Link to home
Start Free TrialLog in
Avatar of norgan
norganFlag for Australia

asked on

Having problems allowig ports 9001 and higher udp through iptables when using plesk firewall module.

cannot get anything on ports higher than 9000 working. i have used plesk firewall module to apply rules and the tables look fine however no connection are possible from 9001~9005.

i can;t work out if this is a plesk issue or a centos issue.
Netstat output:
 
udp        0      0 208.96.161.125:8999         0.0.0.0:*
udp        0      0 208.96.161.122:8999         0.0.0.0:*
udp        0      0 208.96.161.120:8999         0.0.0.0:*
udp        0      0 208.96.161.121:8999         0.0.0.0:*
udp        0      0 208.96.161.118:8999         0.0.0.0:*
udp        0      0 208.96.161.125:9000         0.0.0.0:*
udp        0      0 208.96.161.123:9000         0.0.0.0:*
udp        0      0 208.96.161.122:9000         0.0.0.0:*
udp        0      0 208.96.161.120:9000         0.0.0.0:*
udp        0      0 208.96.161.121:9000         0.0.0.0:*
udp        0      0 208.96.161.118:9000         0.0.0.0:*
udp        0      0 208.96.161.125:9001         0.0.0.0:*
udp        0      0 208.96.161.122:9001         0.0.0.0:*
udp        0      0 208.96.161.125:9002         0.0.0.0:*
udp        0      0 208.96.161.125:9003         0.0.0.0:*
udp        0      0 208.96.161.125:9004         0.0.0.0:*
 
 
Iptables :
 
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
REJECT     tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:vcom-tunnel
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:teradataordbms
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8003
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8004
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8005
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8895
ACCEPT     udp  --  anywhere             anywhere            udp dpt:8895
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8896
ACCEPT     udp  --  anywhere             anywhere            udp dpt:8896
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8897
ACCEPT     udp  --  anywhere             anywhere            udp dpt:8897
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8898
ACCEPT     udp  --  anywhere             anywhere            udp dpt:8898
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8899
ACCEPT     udp  --  anywhere             anywhere            udp dpt:8899
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bctp
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bctp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:cslistener
ACCEPT     udp  --  anywhere             anywhere            udp dpt:cslistener
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:etlservicemgr
ACCEPT     udp  --  anywhere             anywhere            udp dpt:etlservicemgr
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:dynamid
ACCEPT     udp  --  anywhere             anywhere            udp dpt:dynamid
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:9003
ACCEPT     udp  --  anywhere             anywhere            udp dpt:9003
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:9004
ACCEPT     udp  --  anywhere             anywhere            udp dpt:9004
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:9005
ACCEPT     udp  --  anywhere             anywhere            udp dpt:9005
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pcsync-https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:cddbp-alt
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:poppassd
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:postgres
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:9008
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:glrpc
ACCEPT     udp  --  anywhere             anywhere            udp dpt:netbios-ns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:netbios-dgm
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:netbios-ssn
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds
ACCEPT     udp  --  anywhere             anywhere            udp dpt:openvpn
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     icmp --  anywhere             anywhere            icmp type 8 code 0
DROP       all  --  anywhere             anywhere

Open in new window

Avatar of unSpawn
unSpawn
Flag of Sweden image

Since this has been left unanswered that long, could it be because of insufficient information?

What constitutes "cannot get anything.*working"? What service are you trying to run? What does the service require or rely on? Does it run standalone or from (x)inetd? Does it run OK? Which diagnostic tools did you use to determine it does not work and what is their output? Did you try working with tcpdump, netcat or iptables logging rules? What access restrictions are in place on the machine? (And I would rather see commandline output from catting iptables rulefile and 'netstat -anup'). Any other apps that could be inadvertedly blocking access? Any non-standard sysctl, interface or other tweaking that should be known? And what access restrictions are in place between the target and the machine you did run test from?
Avatar of norgan

ASKER

new centos install plesk firewall module. service is opensim.
i'll run some more commands for the output you want.
Avatar of norgan

ASKER

not lack of info, seems lack of experts lol ok problem resolved by changing to a different server. must beena host problem even though they would not admit it.
ASKER CERTIFIED SOLUTION
Avatar of Computer101
Computer101
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial