Firewall Blocked Traffic even SSH

Post Reply
iLinux85
Junior Member
Posts: 3
Joined: 24 May 2013, 22:18

Firewall Blocked Traffic even SSH

Post by iLinux85 »

Hello

i was trying to loging to my server via ssh but i cannot so i login to whm so i can disable firewall and have able access again to ssh

i search for error messages logs and i found this

Code: Select all

Sep 23 13:41:51 3390cc-xeon kernel: Firewall: *TCP_IN Blocked* IN=bond0 OUT= MAC=00:25:90:e8:32:ce:cc:4e:24:67:c7:00:08:00 SRC=192.168.1.1 DST=10.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=8754 DF PROTO=TCP SPT=58852 DPT=8213 WINDOW=8192 RES=0x00 SYN URGP=0 
Sep 23 13:41:54 3390cc-xeon kernel: Firewall: *TCP_IN Blocked* IN=bond0 OUT= MAC=00:25:90:e8:32:ce:cc:4e:24:67:c7:00:08:00 SRC=192.168.1.1 DST=10.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=8755 DF PROTO=TCP SPT=58852 DPT=8213 WINDOW=8192 RES=0x00 SYN URGP=0 
Sep 23 13:42:00 3390cc-xeon kernel: Firewall: *TCP_IN Blocked* IN=bond0 OUT= MAC=00:25:90:e8:32:ce:cc:4e:24:67:c7:00:08:00 SRC=192.168.1.1 DST=10.0.0.1 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=8756 DF PROTO=TCP SPT=58852 DPT=8213 WINDOW=8192 RES=0x00 SYN URGP=0 
Sep 23 13:43:23 3390cc-xeon kernel: Firewall: *TCP_IN Blocked* IN=bond0 OUT= MAC=00:25:90:e8:32:ce:cc:4e:24:67:c7:00:08:00 SRC=192.168.1.1 DST=10.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=9428 DF PROTO=TCP SPT=58972 DPT=8213 WINDOW=8192 RES=0x00 SYN URGP=0 
Sep 23 13:43:26 3390cc-xeon kernel: Firewall: *TCP_IN Blocked* IN=bond0 OUT= MAC=00:25:90:e8:32:ce:cc:4e:24:67:c7:00:08:00 SRC=192.168.1.1 DST=10.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=9431 DF PROTO=TCP SPT=58972 DPT=8213 WINDOW=8192 RES=0x00 SYN URGP=0 
Sep 23 13:43:32 3390cc-xeon kernel: Firewall: *TCP_IN Blocked* IN=bond0 OUT= MAC=00:25:90:e8:32:ce:cc:4e:24:67:c7:00:08:00 SRC=192.168.1.1 DST=10.0.0.1 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=9437 DF PROTO=TCP SPT=58972 DPT=8213 WINDOW=8192 RES=0x00 SYN URGP=0 
Sep 23 13:43:48 3390cc-xeon kernel: Firewall: *TCP_IN Blocked* IN=bond0 OUT= MAC=00:25:90:e8:32:ce:cc:4e:24:67:c7:00:08:00 SRC=192.168.1.1 DST=10.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=9464 DF PROTO=TCP SPT=58980 DPT=8213 WINDOW=8192 RES=0x00 SYN URGP=0 
Sep 23 13:43:51 3390cc-xeon kernel: Firewall: *TCP_IN Blocked* IN=bond0 OUT= MAC=00:25:90:e8:32:ce:cc:4e:24:67:c7:00:08:00 SRC=192.168.1.1 DST=10.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=9468 DF PROTO=TCP SPT=58980 DPT=8213 WINDOW=8192 RES=0x00 SYN URGP=0 
Sep 23 13:43:57 3390cc-xeon kernel: Firewall: *TCP_IN Blocked* IN=bond0 OUT= MAC=00:25:90:e8:32:ce:cc:4e:24:67:c7:00:08:00 SRC=192.168.1.1 DST=10.0.0.1 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=9480 DF PROTO=TCP SPT=58980 DPT=8213 WINDOW=8192 RES=0x00 SYN URGP=0 
Sep 23 13:44:13 3390cc-xeon kernel: Firewall: *TCP_IN Blocked* IN=bond0 OUT= MAC=00:25:90:e8:32:ce:cc:4e:24:67:c7:00:08:00 SRC=192.168.1.1 DST=10.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=9521 DF PROTO=TCP SPT=58991 DPT=8213 WINDOW=8192 RES=0x00 SYN URGP=0 

this happen when i was trying to login to ssh server before i disable the csf via WHM

my server centos 6.5 - 64Bit and whm last stable version
maever
Junior Member
Posts: 12
Joined: 21 Jan 2009, 12:00

Re: Firewall Blocked Traffic even SSH

Post by maever »

Hello Ilinux85,

From what I can see in yout logs it seems that you are trying to access TCP port "8213" on your server for SSH access?

I take it you've configured your SSH Deamon to listen for SSH connections on this port?

Could you share a copy of your /etc/ssh/sshd.conf and /etc/csf/csf.conf here?
Have you properly added the port 8213 to your config file in the TCP_IN list for IPV4 ?
Post Reply