Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Problem with csf+lfd blocking dj's ip's

Discussion in 'Security' started by filth80, May 20, 2011.

  1. filth80

    filth80 Well-Known Member

    Joined:
    Dec 11, 2009
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    56
    Hello, i write here because the forum on whmsonic is not available.I have a problem with whmsonic and csf+lfd (iptables i think).A client bought a radio server from us, but when the dj's try to go online their ip is being blocked by the iptables.This happens with different dj's and different ip's.Please guide me, i need it urgent.Thank you very much.This is an example from iptables log:
    "May 20 18:04:52 server kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:30:48:da:dd:0e:00:d0:02:f7:34:0a:08:00 SRC=79.115.9.229 DST=94.176.163.37 LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=6345 DF PROTO=TCP SPT=3414 DPT=5639 WINDOW=65535 RES=0x00 SYN URGP=0 "
     
    #1 filth80, May 20, 2011
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Have you tried whitelisting their IPs in CSF? Please note that CSF is a product of ConfigServer Security & Firewall, so the best option is to post on their forum at this location:

    ConfigServer Scripts Forum • Index page
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelTristan, May 20, 2011
  3. filth80

    filth80 Well-Known Member

    Joined:
    Dec 11, 2009
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    56
    They have dynamic ip's.Ok i'll try there, but i don't think i'll get much support.My hope was in you:(
     
    #3 filth80, May 20, 2011
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    My suggestion would be to disable LFD until you've heard back from them on their forum. It seems likely that the LFD logs should have more details on why the IP is being blocked. I believe they are in /var/log and called lfd.log or something of that nature.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelTristan, May 20, 2011
  5. filth80

    filth80 Well-Known Member

    Joined:
    Dec 11, 2009
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    56
    How do i disablelfd and lfd monitor so i don't get emails?Thanks.
     
    #5 filth80, May 20, 2011
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    In the /etc/csf/csf.conf file (also, this is WHM > Plugins > ConfigServer Security & Firewall > Firewall Configuration option), it has the following:

    To disable LFD, you would need to set this to 0, then restart the firewall.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 cPanelTristan, May 20, 2011
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I wouldn't disable CSF for anything, myself. Instead, I'd make sure I'm being emailed on every event from CSF/LFD and let the log tell me why this user gets blocked.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 Infopro, May 20, 2011
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Unfortunately, if the user cannot have their customers access the server due to constant blocks for the dynamic IPs, then until they review the logs and have CSF help with what is occurring, disabling LFD is the only possible course of action from what I can see. Disabling LFD will only disable the blocking mechanisms for that firewall, the other firewall rules already in existence will still function for CSF.

    It's similar to having to shut down cPHulk Brute Force Protection due to being blocked until a method is determined on how to allow access for the customers trying to reach the machine. I don't see much choice in this instance in order to keep the customers able to access the machine, but that's just my personal opinion.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 cPanelTristan, May 20, 2011
  9. filth80

    filth80 Well-Known Member

    Joined:
    Dec 11, 2009
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    56
    Thank you all,i contacted whmsonic, let's see if they answer.
     
    #9 filth80, May 20, 2011
  10. Zepplin

    Zepplin Well-Known Member

    Joined:
    Oct 23, 2006
    Messages:
    93
    Likes Received:
    1
    Trophy Points:
    158
    Location:
    Blue Mountains, Australia
    cPanel Access Level:
    Root Administrator
    Ask them to go to /http://www.dyndns.com/ and register a free account then they can setup a host name which allows them to point a hostname to a dynamic or static IP address or URL.

    Then in their router most of them should have a dynamic dns service setup where they can add a hostname.

    After that you can setup the hostname for each DJ via CSF/lfd Dynamic DNS

    dj1.dyndns-ip.com
    dj2.dyndns-ip.com
    dj3.dyndns-ip.com
     
    #10 Zepplin, May 20, 2011
  11. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    8
    Trophy Points:
    68
    Location:
    Athens Greece
    i am using whmsonic with no issues with several djs.internal and external accounts
    have you open on TCP_IN,TCP_OUT,UDP_IN,UDP_OUT the port range that the djs use?
    normally when you install whmsonic it opens the range 5000:9999 in the above.
    make sure that the port of each whm sonic account use is on this range.
    if the customers use ftp to upload mp3 make use you have a passive port range on csf for pure_ftpd
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #11 k-planethost, May 24, 2011
(You must log in or sign up to post here.)
Loading...
Similar Threads - Problem csf+lfd blocking
  1. Elliot Hagerty

    Outgoing SPAM Email Problems

    Elliot Hagerty, Aug 17, 2018 at 6:05 AM, in forum: E-mail Discussion
    Replies:
    3
    Views:
    48
    cPanelLauren
    Aug 17, 2018 at 2:15 PM
  2. mayadesigns

    Problemas Disco LLeno

    mayadesigns, Aug 15, 2018 at 12:45 PM, in forum: Discusión en Español
    Replies:
    3
    Views:
    129
    mayadesigns
    Aug 18, 2018 at 1:55 AM
  3. SamL

    DNS problem but I do not know what.

    SamL, Aug 15, 2018 at 4:22 AM, in forum: Bind/DNS/Nameserver
    Replies:
    2
    Views:
    44
    cPanelLauren
    Aug 15, 2018 at 9:42 AM
  4. Martin Salas

    Problemas con envío de correo a través de webmail

    Martin Salas, Aug 14, 2018 at 11:36 AM, in forum: Discusión en Español
    Replies:
    3
    Views:
    57
    cPanelLauren
    Aug 14, 2018 at 11:59 AM
  5. sozotech

    SOLVED WHMCS integration problem after upgrade to 74

    sozotech, Aug 14, 2018 at 8:23 AM, in forum: General Discussion
    Replies:
    7
    Views:
    218
    sozotech
    Aug 14, 2018 at 2:35 PM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice