The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fire Wall>>>need Major Help Please Help>>>>>>>>>>>>.

Discussion in 'General Discussion' started by davis, Mar 31, 2004.

  1. davis

    davis Member

    Joined:
    Mar 20, 2004
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I use kiss my firewall listed below. My problem is, with the default setting, user that use comcast can not view the site, i need help in find out ways to let people view my site when i use this firewall. PLEASE I NEED HELP.................


    WHAT SHOULD I DO????????????????????????????????/



    BLOCK_LIST=""
    TCP_IN="20 21 25 53 80 110 143 443 995 2082 2083 2086 2087 2095 2096 3306 8443 10000 19638"
    TCP_OUT="21 22 25 37 43 53 80 443 55000"
    UDP_IN="53"
    UDP_OUT="53"
    TCP_IN_TRUSTED="22"
    TRUSTED_IPS="0.0.0.0/0"
    SERVER_IPS="0.0.0.0/0"



    IPTABLES="/sbin/iptables"
    MODPROBE="/sbin/modprobe"
    LOOPBACK="127.0.0.0/8"
    CLASS_A="10.0.0.0/8"
    CLASS_B="172.16.0.0/12"
    CLASS_C="192.168.0.0/16"
    CLASS_D_MULTICAST="224.0.0.0/4"
    CLASS_E_RESERVED_NET="240.0.0.0/4"
    BROADCAST_SRC="0.0.0.0"
    BROADCAST_DEST="255.255.255.255"
    PRIVPORTS="0:1023"
    UNPRIVPORTS="1024:65535"
     
  2. dandanfireman

    dandanfireman Well-Known Member
    PartnerNOC

    Joined:
    May 31, 2002
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    16
    This should not be happening unless the comcast users are using one of the reserved addresses you are explicitly blocking. Do you get any "block" messages in /var/log/messages when a comcast user attempts to connect?
     
  3. davis

    davis Member

    Joined:
    Mar 20, 2004
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I am still a noob on cpanel, so thanks for replying.

    I just had a friend that was a comcast user, to view the site and he cant seam to get in. i look at the message in /var/log/message yet i dont see anything.


    Should i be looking for something in perticular?
     
    #3 davis, Mar 31, 2004
    Last edited: Mar 31, 2004
  4. davis

    davis Member

    Joined:
    Mar 20, 2004
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    This is the most recent activity in the messages log


    Mar 31 10:49:20 serv1 init: Id "ag" respawning too fast: disabled for 5 minutes
    Mar 31 10:49:22 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.11#53
    Mar 31 10:49:23 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.5#53
    Mar 31 10:49:23 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.11#53
    Mar 31 10:49:23 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.5#53
    Mar 31 10:49:27 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.5#53
    Mar 31 10:49:27 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.11#53
    Mar 31 10:49:27 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.11#53
    Mar 31 10:49:27 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.5#53
    Mar 31 10:49:27 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.5#53
    Mar 31 10:49:27 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.11#53
    Mar 31 10:49:27 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.5#53
    Mar 31 10:49:28 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.11#53
    Mar 31 10:49:28 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.11#53
    Mar 31 10:49:28 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.5#53
    Mar 31 10:49:28 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.5#53
    Mar 31 10:49:29 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.11#53
    Mar 31 10:49:33 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.11#53
    Mar 31 10:49:33 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.5#53
    Mar 31 10:49:33 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.11#53
    Mar 31 10:49:33 serv1 named[15640]: lame server resolving '109.14.79.69.in-addr.arpa' (in '14.79.69.in-addr.arpa'?): 63.245.32.5#53
    Mar 31 10:55:39 serv1 pure-ftpd[17462]: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 31 10:55:39 serv1 pure-ftpd[17462]: (?@127.0.0.1) [INFO] Logout - CPU time spent: 0.000 seconds.
    Mar 31 10:56:01 serv1 init: Id "ag" respawning too fast: disabled for 5 minutes
    Mar 31 11:02:43 serv1 init: Id "ag" respawning too fast: disabled for 5 minutes
    Mar 31 11:04:00 serv1 pure-ftpd[17827]: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 31 11:04:00 serv1 pure-ftpd[17827]: (?@127.0.0.1) [INFO] Logout - CPU time spent: 0.000 seconds.
    Mar 31 11:09:24 serv1 init: Id "ag" respawning too fast: disabled for 5 minutes
    Mar 31 11:12:20 serv1 pure-ftpd[18203]: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 31 11:12:20 serv1 pure-ftpd[18203]: (?@127.0.0.1) [INFO] Logout - CPU time spent: 0.000 seconds.
    Mar 31 11:16:03 serv1 sshd(pam_unix)[18342]: session opened for user root by (uid=0)
    Mar 31 11:16:05 serv1 init: Id "ag" respawning too fast: disabled for 5 minutes
    Mar 31 11:20:40 serv1 pure-ftpd[18653]: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 31 11:20:40 serv1 pure-ftpd[18653]: (?@127.0.0.1) [INFO] Logout - CPU time spent: 0.000 seconds.
    Mar 31 11:22:46 serv1 init: Id "ag" respawning too fast: disabled for 5 minutes

