IPSCoonfig is not avaliable after few hours server has been rebooted

emanation · Sep 15, 2011

So, I have CentOS 6 and everything work great.
But after few hour some time 1 day IPSConfig is not avaliable anymore though all other services are working great. I get "Server doesn't respond" message at browser. In fact I use non standard port for IPSConfig. It's not 8080. And I use SSL connection only.
After rebooting server ISPConfig is available with out any problem.
Is there any critical service which could stop itself and it's dependence to be workable IPSConfig? And what I should check when IPSConfig doesn't opens.
Thanks.

till · Sep 15, 2011

ISPConfig itself is not a service, so it can not be stopped or started. The ispconfig interface is available trogh apache, so when you are unable to reach the ispconfig web interface, then there is a problem with the apache webserevr. You should check if apache is started and if there are any errors in the apache error.log file.

emanation · Sep 16, 2011

Hello.
I explained wrong. I could investigate that apache is down or running.
But when IPSConfig is not opening other sites are workable. So, apache service is working. But for some reason it doesn't process request on IPSConfig port but handles port 80 requests.
That is strange.

falko · Sep 16, 2011

Did you check Apache's error log?

Do you use something like fail2ban that could have locked you out?

Did you check your client PC's firewall it it prevents access to port 8080?

emanation · Sep 16, 2011

Do you use something like fail2ban that could have locked you out?
Click to expand...

You are right. It's fail2ban. This service is running. After stop it and make command 'iptables --flush' IPSConfig opens again.
In addition fail2ban blocks exactly port but not my or certain IP only. Because IPSConfig is not available from any hosts when blocked.

For now I exclude fail2ban from autostart.
But what do you suggest to me? Is it possible to get running fail2ban and workable IPSConfig?

Thanks.

falko · Sep 17, 2011

Can you post your fail2ban configuration?

Is it possible you had multiple failed login tries on another service on your server (like POP3, SMTP, etc.)? That might be the reason why fail2ban blocked you.

emanation · Sep 18, 2011

it's standard, I have not changed it. Now it contains (commented lines are excluded)

Code:

[Definition]
loglevel = 3
logtarget = SYSLOG
socket = /var/run/fail2ban/fail2ban.sock

Also there are jail.conf file. I also removed all commented lines.

Code:

[DEFAULT]
ignoreip = 127.0.0.1
bantime  = 600
findtime  = 600
maxretry = 3
backend = auto

[ssh-iptables]
enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=root, [email protected]]
logpath  = /var/log/secure
maxretry = 5

[proftpd-iptables]
enabled  = false
filter   = proftpd
action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
           sendmail-whois[name=ProFTPD, [email protected]]
logpath  = /var/log/proftpd/proftpd.log
maxretry = 6

[sasl-iptables]
enabled  = false
filter   = sasl
backend  = polling
action   = iptables[name=sasl, port=smtp, protocol=tcp]
           sendmail-whois[name=sasl, [email protected]]
logpath  = /var/log/mail.log

[ssh-tcpwrapper]
enabled     = false
filter      = sshd
action      = hostsdeny
              sendmail-whois[name=SSH, [email protected]]
ignoreregex = for myuser from
logpath     = /var/log/sshd.log

[apache-tcpwrapper]
enabled  = false
filter   = apache-auth
action   = hostsdeny
logpath  = /var/log/apache*/*error.log
           /home/www/myhomepage/error.log
maxretry = 6

[postfix-tcpwrapper]
enabled  = false
filter   = postfix
action   = hostsdeny[file=/not/a/standard/path/hosts.deny]
           sendmail[name=Postfix, [email protected]]
logpath  = /var/log/postfix.log
bantime  = 300

[vsftpd-notification]
enabled  = false
filter   = vsftpd
action   = sendmail-whois[name=VSFTPD, [email protected]]
logpath  = /var/log/vsftpd.log
maxretry = 5
bantime  = 1800

[vsftpd-iptables]
enabled  = false
filter   = vsftpd
action   = iptables[name=VSFTPD, port=ftp, protocol=tcp]
           sendmail-whois[name=VSFTPD, [email protected]]
logpath  = /var/log/vsftpd.log
maxretry = 5
bantime  = 1800

[apache-badbots]
enabled  = false
filter   = apache-badbots
action   = iptables-multiport[name=BadBots, port="http,https"]
           sendmail-buffered[name=BadBots, lines=5, [email protected]]
logpath  = /var/www/*/logs/access_log
bantime  = 172800
maxretry = 1

[apache-shorewall]
enabled  = false
filter   = apache-noscript
action   = shorewall
           sendmail[name=Postfix, [email protected]]
logpath  = /var/log/apache2/error_log

[php-url-fopen]
enabled = false
port    = http,https
filter  = php-url-fopen
logpath = /var/www/*/logs/access_log
maxretry = 1

[lighttpd-fastcgi]
enabled = false
port    = http,https
filter  = lighttpd-fastcgi
logpath = /var/log/lighttpd/error.log
maxretry = 2

[ssh-ipfw]
enabled  = false
filter   = sshd
action   = ipfw[localhost=192.168.0.1]
           sendmail-whois[name="SSH,IPFW", [email protected]]
logpath  = /var/log/auth.log
ignoreip = 168.192.0.1

[named-refused-udp]
enabled  = false
filter   = named-refused
action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
           sendmail-whois[name=Named, [email protected]]
logpath  = /var/log/named/security.log
ignoreip = 168.192.0.1

[named-refused-tcp]
enabled  = false
filter   = named-refused
action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
           sendmail-whois[name=Named, [email protected]]
logpath  = /var/log/named/security.log
ignoreip = 168.192.0.1

falko · Sep 19, 2011

Are you sure you can connect on port 80 while port 8080 is blocked? Maybe it's just your browser cache, because if fail2ban blocks you, you shouldn't be able to connect to the server, no matter what port you use.

emanation · Sep 20, 2011

I don't use port 8080 for ISPConfig. It's another port. I made it for secure. let say it's port 8123

falko · Sep 20, 2011

That doesn't matter. Can you connect to port 80 while your ISPConfig port is blocked?

emanation · Sep 20, 2011

exactly. I can open all sites from server, use SSH and receive/send mail by POP/SMTP while IPSConfig panel is blocked for me.

Right now it happens again. I don't suppose that IPSCOnfig is blocked because all sites are working well.
do you interesting in

