Issue with IP

armitage318 · Post by **armitage318** » 25 Jun 2015, 10:31

Hi,
I just installed CSF on a cPanel server (CentOS 5.11) - TESTING mode OFF.
One of my customer are complaining about problems with pop3 connection.
I gained access through Teamviewer on his machine and I verified that, from this specific ip, it is impossibile to connect to my server (I tried with telnet on port 25, 80, 110 and so on.. I always got connection timeout issue).
I stopped csf (csf -x) and the problem was solved.
Anyway, I don't find any log for this specific ip on /var/log/lfd.log (or through web interface).
I used csf -w (1.1.1.1 is forged obviously)

Code: Select all

# csf -w  1.1.1.1
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:INPUT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:INPUT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:LOCALINPUT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:LOCALINPUT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:LOGDROPIN '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:LOGDROPIN '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:DENYIN '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:DENYIN '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:DENYOUT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:DENYOUT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:ALLOWIN '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:ALLOWIN '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:ALLOWOUT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:ALLOWOUT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:INVALID '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:INVALID '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:INVDROP '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:INVDROP '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:LOGACCEPT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:LOGACCEPT '

How can I troubleshoot this?

Thank you very much!

cubanvj · Post by **cubanvj** » 02 Jul 2015, 01:58

csf -g "customer's IP" on the server will tell you if it's being blocked and when. You can also grep "customer's IP" /var/log/messages and /var/log/secure , this should show you when attempts where made to connect along with when the IP started being blocked by the kernel.

ConfigServer Community Forum

Issue with IP

Issue with IP

Re: Issue with IP