after setting up the system with all the needed hardening (pfs etc.) my server stops to awnser http(s) requests over ipv6 originating from WAN after 10-20 minutes, but other local servers have no problems reaching him. the server os is debian 9.5 and all the software is up to date. there are some other servers (debian 9.0) "behind" my sophos utm with nginx and ispconfig with no problems but i can't pinpoint the differences. Expand: htf_report.txt ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.1.12 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.0.30-0+deb9u1 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### [WARN] I found no "submission" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer port 587 for smtp connections you have to enable this. ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Unknown process (nginx (PID 892) [INFO] I found the following mail server(s): Postfix (PID 1060) [INFO] I found the following pop3 server(s): Dovecot (PID 716) [INFO] I found the following imap server(s): Dovecot (PID 716) [INFO] I found the following ftp server(s): PureFTP (PID 1232) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:110 (716/dovecot) [anywhere]:143 (716/dovecot) [anywhere]:80 (892/nginx [anywhere]:8080 (892/nginx [anywhere]:465 (1060/master) [anywhere]:8081 (892/nginx [anywhere]:21 (1232/pure-ftpd) ***.***.***.***:53 (586/named) [localhost]:53 (586/named) [anywhere]:22 (709/sshd) [anywhere]:25 (1060/master) [localhost]:953 (586/named) [anywhere]:443 (892/nginx [anywhere]:993 (716/dovecot) [anywhere]:995 (716/dovecot) [localhost]:10023 (840/postgrey) [localhost]:10024 (1230/amavisd-new) [localhost]:10025 (1060/master) [localhost]:10026 (1230/amavisd-new) [localhost]:10027 (1060/master) [localhost]:11211 (590/memcached) [localhost]10 (716/dovecot) [localhost]43 (716/dovecot) *:*:*:*::*5:80 (892/nginx *:*:*:*::*:8080 (892/nginx *:*:*:*::*:465 (1060/master) *:*:*:*::*:21 (1232/pure-ftpd) *:*:*:*::*:53 (586/named) *:*:*:*::*:22 (709/sshd) *:*:*:*::*:25 (1060/master) *:*:*:*::*:953 (586/named) *:*:*:*::*5:443 (892/nginx *:*:*:*::*:993 (716/dovecot) *:*:*:*::*:995 (716/dovecot) *:*:*:*::*:10023 (840/postgrey) *:*:*:*::*:10024 (1230/amavisd-new) *:*:*:*::*:10026 (1230/amavisd-new) *:*:*:*::*:3306 (838/mysqld) ##### IPTABLES ##### Chain INPUT (policy ACCEPT) target prot opt source destination f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25 f2b-dovecot tcp -- [anywhere]/0 [anywhere]/0 multiport dports 110,995,143,993,587,465,4190 f2b-pure-ftpd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 21 f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-before-input all -- [anywhere]/0 [anywhere]/0 ufw-after-input all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-reject-input all -- [anywhere]/0 [anywhere]/0 ufw-track-input all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy ACCEPT) target prot opt source destination ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-before-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-reject-forward all -- [anywhere]/0 [anywhere]/0 ufw-track-forward all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-before-output all -- [anywhere]/0 [anywhere]/0 ufw-after-output all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-reject-output all -- [anywhere]/0 [anywhere]/0 ufw-track-output all -- [anywhere]/0 [anywhere]/0 Chain f2b-dovecot (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-postfix-sasl (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-pure-ftpd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination Chain ufw-after-logging-forward (1 references) target prot opt source destination Chain ufw-after-logging-input (1 references) target prot opt source destination Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination Chain ufw-before-input (1 references) target prot opt source destination Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination
ok, there must be somthing stange... i set the ipv4 address to static and now the server runs stable for 45+ minutes.
