I have installed APF firewall following these instructions:
http://forums.cpanel.net/showthread.php?t=...hlight=ssh+user
and all worked great, till i found out that one user couldn't acces any site from server.
Now, how can it be that he, and only he, couldn't acces sites.
We are from same city, are using same ISP, and our IPs are being changed every 24h (as i think is the usual).
So how come he couldn't acces server when firewall is on line.
Full Version: APF firewall blocked one user?!
Did you check iptables -L -n to see if his IP was listed? Perhaps it was on a blocklist, rbl, or some other list.
Another possibility is if you installed BFD he was blocked after a few login attempts with the wrong password.
Another possibility is if you installed BFD he was blocked after a few login attempts with the wrong password.
this is what i get
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
plus, i don't think that is becouse he is not accessing the server, only sites.
and IPS vary.. so every day he has a new ip.
he is not i apf, nor in iptables. bfd for some reason wont show me the list, i typed bfd -a and got:
BFD version 0.9 <bfd@r-fx.org>
Copyright © 1999-2004, R-fx Networks <proj@r-fx.org>
Copyright © 2004, Ryan MacDonald <ryan@r-fx.org>
This program may be freely redistributed under the terms of the GNU GPL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
plus, i don't think that is becouse he is not accessing the server, only sites.
and IPS vary.. so every day he has a new ip.
he is not i apf, nor in iptables. bfd for some reason wont show me the list, i typed bfd -a and got:
BFD version 0.9 <bfd@r-fx.org>
Copyright © 1999-2004, R-fx Networks <proj@r-fx.org>
Copyright © 2004, Ryan MacDonald <ryan@r-fx.org>
This program may be freely redistributed under the terms of the GNU GPL
i checked list of APF when he couldn't get on sites and his ip was not anywhere.
also, does APF has something to activate it automaticly?
i did apf -f (stop right?) and tomorrow morning it was on line again. there was no restart in server or anything alike.
also, does APF has something to activate it automaticly?
i did apf -f (stop right?) and tomorrow morning it was on line again. there was no restart in server or anything alike.
Overnight it has a cronjob to restart itself, so yes it will.
ok
so what is the solution?
I don't see his IP in iptables nor firewall. and even if it was there, IP is changed every day.
so what is the solution?
I don't see his IP in iptables nor firewall. and even if it was there, IP is changed every day.
So he cannot access it with the firewall online? Try doing
iptables -L -n |grep ip
BUT instead of the full ip do only the first octet so if his ip is 123.456.789.1 only do 123 for the ip. That should show any larger bans, it is possible a huge netblock is being blocked and not just his single ip. It would also explain why even as it changes he is still blocked.
iptables -L -n |grep ip
BUT instead of the full ip do only the first octet so if his ip is 123.456.789.1 only do 123 for the ip. That should show any larger bans, it is possible a huge netblock is being blocked and not just his single ip. It would also explain why even as it changes he is still blocked.
it came up with nothing.
this is what it looked like:
# iptables -L -n |grep 83
#
i have also tried
iptables -L -n |grep ip 83
iptables -L -n |grep ip 83.
iptables -L -n |grep 83.
for first two i got:
grep: 83: No such file or directory
i also did iptables -L and the result is attached.
i am looking for ip 83.131. his last 3 ips start like that...
this is what it looked like:
# iptables -L -n |grep 83
#
i have also tried
iptables -L -n |grep ip 83
iptables -L -n |grep ip 83.
iptables -L -n |grep 83.
for first two i got:
grep: 83: No such file or directory
i also did iptables -L and the result is attached.
i am looking for ip 83.131. his last 3 ips start like that...
