When i start CSF i cant connect VPS or download any data into it It appears i cant connect Linux VP?
It appears i cant connect linux VPS server via SSH or i cant SCP any file to it and i cant wget any file TO it (from inside it) while CSF (Config Server Firewall, LFD is running. Just after isntall in default configuration and after changing TESTING mode to LIVE mode.
amnesia@amnesia:~$ scp install.sh root@vpsipthere:/root
ERROR: Got error response from SOCKS server: 6 (TTL expired).
FATAL: failed to begin relaying via SOCKS.
ssh_exchange_identification: Connection closed by remote host
lost connection
Nothing in deny file/s
Code:
[root@pvbvfxby log]# cat /etc/*deny*
My computer IP not in iptables:
Code:
[root@pvbvfxby log]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- google-public-dns-b.google.com anywhere tcp dpt:domain
ACCEPT udp -- google-public-dns-b.google.com anywhere udp dpt:domain
ACCEPT tcp -- google-public-dns-b.google.com anywhere tcp spt:domain
ACCEPT udp -- google-public-dns-b.google.com anywhere udp spt:domain
ACCEPT tcp -- google-public-dns-a.google.com anywhere tcp dpt:domain
ACCEPT udp -- google-public-dns-a.google.com anywhere udp dpt:domain
ACCEPT tcp -- google-public-dns-a.google.com anywhere tcp spt:domain
ACCEPT udp -- google-public-dns-a.google.com anywhere udp spt:domain
LOCALINPUT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
INVALID tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:submission
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3s
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ftp-data
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ftp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-reply limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
LOGDROPIN all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere google-public-dns-b.google.com tcp dpt:domain
ACCEPT udp -- anywhere google-public-dns-b.google.com udp dpt:domain
ACCEPT tcp -- anywhere google-public-dns-b.google.com tcp spt:domain
ACCEPT udp -- anywhere google-public-dns-b.google.com udp spt:domain
ACCEPT tcp -- anywhere google-public-dns-a.google.com tcp dpt:domain
ACCEPT udp -- anywhere google-public-dns-a.google.com udp dpt:domain
ACCEPT tcp -- anywhere google-public-dns-a.google.com tcp spt:domain
ACCEPT udp -- anywhere google-public-dns-a.google.com udp spt:domain
LOCALOUTPUT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT all -- anywhere anywhere
INVALID tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:auth
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ftp-data
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ftp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:auth
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
LOGDROPOUT all -- anywhere anywhere
Chain ALLOWIN (1 references)
target prot opt source destination
Chain ALLOWOUT (1 references)
target prot opt source destination
Chain DENYIN (1 references)
target prot opt source destination
Chain DENYOUT (1 references)
target prot opt source destination
Chain INVALID (2 references)
target prot opt source destination
INVDROP all -- anywhere anywhere state INVALID
INVDROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
INVDROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
INVDROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
INVDROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
INVDROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
INVDROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
INVDROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH
INVDROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG
INVDROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
Chain INVDROP (10 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain LOCALINPUT (1 references)
target prot opt source destination
ALLOWIN all -- anywhere anywhere
DENYIN all -- anywhere anywhere
Chain LOCALOUTPUT (1 references)
target prot opt source destination
ALLOWOUT all -- anywhere anywhere
DENYOUT all -- anywhere anywhere
Chain LOGDROPIN (1 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:bootps
DROP udp -- anywhere anywhere udp dpt:bootps
DROP tcp -- anywhere anywhere tcp dpt:bootpc
DROP udp -- anywhere anywhere udp dpt:bootpc
DROP tcp -- anywhere anywhere tcp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP tcp -- anywhere anywhere tcp dpt:auth
