ConfigServer Security & Firewall - csf v7.15
CSF not passing DYNDNS traffic:
For several months I have been using CSF installed on a PBX server without problems. I lost a hard drive and reinstalled PBX SOFTWARE and CSF. Since install I have not been able to get CSF to pass traffic from DYNDNS. In other words, when I use https://myname.dyndns.(org) I see the IP address of the network I am on being blocked by CSF. And yes, all ports have been forwarded as required. Without CSF enabled, all works fine. Once CSF is enabled, then all IP's (other than those in the csf.allow file) are blocked, even those that I use with the dyndns.(org).
Any suggestions as to what or where I should look?
Thanks
amphibian
CSF Not Passing DYNDNS.ORG
-
amphibiansolutions
- Junior Member
- Posts: 3
- Joined: 26 Aug 2014, 01:39
Re: CSF Not Passing DYNDNS.ORG
Sorry for the prior post, hadn't had my coffee yet and I'm a rude person......
Let's try this again in a different approach.
In my log files I see "DynDNS: Lookup for [XXXXXXXXX.dyndns-org] failed - Lookup timeout
Where or what would one suggest the steps required to see why it fails?
In the section of CSF where you put your dyndns infor, what is the proper way to enter a dyndns name?
And, can one advise what the proper code would be to allow the following ports with dyndns
( in other words is this correct udp|in|a=5060-5065|s=xxxxxxxxxx.dyndns-org or not)
udp ports 5060-5065
rtp ports 10000-20000
https 443
Thanks
amphibian
Let's try this again in a different approach.
In my log files I see "DynDNS: Lookup for [XXXXXXXXX.dyndns-org] failed - Lookup timeout
Where or what would one suggest the steps required to see why it fails?
In the section of CSF where you put your dyndns infor, what is the proper way to enter a dyndns name?
And, can one advise what the proper code would be to allow the following ports with dyndns
( in other words is this correct udp|in|a=5060-5065|s=xxxxxxxxxx.dyndns-org or not)
udp ports 5060-5065
rtp ports 10000-20000
https 443
Thanks
amphibian
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: CSF Not Passing DYNDNS.ORG
That suggests either a problem with the DNS resolvers on the server, slow DNS resolvers, or with the DNS configuration of the FQDN, neither of which are anything to do with the csf configuration.amphibiansolutions wrote:DynDNS: Lookup for [XXXXXXXXX.dyndns-org] failed - Lookup timeout
No. As per the csf readme.txt instructions, edit /etc/csf/csf.dyndns and use something like the following:And, can one advise what the proper code would be to allow the following ports with dyndns
( in other words is this correct udp|in|a=5060-5065|s=xxxxxxxxxx.dyndns-org or not)
Code: Select all
udp|in|d=5060_5065|s=yourdomain.dyndns.orgRestart csf and then lfd after making any changes.
-
amphibiansolutions
- Junior Member
- Posts: 3
- Joined: 26 Aug 2014, 01:39
Re: CSF Not Passing DYNDNS.ORG
I went and entered the "udp|in|d=5060_5065|s=yourdomain.dyndns" (replaceing the required info) and that didn't seem to work either.
When I try to https into the server using my dyndns name the csf lfd.log displays the following:
Sep 29 18:02:18 pbx lfd[12680]: *Port Scan* detected from 32.144.53.98 (US/United States/mobile-032-144-053-098.mycingular*net). 11 hits in the last 226 seconds - *Blocked in csf* for 3600 secs [PS_LIMIT]
Any suggestions on what to look for as I am at a loss.
Thanks
amphiibian
When I try to https into the server using my dyndns name the csf lfd.log displays the following:
Sep 29 18:02:18 pbx lfd[12680]: *Port Scan* detected from 32.144.53.98 (US/United States/mobile-032-144-053-098.mycingular*net). 11 hits in the last 226 seconds - *Blocked in csf* for 3600 secs [PS_LIMIT]
Any suggestions on what to look for as I am at a loss.
Thanks
amphiibian