QUOTE (ns1 @ Sep 12 2007, 02:16 PM) 
it came up with nothing.
this is what it looked like:
# iptables -L -n |grep 83
#
i have also tried
iptables -L -n |grep ip 83
iptables -L -n |grep ip 83.
iptables -L -n |grep 83.
for first two i got:
grep: 83: No such file or directory
i also did iptables -L and the result is attached.
i am looking for ip 83.131. his last 3 ips start like that...
this is what it looked like:
# iptables -L -n |grep 83
#
i have also tried
iptables -L -n |grep ip 83
iptables -L -n |grep ip 83.
iptables -L -n |grep 83.
for first two i got:
grep: 83: No such file or directory
i also did iptables -L and the result is attached.
i am looking for ip 83.131. his last 3 ips start like that...
iptables -L -n |grep ip 83 << incorrect syntax (you were supposed to take the "ip" part out)
iptables -L -n |grep ip 83. << incorrect syntax
iptables -L -n |grep 83. ++ should have worked if the ip was there.
call the customer, then do: "/etc/init.d/apf stop ; /etc/init.d/iptables stop". Then have the customer try and access your site. If that doesn't work the problem is not your firewall.
Also, check and make sure he's not being blocked by some strange IPSec configuration. It's rare, but we've seen it happen before.
tommy, could you elaborate that please?
how can i add into firewall or iptables IP range from 83.131.0.0. to 83.131.255.255?
i suspect that is the range being blocked...
also i noticed this:
1. APF on line: user is blocked
2. i turn APF off: user is ok
3. i turn APF on: user is ok! - ???
4. next morning: user is blocked.... firewall is online since last time when he had access.
5. as soon as i turn the firewall off he has instant access.
I have contacted ISP and got IP range. and i suspect that APF is blocking entire range, however, question is: is it blocking range for some reason or is it false alarm... because if APF blocked it for some reason then i am not comfortable in allowing access...
how can i add into firewall or iptables IP range from 83.131.0.0. to 83.131.255.255?
i suspect that is the range being blocked...
also i noticed this:
1. APF on line: user is blocked
2. i turn APF off: user is ok
3. i turn APF on: user is ok! - ???
4. next morning: user is blocked.... firewall is online since last time when he had access.
5. as soon as i turn the firewall off he has instant access.
I have contacted ISP and got IP range. and i suspect that APF is blocking entire range, however, question is: is it blocking range for some reason or is it false alarm... because if APF blocked it for some reason then i am not comfortable in allowing access...
I've been fighting this for a couple of days as a newbie to the Planet (and server admin, but I'm learning) and finally figured it out. I have 200+ domains at the Planet, and one of them kept getting blocked every morning this week. For some reason my server really doesn't like that one client and blocked it automatically.
The planet told me to fix the iptables and I should be good, and that worked for a day, but the problem kept reoccurring everyday. I finally figured it out. My client's ip number got added to the deny_hosts.rules under the apf folder. Check to see if they're in that file, if so, remove them and if needed add them to the allow_hosts.rules.
I found two tutorials on the web that finally helped me figure this one out.
http://blog.eukhost.com/webhosting/what-is...l-apf-firewall/
http://www.webhostgear.com/61_print.html
[quote name='ns1' date='Sep 14 2007, 04:23 AM' post='581077']
1. APF on line: user is blocked
2. i turn APF off: user is ok
3. i turn APF on: user is ok! - ???
4. next morning: user is blocked.... firewall is online since last time when he had access.
5. as soon as i turn the firewall off he has instant access.
The planet told me to fix the iptables and I should be good, and that worked for a day, but the problem kept reoccurring everyday. I finally figured it out. My client's ip number got added to the deny_hosts.rules under the apf folder. Check to see if they're in that file, if so, remove them and if needed add them to the allow_hosts.rules.
I found two tutorials on the web that finally helped me figure this one out.
http://blog.eukhost.com/webhosting/what-is...l-apf-firewall/
http://www.webhostgear.com/61_print.html
[quote name='ns1' date='Sep 14 2007, 04:23 AM' post='581077']
1. APF on line: user is blocked
2. i turn APF off: user is ok
3. i turn APF on: user is ok! - ???
4. next morning: user is blocked.... firewall is online since last time when he had access.
5. as soon as i turn the firewall off he has instant access.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.