WHM/cPanel only works if iptables service is stopped!

[bigste]

...is that right or am I missing something, like a script that sorts it out for me.

It's a newish install and I'm new to it but I notice every time the server reboots (and at other random intervals) suddenly nothing works. I can ping the server but that's about it. However if I run something like:-

# wget http://host.myserver.com

it will pull down the "Congratulations on installing Apache..." index.html page, so I know httpd is running OK.

# wget http://host.myserver.com/whm

won't work though, it'll try to redirect to port 2086 and fail on a 401 error but atleast it's having a go. I don't get anything from my PC.


The only way to get it going again is:-

 # service iptables stop

This seems a bit extreem and I feel leaves me slightly vulnerable, although I am behind a corporate Firewall so it's not the end of the world.
I have tried adding some lines to the iptables files as discussed on several forums etc.. like these:-

"simply add these lines to your iptables file using pico"

# iptables -A ptcp -p tcp --dport 2082 -m state --state NEW -j ACCEPT
# iptables -A ptcp -p tcp --dport 2083 -m state --state NEW -j ACCEPT
# iptables -A ptcp -p tcp --dport 2086 -m state --state NEW -j ACCEPT
# iptables -A ptcp -p tcp --dport 2087 -m state --state NEW -j ACCEPT

..but then they've been written over by cron in the night.

I have spent quite a lot of time trying to resolve this but as I'm not the best linux server admin going I don't really know what to do. Don't make me reach for that Win2K disc

 

[Infopro]

You might like to give this one a go. I am sure this will suit your needs.
http://www.configserver.com/cp/csf.html

 

[bigste]

yes, about 50 million configurations later and it appears you may be right.

It seems to be quite a handy security tool, why don't cPanel endorse it as they do with Coppermine, Mambo, PHPbb etc... ? It would have saved me a right load of mither.

Anyway, as required, I just rebooted and Bob's my uncle

Thanks

 

[agentblack]

You might like to give this one a go. I am sure this will suit your needs.
http://www.configserver.com/cp/csf.html

that is a great script, however, I've never been able to get it to really work right. Always flakes out on me during the install

 

[Infopro]

On a VPS? I thnk those users have had a few problems that you don't on regular servers.

 

[agentblack]

On a VPS? I thnk those users have had a few problems that you don't on regular servers.

yeah i run all of my shared hosting's on vps'. It's rather nice actually, but I'm just disappointed that script doesnt work well on vps'.

 

[Infopro]

I think it does, it just needs some additional tweaking for the environment. Lots of posts over on the CSF forums that should help there.

 

[agentblack]

I think it does, it just needs some additional tweaking for the environment. Lots of posts over on the CSF forums that should help there.

thanks! I'll check into it. Since I've banned all APNIC ip's my attacks have decreased drastically. But I'll still check into it.

 

[hydra]

Hi,
Previous csf versions required the monolithic=1 variable in csf.conf when running on a VPS.
In the latest versions this should not be necessary anymore.
I suggest you try it.

 

[agentblack]

Hi,
Previous csf versions required the monolithic=1 variable in csf.conf when running on a VPS.
In the latest versions this should not be necessary anymore.
I suggest you try it.

I'll have to look into it. I'd hate to put it straight away onto a live server without testing it. That would be bad! lol