The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Allowing IPs and domains through firwall in cpanel whm

Discussion in 'General Discussion' started by mrtext, May 16, 2011.

  1. mrtext

    mrtext Member

    Joined:
    May 16, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    I am a newbe to cpanel and cpanel whm

    I need to always allow:

    > notify.paypal.com
    > 216.113.188.202
    > 216.113.188.203
    > 216.113.188.204
    > 66.211.170.66

    The system has: ConfigServer Security & Firewall - csf v5.21

    I have added notify.paypal.com in ConfigServer under the heading ifd dynamic DNS. Where it clearly states “The following FQDN's will be allowed through the firewall.”

    I have added each individual IP in ConfigServer under the heading “Firewall Allow” IPs.

    Still sometime these IPs are been blocked from reaching the script. When they do get thought the script always works.


    Advise please could there be anything I have missed is there is anything else, such as a dns configuration issue that could be blocking these IPs?
     
  2. tank

    tank Well-Known Member

    Joined:
    Apr 12, 2011
    Messages:
    236
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Chicago, IL
    cPanel Access Level:
    Root Administrator
    Have you the ports to be open as well?
     
  3. mrtext

    mrtext Member

    Joined:
    May 16, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Hi Tank,

    Yes the port needed by the script is open. I just rechecked on /http://ping.eu/port-chk/ to be extra sure.

    Any other suggestions for things to check are most welcomed.

    MT
     
  4. mrtext

    mrtext Member

    Joined:
    May 16, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Thank you Tank,

    I have also checked to confirm that the ports were open both for inward and outward connections in Edit Firwall config and can see both open for TCP_IN, TCP_Out, TCP6_IN and TCP6_out. They are not allowed for UPD.

    By way of additional information PayPal is showing a http OK 200 code for transactions that both suceed and fail. So they find the server, but seems to be blocked before reaching the file. We can see failed tranactions don't reach the file at all and are always smaller in size then the sucessfull ones. The resends work 100% of the time hence Paypal told us to ensure the above IPs and notify.paypal.com were not been blocked.

    Many thanks any more sugestions for things we should check are most welcome.

    MT
     
    #4 mrtext, May 16, 2011
    Last edited: May 16, 2011
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If I understand you correctly, remove all of those. This is for something completely different.

    This should work, but, as it states at the top of that file, they can still be blocked. Why are they getting blocked is more important here I think once they're added here. Your log should have something on that.

    What is it exactly that you're having the problem with, a shopping cart of some sort I guess? Google gives me this for those IPs you want to allow, for paypal Go Live API.

    Could it be a config issue with your script getting blocked?
     
  6. mrtext

    mrtext Member

    Joined:
    May 16, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Hi InfoPro,

    Thank you for looking at this.

    "What is it exactly that you're having the problem with, a shopping cart of some sort I guess?"

    It is a custom shopping cart using PayPal IPN to activate a script.

    "Could it be a config issue with your script getting blocked?"

    The script itself works and did so for 3 plus years (until we moved to cpanel hosting - hsphere before that)
    The script itself works as it should when I resend the IPN message.
    PayPal reports a http status code of 200

    So it has be be related to the server config. We cheched the php ini file to ensure it is the same as the old one.

    Can you suggest any config issues the might block the script that we should check?

    Many thanks
     
  7. mrtext

    mrtext Member

    Joined:
    May 16, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Hi Infopro,

    By way of additional clarrification, the first thing the IPN file does is write to a log file we set up. When the transaction fails even that does not happen. For transactions that work there is an entry in the log file.

    This is why we are not concerned about the script itself and know it is after PayPal getting a 200 response code and before the ipn file.

    But we are at a loss to what it could actually be or even what to test beyond what we have done?

    MT
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If CSF is blocking something, it usually will send an email when it does. Get any of those emails?
     
  9. mrtext

    mrtext Member

    Joined:
    May 16, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Thank you again for coming back to me.

    No, I havn't but the VPS was set up by the hosting company and they are meant to do management, patching and security. In fact all I have on the server is the one website, I even have e-mail and dns records for that domain elsewhere.

    They had not set a contact for root so I assume no one was getting these e-mails. I have now set it to one of my e-mails and allready got a mesaage about a temporary block - not an IP I am interested in however. I wonder will I end up with these every few mins?

    I also added my e-mails in the contact manager for alerts.

    This will be very usefull, if I don't end up with to many other notifications.

    Any other suggestions for things I should be looking out for are most welcome.

    Many thanks
     
  10. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    IMHO, you want notified for anything going wrong on the server. If an IP gets blocked for port scanning for example, you may or may not care about that IP being blocked so you should be able to edit the config not to email on that. If a user forgets a webmail password and gets blocked for typing in the wrong pass 5 times, you might want an email about that. There's hundreds of settings in CSF to go thru and understand, you should spend some time reviewing those settings.

    Now that you get mail from the firewall, run your script. Wait for email (if script gets blocked by firewall) and see if it gives you any clues as to the problem.
     
Loading...

Share This Page