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
TMP_DROP   all  --  anywhere             anywhere
TALLOW     all  --  anywhere             anywhere
TDENY      all  --  anywhere             anywhere
TGALLOW    all  --  anywhere             anywhere
TGDENY     all  --  anywhere             anywhere
DROP       tcp  --  anywhere             anywhere            tcp dpts:epmap:netbios-ssn
DROP       udp  --  anywhere             anywhere            udp dpts:epmap:netbios-ssn
DROP       tcp  --  anywhere             anywhere            tcp dpt:sunrpc
DROP       udp  --  anywhere             anywhere            udp dpt:sunrpc
DROP       tcp  --  anywhere             anywhere            tcp dpt:login
DROP       udp  --  anywhere             anywhere            udp dpt:who
DROP       tcp  --  anywhere             anywhere            tcp dpt:efs
DROP       udp  --  anywhere             anywhere            udp dpt:router
DROP       tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds
DROP       udp  --  anywhere             anywhere            udp dpt:microsoft-ds
DROP       tcp  --  anywhere             anywhere            tcp dpt:ms-sql-s
DROP       udp  --  anywhere             anywhere            udp dpt:ms-sql-s
DROP       tcp  --  anywhere             anywhere            tcp dpt:ms-sql-m
DROP       udp  --  anywhere             anywhere            udp dpt:ms-sql-m
DROP       tcp  --  anywhere             anywhere            tcp dpt:search-agent
DROP       udp  --  anywhere             anywhere            udp dpt:search-agent
DROP       tcp  --  anywhere             anywhere            tcp dpt:ingreslock
DROP       udp  --  anywhere             anywhere            udp dpt:ingreslock
DROP       tcp  --  anywhere             anywhere            tcp dpt:ctx-bridge
DROP       udp  --  anywhere             anywhere            udp dpt:ctx-bridge
IN_SANITY  all  --  anywhere             anywhere
FRAG_UDP   all  --  anywhere             anywhere
PZERO      all  --  anywhere             anywhere
P2P        all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp-data
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:omirr
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ftp
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable limit: avg 60/sec burst 5
ACCEPT     icmp --  anywhere             anywhere            icmp redirect limit: avg 60/sec burst 5
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded limit: avg 60/sec burst 5
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply limit: avg 60/sec burst 5
ACCEPT     icmp --  anywhere             anywhere            icmp type 30 limit: avg 60/sec burst 5
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request limit: avg 60/sec burst 5
DROP       tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
ACCEPT     tcp  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     udp  --  rs1.service.softlayer.com  anywhere            udp spt:domain dpts:1023:65535
ACCEPT     tcp  --  rs1.service.softlayer.com  anywhere            tcp spt:domain dpts:1023:65535
DROP       tcp  --  anywhere             anywhere            tcp spt:domain dpts:1023:65535
DROP       udp  --  anywhere             anywhere            udp spt:domain dpts:1023:65535
ACCEPT     udp  --  10.0.80.12           anywhere            udp spt:domain dpts:1023:65535
ACCEPT     tcp  --  rs2.service.softlayer.com  anywhere            tcp spt:domain dpts:1023:65535
DROP       tcp  --  anywhere             anywhere            tcp spt:domain dpts:1023:65535
DROP       udp  --  anywhere             anywhere            udp spt:domain dpts:1023:65535
ACCEPT     tcp  --  anywhere             anywhere            tcp spts:1023:65535 dpt:ftp state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ssh dpts:login:65535 state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spts:1024:65535 dpt:ssh flags:FIN,SYN,RST,ACK/SYN state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ssh state ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpts:traceroute:33534
DROP       tcp  --  anywhere             anywhere
DROP       udp  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
TMP_DROP   all  --  anywhere             anywhere
TALLOW     all  --  anywhere             anywhere
TDENY      all  --  anywhere             anywhere
TGALLOW    all  --  anywhere             anywhere
TGDENY     all  --  anywhere             anywhere
DROP       tcp  --  anywhere             anywhere            tcp dpts:epmap:netbios-ssn
DROP       udp  --  anywhere             anywhere            udp dpts:epmap:netbios-ssn
DROP       tcp  --  anywhere             anywhere            tcp dpt:sunrpc
DROP       udp  --  anywhere             anywhere            udp dpt:sunrpc
DROP       tcp  --  anywhere             anywhere            tcp dpt:login
DROP       udp  --  anywhere             anywhere            udp dpt:who
DROP       tcp  --  anywhere             anywhere            tcp dpt:efs
DROP       udp  --  anywhere             anywhere            udp dpt:router
DROP       tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds
DROP       udp  --  anywhere             anywhere            udp dpt:microsoft-ds
DROP       tcp  --  anywhere             anywhere            tcp dpt:ms-sql-s
DROP       udp  --  anywhere             anywhere            udp dpt:ms-sql-s
DROP       tcp  --  anywhere             anywhere            tcp dpt:ms-sql-m
DROP       udp  --  anywhere             anywhere            udp dpt:ms-sql-m
DROP       tcp  --  anywhere             anywhere            tcp dpt:search-agent
DROP       udp  --  anywhere             anywhere            udp dpt:search-agent
DROP       tcp  --  anywhere             anywhere            tcp dpt:ingreslock
DROP       udp  --  anywhere             anywhere            udp dpt:ingreslock
DROP       tcp  --  anywhere             anywhere            tcp dpt:ctx-bridge
DROP       udp  --  anywhere             anywhere            udp dpt:ctx-bridge
OUT_SANITY  all  --  anywhere             anywhere
FRAG_UDP   all  --  anywhere             anywhere
PZERO      all  --  anywhere             anywhere
P2P        all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            udp dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             rs1.service.softlayer.com udp spts:1023:65535 dpt:domain
ACCEPT     tcp  --  anywhere             rs1.service.softlayer.com tcp spts:1023:65535 dpt:domain
ACCEPT     udp  --  anywhere             rs1.service.softlayer.com udp spts:1023:65535 dpt:domain
ACCEPT     tcp  --  anywhere             rs1.service.softlayer.com tcp spts:1023:65535 dpt:domain
ACCEPT     udp  --  anywhere             rs2.service.softlayer.com udp spts:1023:65535 dpt:domain
ACCEPT     tcp  --  anywhere             10.0.80.12          tcp spts:1023:65535 dpt:domain
ACCEPT     udp  --  anywhere             rs2.service.softlayer.com udp spts:1023:65535 dpt:domain
ACCEPT     tcp  --  anywhere             10.0.80.12          tcp spts:1023:65535 dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ftp dpts:1023:65535 state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpts:traceroute:33534
ACCEPT     all  --  anywhere             anywhere

Chain FRAG_UDP (2 references)
target     prot opt source               destination
DROP       udp  -f  anywhere             anywhere

Chain IN_SANITY (1 references)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN/FIN,SYN
DROP       tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN,RST
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,RST/FIN,RST
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,ACK/FIN
DROP       tcp  --  anywhere             anywhere            tcp flags:ACK,URG/URG
DROP       tcp  --  anywhere             anywhere            tcp flags:PSH,ACK/PSH
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN

