The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DNS Only server conflicts with CSF?

Discussion in 'Security' started by designmania, Nov 22, 2011.

  1. designmania

    designmania Member

    Joined:
    Nov 10, 2011
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    I recently installed the cPanel DNS Only. I have 2 other WHM servers clustered with this DNS server.

    I also installed the CSF on these 2 WHM servers, but not on the DNS server. Whenever I enable the CSF on each of the server, it blocks everyone from accessing to my website...

    So, I think the problem might be causing from the way I installed the CSF. Should I install the CSF on DNS server, on 3 of them, or....? :confused:

    Thank you very much for your help!
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Please ensure to whitelist the IP for the DNS only machine on both of the machines with CSF for incoming and outgoing connections. If that still doesn't work, could you check that ports 53 and 953 are both opened in the firewall? You'd check the ports listed in WHM > Plugins > ConfigServer Security&Firewall > Firewall configuration location.
     
  3. designmania

    designmania Member

    Joined:
    Nov 10, 2011
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Tristan,


    By adding port 953 to TCP/UDP incoming and outgoing connections does resolve the issue. Thank you very much!
     
  4. designmania

    designmania Member

    Joined:
    Nov 10, 2011
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Trista,

    It works when the first time I added 953 to TCP/UDP-IN/OUT. However, when I made other changes and restart the CSF, it stopped working. The websites are being blocked again. So, I am kind of afraid of making change to another server. It seems like CSF just ignore the changes I have made previously.
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You might want to post on their forum to see if they have further ideas, since that is a 3rd party product by another company:

    CSF Forum
     
  6. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    You should definitely install CSF on all your servers, there must be something happening and it's a matter of tracking it down and fixing it.

    Specifically what is happening? Is it a failure to resolve in DNS or is it failing to access port 80? Are there any blocks being generated on the servers, and if so, what is the reason for those blocks? Check in /var/log/lfd.log on all servers for blocks against the other servers.
     
  7. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    462
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Hi,

    Sometimes csf do not work properly if all the iptables modules are not installed on server. Check this with the lsmod command to see list of iptables modules installed on server. You may need to install additional modules with the modprob if necessary.
     
    #7 storminternet, Nov 26, 2011
    Last edited: Nov 26, 2011
Loading...

Share This Page