 47188 bytes) pkts bytes target prot opt in out source destination Chain fail2ban-ssh (1 references) pkts bytes target prot opt in out source destination 63 4704 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Then ran "/etc/init.d/bastille-firewall start". Code: root@server1:~# /etc/init.d/bastille-firewall start WARNING: All config files need .conf: /etc/modprobe.d/vmware-tools, it will be ignored in a future release. WARNING: All config files need .conf: /etc/modprobe.d/vmware-tools, it will be ignored in a future release. WARNING: All config files need .conf: /etc/modprobe.d/vmware-tools, it will be ignored in a future release. WARNING: All config files need .conf: /etc/modprobe.d/vmware-tools, it will be ignored in a future release. Setting up IP spoofing protection... done. Allowing traffic from trusted interfaces... done. Setting up chains for public/internal interface traffic... done. Setting up general rules... done. Setting up outbound rules... done. touch: cannot touch `/var/lock/subsys/bastille-firewall': No such file or directory then ran "/etc/init.d/bastille-firewall status" again Code: root@server1:~# /etc/init.d/bastille-firewall status Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- !lo * 0.0.0.0/0 127.0.0.0/8 420 65669 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 11 660 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 11 576 PUB_IN all -- eth+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- ppp+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- slip+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- venet+ * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 284 packets, 44685 bytes) pkts bytes target prot opt in out source destination 179 55487 PUB_OUT all -- * eth+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * ppp+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * slip+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * venet+ 0.0.0.0/0 0.0.0.0/0 Chain INT_IN (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain INT_OUT (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PAROLE (12 references) pkts bytes target prot opt in out source destination 8 384 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PUB_IN (4 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 2 96 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 1 48 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 5 240 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 3 192 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PUB_OUT (4 references) pkts bytes target prot opt in out source destination 177 53827 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-ssh (0 references) pkts bytes target prot opt in out source destination 316 26852 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Solved!!! ( with a red face ) My VPS hosting provider builds the VM automatically with nothing more than SSH and a basic firewall......I had forgotten about their basic firewall ( I know I know...I'll put the dunce hat on in a sec ). To stop their firewall from starting on boot I ran: Code: update-rc.d -f name-of-basic-firewall remove and voila, works perfectly. Thanks for ya help anyway falco....I'll be off to the corner now lol