Chain OUT_SANITY (1 references)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN/FIN,SYN
DROP       tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN,RST
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,RST/FIN,RST
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,ACK/FIN
DROP       tcp  --  anywhere             anywhere            tcp flags:PSH,ACK/PSH
DROP       tcp  --  anywhere             anywhere            tcp flags:ACK,URG/URG

Chain P2P (2 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere            tcp dpt:kazaa reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spt:kazaa dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:kazaa reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spt:kazaa dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp dpt:3d-nfsd reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spt:3d-nfsd dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:3d-nfsd reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spt:3d-nfsd dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spts:1024:65534 dpts:smaclmgr:traversal reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spts:smaclmgr:traversal dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpts:smaclmgr:traversal reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:smaclmgr:traversal dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp dpt:6257 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spt:6257 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:6257 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spt:6257 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp dpt:6699 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spt:6699 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:6699 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spt:6699 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp dpt:gnutella-svc reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spt:gnutella-svc dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:gnutella-svc reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spt:gnutella-svc dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp dpt:gnutella-rtr reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spt:gnutella-rtr dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:gnutella-rtr reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spt:gnutella-rtr dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spts:1024:65534 dpts:6881:6889 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spts:6881:6889 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpts:6881:6889 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:6881:6889 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp dpt:gnutella-svc reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spt:gnutella-svc dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:gnutella-svc reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spt:gnutella-svc dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp dpt:interwise reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spt:interwise dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:interwise reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spt:interwise dpts:1024:65534 reject-with icmp-port-unreachable

Chain PROHIBIT (0 references)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain PZERO (2 references)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere            tcp dpt:spr-itunes
DROP       udp  --  anywhere             anywhere            udp dpt:0
DROP       tcp  --  anywhere             anywhere            tcp spt:spr-itunes
DROP       udp  --  anywhere             anywhere            udp spt:0

Chain RESET (0 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset

Chain TALLOW (2 references)
target     prot opt source               destination
ACCEPT     all  --  66.228.118.0-static.reverse.networklayer.com/23  anywhere
ACCEPT     all  --  anywhere             66.228.118.0-static.reverse.networklayer.com/23
ACCEPT     all  --  173.192.118.0-static.reverse.softlayer.com/23  anywhere
ACCEPT     all  --  anywhere             173.192.118.0-static.reverse.softlayer.com/23
ACCEPT     all  --  67.228.118.0-static.reverse.networklayer.com/23  anywhere
ACCEPT     all  --  anywhere             67.228.118.0-static.reverse.networklayer.com/23
ACCEPT     all  --  208.43.118.0-static.reverse.networklayer.com/23  anywhere
ACCEPT     all  --  anywhere             208.43.118.0-static.reverse.networklayer.com/23

Chain TDENY (2 references)
target     prot opt source               destination

Chain TGALLOW (2 references)
target     prot opt source               destination

Chain TGDENY (2 references)
target     prot opt source               destination

Chain TMP_DROP (2 references)
target     prot opt source               destination
[root@joomla etc]# iptables --flush

after iptables --flush I get access to IPSConfig.

till · Sep 20, 2011

Looks like am problem with your firewall and not ispconfig. The iptable rules that you posted are not from ispconfig, so you must use a third party firewall which seem to block the ispconfig port or the firewall you use is not compatible with fail2ban.

Log in or Sign up

IPSCoonfig is not avaliable after few hours server has been rebooted

emanation New Member

till Super Moderator Staff Member ISPConfig Developer

emanation New Member

falko Super Moderator Howtoforge Staff

emanation New Member

falko Super Moderator Howtoforge Staff

emanation New Member

falko Super Moderator Howtoforge Staff

emanation New Member

falko Super Moderator Howtoforge Staff

emanation New Member

till Super Moderator Staff Member ISPConfig Developer

Share This Page

Log in or Sign up

IPSCoonfig is not avaliable after few hours server has been rebooted

emanation New Member

till Super Moderator Staff Member ISPConfig Developer

emanation New Member

falko Super Moderator Howtoforge Staff

emanation New Member

falko Super Moderator Howtoforge Staff

emanation New Member

falko Super Moderator Howtoforge Staff

emanation New Member

falko Super Moderator Howtoforge Staff

emanation New Member

till Super Moderator Staff Member ISPConfig Developer

Share This Page

Useful Searches