    Mar 31 11:40:06 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=68.7.206.163 DST=.......$
    Mar 31 11:40:14 serv1 kernel: ** SSH ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=69.93.117.218 DST=........... LEN=60$
    Mar 31 11:40:18 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=68.7.206.163 DST=............$
    Mar 31 11:40:29 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=68.125.73.107 DST=......................$
    Mar 31 11:40:32 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=68.125.73.107 DST=216.127.78.5$
    Mar 31 11:40:35 serv1 kernel: ** SSH ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=202.79.98.156 DST=............ LEN=60$
    Mar 31 11:40:36 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=68.125.73.107 DST=216.127.78.5$
    Mar 31 11:40:39 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=68.125.73.107 DST=216.127.78.5$
    Mar 31 11:40:40 serv1 init: Id "ag" respawning too fast: disabled for 5 minutes
    Mar 31 11:40:42 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=68.125.73.107 DST=216.127.78.5$
    Mar 31 11:40:42 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=68.7.206.163 DST=...........$
    Mar 31 11:40:47 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=68.125.73.107 DST=216.127.78.5$
    Mar 31 11:40:48 serv1 kernel: ** SSH ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=67.117.152.171 DST=............... LEN=4$
    Mar 31 11:40:57 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=67.117.152.171 DST=216.127.78.$
    Mar 31 11:40:57 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=68.7.206.163 DST=.......................$
    Mar 31 11:40:59 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=67.117.152.171 DST=216.127.78.$
    Mar 31 11:41:00 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=68.7.206.163 DST=..................$
    Mar 31 11:41:00 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=68.125.73.107 DST=216.127.78.5$
    Mar 31 11:41:06 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=67.117.152.171 DST=216.127.78.$
    Mar 31 11:41:06 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=68.7.206.163 DST=.................$
    Mar 31 11:41:11 serv1 kernel: ** SSH ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=67.117.152.171 DST=...................... LEN=4$
    Mar 31 11:41:13 serv1 kernel: ** SSH ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=69.93.117.218 DST=................. LEN=60$
    Mar 31 11:41:18 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=68.7.206.163 DST=...........................$
    M
     
    #4 davis, Mar 31, 2004
    Last edited: Mar 31, 2004
  5. davis

    davis Member

    Joined:
    Mar 20, 2004
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Mar 31 11:41:18 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=67.117.152.171 DST=216.127.78.$
    Mar 31 11:41:21 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=67.117.152.171 DST=216.127.78.$
    Mar 31 11:41:23 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=68.125.73.107 DST=216.127.78.5$
    Mar 31 11:41:25 serv1 sshd(pam_unix)[3751]: session opened for user root by (uid=0)
    Mar 31 11:41:27 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=67.117.152.171 DST=216.127.78.$
    Mar 31 11:41:37 serv1 kernel: ** SSH ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=202.79.98.156 DST=....................... LEN=60$
    Mar 31 11:41:39 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=67.117.152.171 DST=216.127.78.$
    Mar 31 11:41:42 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=68.7.206.163 DST=..................$
    Mar 31 11:41:42 serv1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:50:22:94:4e:e1:00:e0:52:0e:2c:5b:08:00 SRC=67.117.152.171 DST=216.127.78.$
    Mar 31 11:45:53 serv1 sshd(pam_unix)[3751]: session closed for user root
    Mar 31 11:47:22 serv1 init: Id "ag" respawning too fast: disabled for 5 minutes
    Mar 31 11:47:50 serv1 pure-ftpd[4260]: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 31 11:47:50 serv1 pure-ftpd[4260]: (?@127.0.0.1) [INFO] Logout - CPU time spent: 0.000 seconds.
    Mar 31 11:53:58 serv1 sshd(pam_unix)[4617]: session opened for user root by (uid=0)
    Mar 31 11:54:03 serv1 init: Id "ag" respawning too fast: disabled for 5 minutes
    Mar 31 11:56:10 serv1 pure-ftpd[4835]: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 31 11:56:10 serv1 pure-ftpd[4835]: (?@127.0.0.1) [INFO] Logout - CPU time spent: 0.010 seconds.
     
  6. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    Are other users able to get in?

    It may be something that needs to be corrected on your friends side (browser cache, personal firewall, etc).
     
  7. davis

    davis Member

    Joined:
    Mar 20, 2004
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Everyone else seams to be getting in ok. its just that comcast user cant get in. This is very weird...
     
  8. LS_Drew

    LS_Drew Well-Known Member

    Joined:
    Feb 20, 2003
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    16
    This is kiss firewall, yes?

    Scroll down to the lines about the 'dns transfers' and uncomment those. Then restart kiss and your problem should be solved.
     
  9. davis

    davis Member

    Joined:
    Mar 20, 2004
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Thanks. let me try.
     
  10. davis

    davis Member

    Joined:
    Mar 20, 2004
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Wow, thanks works great,

    And it appears to be working, some one recently try to attack me ehhehehe got blocked.


    I have two more question. I do i go on about reporting them and what do you guys think of port blocking.


    i was thinking of generating a port number from 1-69999 and only opening those port that are needed. What do you think?

    Is this a good idea or no?
     
Loading...

Share This Page