CSF Firewall: *TCP_OUT Blocked

chirpy

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
You do need to be sure to enable all the logging features in the csf configuration so that you can check /var/log/messages for block messages for the IP concerned to try and identify which rule in the the INPUT iptables chain is blocking the IP.

One other final thing that I discovered recently, if your server has multiple configured NIC's make sure that both are considerd in the csf configuration. That is, if ones for a LAN then add it to the ETH_DEVICE_SKIP list, or set ETH_DEVICE to eth+ so that the firewall is applied to both NICs, otherwise iptables seems to have problems.
 
J

jsnape

Well-Known Member
Mar 11, 2002
174
0
316
jsnape said:
I noticed the same thing. Certain IP's are unreachable unless specifically allowed. The also don't show up in iptables using the list command.
Click to expand...
Just a followup - had wrong traceroute info from customer and was pinging out to an IP of some third party traceroute site, and it turns out the person was really blocked for pop3 login failures. The moral of this story is, when asking for a traceroute - make sure its from their computer and not some site they found that does traceroute's. :)
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
D You must stop and disable firewalld when using csf Security 2
Y CSF Firewall recommendations Security 1
N CSF Firewall Missing 2 Module (insmod) Security 20
Tarak Nath APF to CSF Firewall Security 3
V SMTP erorro after enabling ConfigServer Security & Firewall(CSF) in WHM Panel. Security 7
Similar threads
You must stop and disable firewalld when using csf
CSF Firewall recommendations
CSF Firewall Missing 2 Module (insmod)
APF to CSF Firewall
SMTP erorro after enabling ConfigServer Security & Firewall(CSF) in WHM Panel.
Top Bottom