I have been searching around for this problem, and have found other issues related but never a real solution... I have opened ports 8085 and 3724 within the firewall and restarted the firewall, yet when my app tries to connect it can't - I have tried it with the ports just being TCP, and TCP/UDP yet still nada - I know it is the ISPConfig firewall because as soon as I turn the firewall off, it connects fine, then I turn the firewall back on, and I can't connect anymore!! Why won't the firewall open those ports? Any help would be greatly appreciated!! Thanks!
Code: Chain INPUT (policy DROP) target prot opt source destination DROP tcp -- anywhere loopback/8 ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT 0 -- anywhere anywhere DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere PUB_IN 0 -- anywhere anywhere PUB_IN 0 -- anywhere anywhere PUB_IN 0 -- anywhere anywhere PUB_IN 0 -- anywhere anywhere DROP 0 -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED DROP 0 -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT 0 -- anywhere anywhere PUB_OUT 0 -- anywhere anywhere PUB_OUT 0 -- anywhere anywhere PUB_OUT 0 -- anywhere anywhere Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP 0 -- anywhere anywhere Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT 0 -- anywhere anywhere Chain PAROLE (10 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere Chain PUB_IN (4 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request PAROLE tcp -- anywhere anywhere tcp dpt:ftp PAROLE tcp -- anywhere anywhere tcp dpt:ssh PAROLE tcp -- anywhere anywhere tcp dpt:smtp PAROLE tcp -- anywhere anywhere tcp dpt:domain PAROLE tcp -- anywhere anywhere tcp dpt:www PAROLE tcp -- anywhere anywhere tcp dpt:81 PAROLE tcp -- anywhere anywhere tcp dpt:pop3 PAROLE tcp -- anywhere anywhere tcp dpt:https PAROLE tcp -- anywhere anywhere tcp dpt:webmin PAROLE tcp -- anywhere anywhere tcp dpt:mysql ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:8085 ACCEPT udp -- anywhere anywhere udp dpt:3724 DROP icmp -- anywhere anywhere DROP 0 -- anywhere anywhere Chain PUB_OUT (4 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere
As you see in the output, both ports are opened for udp. If you application needs them for tcp too, you should add them as tcp ports too. Code: ACCEPT udp -- anywhere anywhere udp dpt:8085 ACCEPT udp -- anywhere anywhere udp dpt:3724
I did add them from within ISPConfig - wonder why it did not fix it in the iptables? When I open up the firewall in ispconfig - here is what I have... Code: Name Port Type Active FTP 21 tcp yes SSH 22 tcp yes SMTP 25 tcp yes DNS 53 tcp yes DNS 53 udp yes WWW 80 tcp yes ISPConfig 81 tcp yes POP3 110 tcp yes SSL (www) 443 tcp yes Webmin 10000 tcp yes phpMyadmin 3306 tcp yes Worldd 8085 tcp yes Realmd 3724 tcp yes WorlddU 8085 udp yes RealmdU 3724 udp yes
ok I got it fixed, but had to manually edit: /etc/Bastille/bastille-firewall.cfg and /root/ispconfig/isp/conf/bastille-firewall.cfg.master I don't know why when I would add the TCP rule for those ports it would not update in that file, but this seems to have fixed it, everything works fine now. Thanks for the help
The last time I tested it, it worked on my server. I will add this to the bugtracker for further testing.
