Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

Проблема с Iptables

https://forum.vestacp.com/viewtopic.php?f=28&t=10103

Page 1 of 1

Проблема с Iptables

Posted: Tue Dec 22, 2015 7:04 am
by tatu
Возникла проблема с iptables, хочу открыть диапазон портов, для веб сокетов.
В весте всё пишется, но правила не работают. Ни кто не знает как решить данную проблему?

Re: Проблема с Iptables

Posted: Tue Dec 22, 2015 10:56 am
by skurudo
restart iptables?

Re: Проблема с Iptables

Posted: Tue Dec 22, 2015 11:22 am
by tatu
Логочично, но нет

Re: Проблема с Iptables

Posted: Tue Dec 22, 2015 12:04 pm
by Tenshi
iptables -A INPUT -m multiport -p tcp --dport 5222,5223,5558,5559,5269,5280,5300:5800 -j ACCEPT
не?

Re: Проблема с Iptables

Posted: Wed Dec 23, 2015 6:47 am
by skurudo
tatu wrote:Логочично, но нет
Вывод покажете и на порты укажите?

Тут еще вот какое дело, если вы порты открыли, а их никто не слушает - оно как бы работать-то не будет.

Re: Проблема с Iptables

Posted: Wed Dec 23, 2015 2:15 pm
by tatu

Code: Select all

/usr/local/vesta/data/firewall/ports.conf                           
PROTOCOL='TCP' PORT='20'
PROTOCOL='TCP' PORT='21'
PROTOCOL='TCP' PORT='22'
PROTOCOL='TCP' PORT='25'
PROTOCOL='UDP' PORT='53'
PROTOCOL='TCP' PORT='80'
PROTOCOL='TCP' PORT='443'
PROTOCOL='TCP' PORT='110'
PROTOCOL='UDP' PORT='123'
PROTOCOL='TCP' PORT='143'
PROTOCOL='TCP' PORT='3306'
PROTOCOL='TCP' PORT='5432'
PROTOCOL='TCP' PORT='8080'
PROTOCOL='TCP' PORT='8433'
PROTOCOL='TCP' PORT='8083'
PROTOCOL='TCP' PORT='12000:12100'
PROTOCOL='TCP' PORT='8990:8999'

Code: Select all


/usr/local/vesta/data/firewall/rules.conf                                                                            
RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2013-09-16'
RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2013-05-25'
RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2013-05-25'
RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2013-05-25'
RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2013-05-25'
RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2013-05-25'
RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2013-05-25'
RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2013-05-25'
RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2013-09-24'
RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='12:08:15' DATE='2015-06-25'
RULE='12' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8990-8999' IP='0.0.0.0' COMMENT='socket' SUSPENDED='no' TIME='12:24:13' DATE='2015-12-22'


Code: Select all


iptables-save

# Generated by iptables-save v1.4.21 on Wed Dec 23 17:13:11 2015
*filter
:INPUT DROP [2:357]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5312:4122816]
:fail2ban-MAIL - [0:0]
:fail2ban-SSH - [0:0]
:fail2ban-VESTA - [0:0]
:fail2ban-ssh - [0:0]
:vesta - [0:0]
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-VESTA
-A INPUT -p tcp -m multiport --dports 25,465,587,2525,110,995,143,993 -j fail2ban-MAIL
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -s 0.0.0.0/32 -p tcp -m multiport --dports 8990:8999 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587,2525 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3306,5432 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -s 193.111.141.198/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 25 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 110 -j ACCEPT
-A INPUT -p udp -m udp --sport 123 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 5432 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8433 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8083 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 12000:12100 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8990:8999 -j ACCEPT
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A fail2ban-MAIL -j RETURN
-A fail2ban-SSH -j RETURN
-A fail2ban-VESTA -j RETURN
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh -j RETURN
COMMIT
# Completed on Wed Dec 23 17:13:11 2015

Code: Select all

netstat -tulpn | grep :8991

tcp        0      0 127.0.0.1:8991          0.0.0.0:*               LISTEN      45275/php

Re: Проблема с Iptables

Posted: Thu Dec 24, 2015 8:13 am
by tatu

Code: Select all

netstat -tulpn | grep :8991

tcp        0      0 127.0.0.1:8991          0.0.0.0:*               LISTEN      45275/php
Насколько я понимаю, он зациклен только в пределах локальной сети, и из вне по нему не достучаться, так как указываеться 127.0.0.1 а должен быть мой IP адрес. Я правильно понимаю?
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/