We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
iptables
iptables
Домен в Зоне .РФ
Поддержка Lets Encrypt
Сайт не видится.....
думаю не пускает iptables.
Помогите пожалуйста разобраться...
Не открывает тоже (
мб ДНС какие на .РФ дописать ?
Яндекс ДНС
Поддержка Lets Encrypt
Сайт не видится.....
думаю не пускает iptables.
Помогите пожалуйста разобраться...
Code: Select all
[root@k ~]# systemctl status iptables
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: active (exited) since Вс 2018-07-15 17:13:52 MSK; 1h 5min ago
Process: 2361 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=1/FAILURE)
Process: 2468 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
Main PID: 2468 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/iptables.service
июл 15 17:13:52 k.78city.ru systemd[1]: Starting IPv4 firewall with iptables...
июл 15 17:13:52 k.78city.ru iptables.init[2468]: iptables: Applying firewall rules: [ OK ]
июл 15 17:13:52 k.78city.ru systemd[1]: Started IPv4 firewall with iptables.
Code: Select all
[root@k ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-VESTA tcp -- anywhere anywhere tcp dpt:us-srv
fail2ban-MAIL tcp -- anywhere anywhere multiport dports smtp,urd,submission,ms-v-worlds,pop3,pop3s,imap,imaps
fail2ban-FTP tcp -- anywhere anywhere tcp dpt:ftp
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- k.78city.ru anywhere
ACCEPT all -- k anywhere
ACCEPT all -- localhost anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere multiport dports http,https
ACCEPT tcp -- anywhere anywhere multiport dports ftp,entextxid:12100
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission,ms-v-worlds
ACCEPT tcp -- anywhere anywhere multiport dports pop3,pop3s
ACCEPT tcp -- anywhere anywhere multiport dports imap,imaps
ACCEPT tcp -- anywhere anywhere multiport dports mysql,postgres
ACCEPT tcp -- anywhere anywhere tcp dpt:us-srv
ACCEPT icmp -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere [goto]
FWDI_public all -- anywhere anywhere [goto]
FWDI_public all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere [goto]
FWDO_public all -- anywhere anywhere [goto]
FWDO_public all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_public (3 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain FWDI_public_allow (1 references)
target prot opt source destination
Chain FWDI_public_deny (1 references)
target prot opt source destination
Chain FWDI_public_log (1 references)
target prot opt source destination
Chain FWDO_public (3 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere
Chain FWDO_public_allow (1 references)
target prot opt source destination
Chain FWDO_public_deny (1 references)
target prot opt source destination
Chain FWDO_public_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (0 references)
target prot opt source destination
IN_public all -- anywhere anywhere [goto]
IN_public all -- anywhere anywhere [goto]
IN_public all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (0 references)
target prot opt source destination
Chain INPUT_direct (0 references)
target prot opt source destination
Chain IN_public (3 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
Chain IN_public_deny (1 references)
target prot opt source destination
Chain IN_public_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
Chain fail2ban-FTP (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-MAIL (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-VESTA (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain vesta (0 references)
target prot opt source destination
Code: Select all
[root@k ~]# service iptables stop
Redirecting to /bin/systemctl stop iptables.service
Яндекс ДНС
Last edited by Sergy F on Sun Jul 15, 2018 7:03 pm, edited 4 times in total.
Re: iptables
А если остановить iptables, сайт открывается?
Code: Select all
service iptables stop
-
- Posts: 31
- Joined: Fri Apr 07, 2017 2:03 pm
Re: iptables
iptables - не туда смотрите.Sergy F wrote: ↑Sun Jul 15, 2018 3:16 pmДомен в Зоне .РФ
Поддержка Lets Encrypt
Сайт не видится.....
думаю не пускает iptables.
Помогите пожалуйста разобраться...
Code: Select all
[root@k ~]# systemctl status iptables ● iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled) Active: active (exited) since Вс 2018-07-15 17:13:52 MSK; 1h 5min ago Process: 2361 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=1/FAILURE) Process: 2468 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS) Main PID: 2468 (code=exited, status=0/SUCCESS) CGroup: /system.slice/iptables.service июл 15 17:13:52 k.78city.ru systemd[1]: Starting IPv4 firewall with iptables... июл 15 17:13:52 k.78city.ru iptables.init[2468]: iptables: Applying firewall rules: [ OK ] июл 15 17:13:52 k.78city.ru systemd[1]: Started IPv4 firewall with iptables.
