Help - Search - Members - Calendar
Full Version: APF firewall is blocking one user...
The Planet Forums > Security > Firewalls
ns1
Feb 24 2009, 10:10 AM
One user cannot access my websites, or server.
When I turn off firewall he can access websites.
When I turn it on he cannot.

I have added his IP, and entire IP range in allow_hosts.rules. At this moment allow_hosts.rules looks like this:
Allow_hosts.rules

Any help is appreciated.
James Jhurani
Feb 25 2009, 10:03 AM
APF is just a front end for iptables, you may want to look at your actual iptables rules to get a better idea of whats going on.
ns1
Feb 27 2009, 05:56 PM
thx jurani, i looked at iptables and found nothing.
Ok, so here is the problem.
Client connects through IP ranges:
95.128.232.0/21
95.168.96.0/19
95.178.128.0/17

In IPtables i found only this in INPUT and OUTPUT:
[0:0] -A INPUT -s 95.0.0.0/255.0.0.0 -j DROP
[0:0] -A OUTPUT -d 95.0.0.0/255.0.0.0 -j DROP

Entire iptables can be viewed here:
Iptables.txt

in deny_hosts.rules I have not found anything alike...

but when I do iptables -L I get this:
CODE
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
acctboth   all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  1.0.0.0/8            anywhere
DROP       all  --  2.0.0.0/8            anywhere
DROP       all  --  5.0.0.0/8            anywhere
DROP       all  --  23.0.0.0/8           anywhere
DROP       all  --  27.0.0.0/8           anywhere
DROP       all  --  31.0.0.0/8           anywhere
DROP       all  --  36.0.0.0/8           anywhere
DROP       all  --  37.0.0.0/8           anywhere
DROP       all  --  39.0.0.0/8           anywhere
DROP       all  --  42.0.0.0/8           anywhere
DROP       all  --  46.0.0.0/8           anywhere
DROP       all  --  94.0.0.0/8           anywhere
[b]DROP       all  --  95.0.0.0/8           anywhere[/b]
DROP       all  --  100.0.0.0/8          anywhere

and the same thing in OUTPUT chain...

but I cannot see where he is getting it nor how to remove it...
ns1
Feb 27 2009, 06:44 PM
ok, so i was able to remove this from IPTABLES but it didn't help. And next morning it was active again.
So I did iptables -F (flush) and now users can access the server, but I am not sure this is permanent solution.

Where am I supposed to be looking for this?
I have also added in iptables and through APF those ranges as ALLOW/ACCEPT but till i did Flush command nothing worked.
ns1
Mar 3 2009, 04:50 AM
I have just found out that this ISP is moving his servers to a new location. Could this be the reason for his IP range being constantly blocked?
theuruguayan
Mar 3 2009, 09:11 AM
No, is not.

Go and check in /etc/apf/internals/ The range might be one that used to be reserved by arin at some point.

And depends on how old is the apf install the range might be still be blocked.
ns1
Mar 3 2009, 09:43 AM
Wow, thx uruguayan! It seems that's it...

At least, IP range was listed in reserved.networks and I deleted it..
Time will tell...
theuruguayan
Mar 3 2009, 10:11 AM
yea, that will do it.

No more issues for your client.

Glad i could help.
theuruguayan
Mar 3 2009, 10:12 AM
remember to restart the firewall after you edited that file..
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.