We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
iptables question
-
- Posts: 92
- Joined: Sat Aug 02, 2014 6:50 pm
- Os: CentOS 6x
- Web: nginx + php-fpm
iptables question
Hello,
I moved from one Centos 6.6 server to another one. I was running VestaCP on it, and im still running it in the new one.
I got one problem on the new server that i was not having in the old one. I could not send emails through SMTP. It says "could not open a socket to the smtp server". I checked in VestaCP that port 465 is opened.
So i went checking the iptable file in /etc/sysconfig/, and this was the result: (deleted ips)
In the old server, this same iptables only contained this:
I changed my iptables file with the one from the old server, and now the SMTP works.
But which one is correct?
Running nmap shows only the ports i want to be opened, so i think its still working:
I moved from one Centos 6.6 server to another one. I was running VestaCP on it, and im still running it in the new one.
I got one problem on the new server that i was not having in the old one. I could not send emails through SMTP. It says "could not open a socket to the smtp server". I checked in VestaCP that port 465 is opened.
So i went checking the iptable file in /etc/sysconfig/, and this was the result: (deleted ips)
Code: Select all
# Generated by iptables-save v1.4.7 on Mon May 4 19:38:40 2015
*raw
:PREROUTING ACCEPT [1920348:2867209238]
:OUTPUT ACCEPT [951509:55304161]
COMMIT
# Completed on Mon May 4 19:38:40 2015
# Generated by iptables-save v1.4.7 on Mon May 4 19:38:40 2015
*nat
:PREROUTING ACCEPT [211:11139]
:POSTROUTING ACCEPT [658:41879]
:OUTPUT ACCEPT [658:41879]
COMMIT
# Completed on Mon May 4 19:38:40 2015
# Generated by iptables-save v1.4.7 on Mon May 4 19:38:40 2015
*mangle
:PREROUTING ACCEPT [1920348:2867209238]
:INPUT ACCEPT [1920348:2867209238]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [951509:55304161]
:POSTROUTING ACCEPT [951509:55304161]
COMMIT
# Completed on Mon May 4 19:38:40 2015
# Generated by iptables-save v1.4.7 on Mon May 4 19:38:40 2015
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:vesta - [0:0]
-A INPUT -s deleted -p tcp -m multiport --dports 20,21,12000:12100 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587,2525 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3306,5432 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -s deleted -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 25 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 110 -j ACCEPT
-A INPUT -p udp -m udp --sport 123 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 5432 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8433 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8083 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 12000:12100 -j ACCEPT
COMMIT
# Completed on Mon May 4 19:38:40 2015
Code: Select all
# Generated by iptables-save v1.4.7 on Fri Feb 13 02:29:27 2015
*nat
:PREROUTING ACCEPT [7818:427797]
:POSTROUTING ACCEPT [21553:1306110]
:OUTPUT ACCEPT [21553:1306110]
COMMIT
# Completed on Fri Feb 13 02:29:27 2015
# Generated by iptables-save v1.4.7 on Fri Feb 13 02:29:27 2015
*mangle
:PREROUTING ACCEPT [760695:150477821]
:INPUT ACCEPT [760677:150476885]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1277827:1612175915]
:POSTROUTING ACCEPT [1277827:1612175915]
COMMIT
# Completed on Fri Feb 13 02:29:27 2015
# Generated by iptables-save v1.4.7 on Fri Feb 13 02:29:27 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Feb 13 02:29:27 2015
But which one is correct?
Running nmap shows only the ports i want to be opened, so i think its still working:
Code: Select all
Not shown: 985 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
110/tcp open pop3
143/tcp open imap
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
2525/tcp open ms-v-worlds
3306/tcp open mysql
8081/tcp open blackice-icecap
8083/tcp open us-srv
8084/tcp open unknown