DROP udp -- anywhere anywhere udp dpt:auth
DROP tcp -- anywhere anywhere tcp dpts:epmap:netbios-ssn
DROP udp -- anywhere anywhere udp dpts:epmap:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:microsoft-ds
DROP udp -- anywhere anywhere udp dpt:microsoft-ds
DROP tcp -- anywhere anywhere tcp dpt:isakmp
DROP udp -- anywhere anywhere udp dpt:isakmp
DROP tcp -- anywhere anywhere tcp dpt:login
DROP udp -- anywhere anywhere udp dpt:who
DROP tcp -- anywhere anywhere tcp dpt:efs
DROP udp -- anywhere anywhere udp dpt:router
LOG tcp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning prefix `Firewall: *TCP_IN Blocked* '
LOG udp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning prefix `Firewall: *UDP_IN Blocked* '
LOG icmp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning prefix `Firewall: *ICMP_IN Blocked* '
DROP all -- anywhere anywhere
Chain LOGDROPOUT (1 references)
target prot opt source destination
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 30/min burst 5 LOG level warning uid prefix `Firewall: *TCP_OUT Blocked* '
LOG udp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning uid prefix `Firewall: *UDP_OUT Blocked* '
LOG icmp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning uid prefix `Firewall: *ICMP_OUT Blocked* '
DROP all -- anywhere anywhere
when i do: service csf stop
connections starts working, when i start, it fails to connect, wget..
The LOGDROPIN rule will give you more information on exactly what it being rejected but a useful flag to add to the iptables -L is -v as that also shows the interface the rule applies to. If you post that result here, along with your ifconfig -a (& perhaps obfuscate any sensitive internal network info if you wish) we should be able to get to the bottom of this.
Greetings Experts,
I am working for a bank client and have a question on connect-direct and SFTP.
We are using Linux RedHat servers. We use connect-direct to transfer (NDM) files from one server to another server. At times, we manually transfer the files using SFTP from one server to another... (2 Replies)
Have -
-3 HP Proliant G4P servers - Debian (wheezy)
-3 RaspPI's - Raspian
-Unmanaged switch that all 6 can ssh into each other with via eth0
-Router (w wifi and 5 ports) - on eth1 of the three G4p's of protocol dhcp
Want:
To let the six servers, in my basement run, since the HPs are... (5 Replies)
How to enable internet on my Linux OS
My OS: Red Hat Fedora
Release 9 (Sulphur)
version: 2.6
I have to connect via my Nokia cell phone via cable.
This way only I had been using internet on my Windows OS.
If any software is required to install on my UNIX for internet, then I don't have any. If... (14 Replies)
What all is required so that I can use internet on my Linux OS
My OS: Red Hat Fedora
version: 2.6
I have to connect via my Nokia cell phone via cable.
This way only I had been using internet on my Windows OS.
If any software is required to install on my UNIX for internet, then I don't... (1 Reply)
Hi
Need help to connect from Ubuntu to Windows using NetCat nc
I can not get my script to send new-line
Her is what I have tried(sleep 2 ; echo user ; sleep 1; echo pass; sleep 2; echo netstat) | nc -t 10.10.10.34 23
gives this outputÿý%ÿûÿûÿý'ÿýÿýÿûWelcome to Microsoft Telnet Service
... (1 Reply)
Hi there, I'm new to shell scripting and need some help if possible?
I need to create a shell script (.sh) to run as a cron job on an ubuntu linux server to connect to an external sftp sites directory using credentials (which I have) and then download to our internal ftp server and then copy... (3 Replies)
We have a production server at a client site running AIX. And recently when users are trying to connect to it via telnet, it prompts "No more multiple IP addresses to connect".
Can I know what does this error mean? and how to rectify this?
Thanks. (2 Replies)
Hi,
I want to connect Reliance netconnect data card in linux - debian.
I don't know which software needs to be install.
can you please help me what is the software needs to be install to connect this datacard.
I have connected this datacard in windows using the CD which is provided by... (3 Replies)
i'm connecting with ssh from a windows pc to a linux system. i want to start e.g. a download and close my session afterwards. how do i do this without killing the download?
thx in advance. (2 Replies)