Firewall

Discussion in 'Installation/Configuration' started by vpns2000, Apr 12, 2006.

  1. vpns2000

    vpns2000 Member

    hello,
    I uses its own Firewallscript which I started now has I the problem
    (I assume in such a way times) a host puts on if each time or also changes
    with ISP makes, everyone times my Firewall is gestopt and all to regulate is deleted I has however none firewall the ISP bring along switched on gives it a possibility the ISP my Firewall is not deactivated??
    Thanks
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Just deactivate the ISPConfig files under management > services.
     
  3. vpns2000

    vpns2000 Member

    Hello,
    which is strange which I it deactivated there and if I make changes in the ISPConfig imm my Firewall am deakiviert.
    The Firewall of ISP is deactivated one.
    ask for assistance
    THANKS
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Sorry, i do not understand eaxcatly what you mean. Can you try to explain it?

    If you make changes in your firewall, the ISPConfig firewall is activated again?
     
  5. vpns2000

    vpns2000 Member

    Hallo,
    schreibe jetzt mal in deutsch da mein englisch mehr als schlecht ist.
    nun ich habe ein Firewallscript welches IPTables verwendet. Jetzt ist es aber so wenn ich eine Domain oder Emailadressen anlege das mein Firewallscript jedesmal abgestellt wird (alle Chains werden gelöscht) und die Policis zeigen keine Wirkung mehr.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    When the ISPConfig firewall is deactivated, ISPConfig does not change any IPTables rules.

    Do you have network configuration deactivated in config.inc.php like this?

    $go_info["server"]["network_config"] = 0;
     
  7. vpns2000

    vpns2000 Member

    Hello,
    Yes i Have.
    hear is my config.php.inc file output.

    /**********************************************
    * System Settings
    **********************************************/

    $go_info["server"]["dir_trenner"] = "/";
    $go_info["server"]["server_root"] = "/home/admispconfig/ispconfig";
    if(isset($_SERVER['SERVER_NAME']) && isset($_SERVER['SERVER_PORT'])){
    $go_info["server"]["server_url"] = 'https://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVE
    } else {
    $go_info["server"]["server_url"] = "https://isp.xxxxxxx.com:81";
    }
    $go_info["server"]["include_root"] = $go_info["server"]["server_root"] . $go_info["server"]
    $go_info["server"]["classes_root"] = $go_info["server"]["include_root"] . $go_info["server"
    $go_info["server"]["temp_dir"] = $go_info["server"]["server_root"] . $go_info["server"]["di
    $go_info["server"]["files_dir"] = $go_info["server"]["server_root"] . $go_info["server"]["d
    $go_info["server"]["backup_dir"] = $go_info["server"]["server_root"] . $go_info["server"]["
    $go_info["server"]["version"] = "2.2.0";
    $go_info["server"]["os"] = "linux";
    $go_info["server"]["ort"] = "local";
    $go_info["server"]["banner"] = "0";
    $go_info["server"]["db_host"] = "localhost";
    $go_info["server"]["db_name"] = "db_ispconfig";
    $go_info["server"]["db_user"] = "root";
    $go_info["server"]["db_password"] = "xxxxxxxxxx";
    $go_info["server"]["db_type"] = "mysql";
    $go_info["server"]["mail_server"] = "";
    $go_info["server"]["mail_user"] = "";
    $go_info["server"]["mail_password"] = "";
    $go_info["server"]["smtp_server"] = "localhost";
    $go_info["server"]["mode"] = "";
    $go_info["server"]["lang"] = "de";

    $go_info["server"]["postfix_config"] = 1; // 1 = SENDMAIL-STYLE, 2 = POSTFIX-STYLE
    $go_info["server"]["smtp_restart"] = 1; // 1 = stop/start, 2 = restart
    $go_info["server"]["network_config"] = 0; // 0 = none, 1 = automatic
    $go_info["server"]["sudo_du_enabled"] = false; // enable sudo for gathering website file us
    $go_info["server"]["apache2_php"] = 'both'; // 'filter' = set PHP filters, 'addtype' = Set
    $go_info["server"]["password_hash"] = 'crypt'; // 'crypt' = crypt; 'md5' = crypt-md5
     
  8. falko

    falko Super Moderator Howtoforge Staff

    Is the ISPConfig firewall activated or deactivated under Management -> Server -> Services?
     
  9. vpns2000

    vpns2000 Member

    the Firewall is deactivated under ISP Config
     
  10. vpns2000

    vpns2000 Member

    hear is de Screanshot from my ISP

    [​IMG]

    [​IMG]
     
    Last edited: Apr 13, 2006
  11. falko

    falko Super Moderator Howtoforge Staff

    Can you post the output of
    Code:
    iptables -L
    from before and after an update in the ISPConfig web interface?
     
  12. vpns2000

    vpns2000 Member

    Hello
    this is the Outpout from
    Code:
    iptables -L
    

    • [root@ns1 ~]# iptables -L
      Chain FORWARD (policy DROP)
      target prot opt source destination
      LOG all -- anywhere anywhere state INVALID limit: avg 2/sec burst 5 LOG level warning prefix `FORWARD INVALID '
      DROP all -- anywhere anywhere state INVALID

      Chain INPUT (policy DROP)
      target prot opt source destination
      LOG all -- anywhere anywhere state INVALID limit: avg 2/sec burst 5 LOG level warning prefix `INPUT INVALID '
      DROP all -- anywhere anywhere state INVALID
      ACCEPT all -- anywhere anywhere
      ACCEPT all -- anywhere anywhere state ESTABLISHED
      REJECT tcp -- anywhere anywhere tcp dpt:0 reject-with icmp-port-unreachable
      ACCEPT icmp -- chello084113020243.2.12.vie.surfer.at anywhere icmp echo-request
      ACCEPT icmp -- 213.225.25.64/28 anywhere icmp echo-request
      ACCEPT icmp -- 212-88-188-126.ADSL.ycn.com anywhere icmp echo-request
      ACCEPT icmp -- dialup-120168.customers.etel.at anywhere icmp echo-request
      ACCEPT tcp -- chello084113020243.2.12.vie.surfer.at anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ssh
      ACCEPT tcp -- 213.225.25.64/28 anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ssh
      ACCEPT tcp -- 212-88-188-126.ADSL.ycn.com anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ssh
      ACCEPT tcp -- dialup-120168.customers.etel.at anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ssh
      ACCEPT tcp -- ns1.bbedv.com anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ssh
      ACCEPT tcp -- chello084113020243.2.12.vie.surfer.at anywhere state NEW,RELATED,ESTABLISHED tcp dpt:1029
      ACCEPT tcp -- 213.225.25.64/28 anywhere state NEW,RELATED,ESTABLISHED tcp dpt:1029
      ACCEPT tcp -- 212-88-188-126.ADSL.ycn.com anywhere state NEW,RELATED,ESTABLISHED tcp dpt:1029
      ACCEPT tcp -- dialup-120168.customers.etel.at anywhere state NEW,RELATED,ESTABLISHED tcp dpt:1029
      ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:domain
      ACCEPT udp -- anywhere anywhere state NEW,RELATED,ESTABLISHED udp dpt:domain
      ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:http
      ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:81
      ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:https
      ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:pop3
      ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:smtp
      ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ftp-data
      ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ftp
      ACCEPT udp -- anywhere anywhere state NEW,RELATED,ESTABLISHED udp dpt:ftp-data
      ACCEPT udp -- anywhere anywhere state NEW,RELATED,ESTABLISHED udp dpt:ftp

      Chain OUTPUT (policy DROP)
      target prot opt source destination
      LOG all -- anywhere anywhere state INVALID limit: avg 2/sec burst 5 LOG level warning prefix `OUTPUT INVALID '
      DROP all -- anywhere anywhere state INVALID
      ACCEPT all -- anywhere anywhere
      ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
      [root@ns1 ~]#

    nach Änderungen im ISPConfig


    • [root@ns1 ~]# iptables -L
      Chain FORWARD (policy ACCEPT)
      target prot opt source destination

      Chain INPUT (policy ACCEPT)
      target prot opt source destination

      Chain OUTPUT (policy ACCEPT)
      target prot opt source destination
      [root@ns1 ~]#
     
  13. vpns2000

    vpns2000 Member

    hallo,
    nun hat ein reseller eine neue Domain eingerichtet und meine Firewall ist wieder ausgeschaltet.


    • [root@ns1 ~]# iptables -L
      Chain FORWARD (policy ACCEPT)
      target prot opt source destination

      Chain INPUT (policy ACCEPT)
      target prot opt source destination

      Chain OUTPUT (policy ACCEPT)
      target prot opt source destination
      [root@ns1 ~]#

    Kann mir jemand sagen warum das so ist??

    DANKE
     

Share This Page