The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hardware Firewall and ConfigServer Issue

Discussion in 'Security' started by tomi1122, Oct 28, 2010.

  1. tomi1122

    tomi1122 Member

    Aug 31, 2008
    Likes Received:
    Trophy Points:
    This is a post of desperation as I had little luck getting feedback on this thus far. I have a CISCO hardware firewall service enabled on my host (through SoftLayer). I have a cPanel with ConfigServer configured and enabled.

    I have three ports open on a single public IP. All TCP. The primary public IP of the server is not open for any ports on either TCP or UDP (all configured through SoftLayer portal firewall rule page). All other traffic including all UDP traffic is blocked.

    Now, from time to time I will see this iptables log entry:

    Aug 16 15:59:06 galaxy kernel: Firewall: *UDP_IN Blocked* IN=eth1 OUT= MAC=00:40:38:5b:60:75:00:09:0a:77:11:e8:08:00 SRC= DST=74.XX.XX.XX LEN=2395 TOS=0x00 PREC=0x00 TTL=53 ID=59137 PROTO=UDP SPT=53 DPT=8840 LEN=2375

    In the example above 74.XX.XX.XX is the primary IP of my server (galaxy). How is it that this packet makes it to my server on UDP on an IP that is completly locked through CISCO hardware firewall?

    Does this imply or prove that firewall is letting traffic through? SoftLayer says:

    "There is some UDP traffic that does need to go through for specific requests, especially mail"

    I think that response is basically bogus because firewall should not care what application generates _inbound_ UDP traffic, it should it deny it per rules.



Share This Page