The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cpanel blocks port 26.

Discussion in 'General Discussion' started by marek, Aug 20, 2005.

  1. marek

    marek Registered

    Joined:
    Aug 20, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    We have set up RedHat ES3 /etc/sysconfig/iptables allowing port 26 to remain open for Exim:

    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 26 -j ACCEPT

    iptables -L | grep 26
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:26

    However, every? morning we disover that this port gets closed by the iptables firewall:

    ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:12:3f:24:a8:86:00:11:43:d6:cb:48:08:00 SRC
    =x.x.x.x DST=y.y.y.y LEN=60 TOS=0x04 PREC=0x00 TTL=53 ID=44220 DF PR
    OTO=TCP SPT=65116 DPT=26 WINDOW=5840 RES=0x00 SYN URGP=0

    We cannot figure out which process/cron/script does it, and I am looking for a bit of help here.
    Root crontab is as follow:
    54 4 * * * /scripts/upcp
    0 1 * * * /scripts/cpbackup
    */15 * * * * /usr/local/cpanel/whostmgr/bin/dnsqueue > /dev/null 2>&1
    2,58 * * * * /usr/local/bandmin/bandmin
    0 0 * * * /usr/local/bandmin/ipaddrmap
    0 6 * * * /scripts/exim_tidydb > /dev/null 2>&1
    */5 * * * * /usr/local/cpanel/bin/dcpumon >/dev/null 2>&1

    Thanks,
    Marek
     
  2. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Have you gone to WHM Main >> Service Configuration >> Service Manager

    and set the "exim on another port " option?
     
  3. marek

    marek Registered

    Joined:
    Aug 20, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Tkanks David but "exim on another port " option was checked.
    I set up a simple cronjob script indicating firewall blocking port 26 after 03:05:00 and before 04:05:00

    Mon Aug 22 03:05:00 PDT 2005
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:26

    Mon Aug 22 04:05:00 PDT 2005
    Mon Aug 22 05:05:01 PDT 2005
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:26
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That will happen if you've enabled WHM > Tweak Security > SMTP Tweak
     
  5. marek

    marek Registered

    Joined:
    Aug 20, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Thank you for suggestion, Jonathan, but the problem persists.
    However, there is Advanced Policy Firewall apf intrusion detection/firewall program that is probably causing it. It runs from daily cron at 4:02AM.

    Output from my monitoring script
    Wed Aug 24 03:05:00 PDT 2005
    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25

    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:26


    Wed Aug 24 04:05:01 PDT 2005
    DROP all -- 221.126.137.0/24 0.0.0.0/0
    DROP all -- 255.255.255.255 0.0.0.0/0
    DROP icmp -- 0.0.0.0/0 0.0.0.255/0.0.0.255
    DROP all -- 0.0.0.0/0 0.0.0.255/0.0.0.255
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
    DROP all -- 0.0.0.0/0 221.126.137.0/24
    DROP all -- 255.255.255.255 0.0.0.0/0

    Thank you both for good leads.

    Marek
     
Loading...

Share This Page