Не открывает тоже (Code: Select all
[root@k ~]# iptables -L Chain INPUT (policy DROP) target prot opt source destination fail2ban-VESTA tcp -- anywhere anywhere tcp dpt:us-srv fail2ban-MAIL tcp -- anywhere anywhere multiport dports smtp,urd,submission,ms-v-worlds,pop3,pop3s,imap,imaps fail2ban-FTP tcp -- anywhere anywhere tcp dpt:ftp fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- k.78city.ru anywhere ACCEPT all -- k anywhere ACCEPT all -- localhost anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere multiport dports http,https ACCEPT tcp -- anywhere anywhere multiport dports ftp,entextxid:12100 ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission,ms-v-worlds ACCEPT tcp -- anywhere anywhere multiport dports pop3,pop3s ACCEPT tcp -- anywhere anywhere multiport dports imap,imaps ACCEPT tcp -- anywhere anywhere multiport dports mysql,postgres ACCEPT tcp -- anywhere anywhere tcp dpt:us-srv ACCEPT icmp -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere FORWARD_direct all -- anywhere anywhere FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere FORWARD_IN_ZONES all -- anywhere anywhere FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere FORWARD_OUT_ZONES all -- anywhere anywhere DROP all -- anywhere anywhere ctstate INVALID REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination OUTPUT_direct all -- anywhere anywhere Chain FORWARD_IN_ZONES (1 references) target prot opt source destination FWDI_public all -- anywhere anywhere [goto] FWDI_public all -- anywhere anywhere [goto] FWDI_public all -- anywhere anywhere [goto] Chain FORWARD_IN_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_OUT_ZONES (1 references) target prot opt source destination FWDO_public all -- anywhere anywhere [goto] FWDO_public all -- anywhere anywhere [goto] FWDO_public all -- anywhere anywhere [goto] Chain FORWARD_OUT_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_direct (1 references) target prot opt source destination Chain FWDI_public (3 references) target prot opt source destination FWDI_public_log all -- anywhere anywhere FWDI_public_deny all -- anywhere anywhere FWDI_public_allow all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere Chain FWDI_public_allow (1 references) target prot opt source destination Chain FWDI_public_deny (1 references) target prot opt source destination Chain FWDI_public_log (1 references) target prot opt source destination Chain FWDO_public (3 references) target prot opt source destination FWDO_public_log all -- anywhere anywhere FWDO_public_deny all -- anywhere anywhere FWDO_public_allow all -- anywhere anywhere Chain FWDO_public_allow (1 references) target prot opt source destination Chain FWDO_public_deny (1 references) target prot opt source destination Chain FWDO_public_log (1 references) target prot opt source destination Chain INPUT_ZONES (0 references) target prot opt source destination IN_public all -- anywhere anywhere [goto] IN_public all -- anywhere anywhere [goto] IN_public all -- anywhere anywhere [goto] Chain INPUT_ZONES_SOURCE (0 references) target prot opt source destination Chain INPUT_direct (0 references) target prot opt source destination Chain IN_public (3 references) target prot opt source destination IN_public_log all -- anywhere anywhere IN_public_deny all -- anywhere anywhere IN_public_allow all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere Chain IN_public_allow (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW Chain IN_public_deny (1 references) target prot opt source destination Chain IN_public_log (1 references) target prot opt source destination Chain OUTPUT_direct (1 references) target prot opt source destination Chain fail2ban-FTP (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-MAIL (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-SSH (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-VESTA (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain vesta (0 references) target prot opt source destination
мб ДНС какие на .РФ дописать ?Code: Select all
[root@k ~]# service iptables stop Redirecting to /bin/systemctl stop iptables.service
Яндекс ДНС
Попробуйте добавить домен в формате Punycode, рас уж у Ваш домен кириллический. Например вестацп.рф будет выглядеть вот так xn--80adj5big3a.xn--p1ai . И если будете на нем почту использовать, то хлопот не оберетесь.