ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

TCP_OUT Blocked in open port

https://mail.forum.configserver.com/viewtopic.php?t=7937

Page 1 of 1

TCP_OUT Blocked in open port

Posted: 01 Jul 2014, 11:26
by ddtnero
Hello everybody!!

I've installed CSF but I got some problem. I've a django application that write on my database if I make a POST on this url https://my_ip/django/function.
If I make the request without the firewall it's all ok, but with the firewall active I receive a 502. I've look in the syslog and it say:

Code: Select all

Jul  1 09:58:53 localjobserver-dev2 kernel: [  712.976074] Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=188.226.199.19 DST=185.24.69.182 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=59274 DF PROTO=TCP SPT=55621 DPT=587 WINDOW=14600 RES=0x00 SYN URGP=0 UID=0 GID=0 
Jul  1 09:58:54 localjobserver-dev2 kernel: [  713.976207] Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=188.226.199.19 DST=185.24.69.182 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=59275 DF PROTO=TCP SPT=55621 DPT=587 WINDOW=14600 RES=0x00 SYN URGP=0 UID=0 GID=0 
Jul  1 09:58:56 localjobserver-dev2 kernel: [  715.980172] Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=188.226.199.19 DST=185.24.69.182 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=59276 DF PROTO=TCP SPT=55621 DPT=587 WINDOW=14600 RES=0x00 SYN URGP=0 UID=0 GID=0 
Jul  1 09:59:00 localjobserver-dev2 kernel: [  719.984186] Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=188.226.199.19 DST=185.24.69.182 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=59277 DF PROTO=TCP SPT=55621 DPT=587 WINDOW=14600 RES=0x00 SYN URGP=0 UID=0 GID=0 
Jul  1 09:59:08 localjobserver-dev2 kernel: [  728.000190] Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=188.226.199.19 DST=185.24.69.182 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=59278 DF PROTO=TCP SPT=55621 DPT=587 WINDOW=14600 RES=0x00 SYN URGP=0 UID=0 GID=0
Knowing that my ip is 188.226.199.19, I've added this two line in csf.allow and in csf.ignore:

Code: Select all

127.0.0.1
185.24.69.182/16
I do this because I've supposed that my provider reply my on a random ip in the range of its IPs.
Is my assumption correct?
If it is correct, is my resolution right?
I underline that with my solution the function works but I don't know if it is safe.

Thanks in advance.

Re: TCP_OUT Blocked in open port

Posted: 01 Jul 2014, 18:14
by Sergio
Do you have port 587 in TCP/OUT ?
If you don't have it, adding it will not require that you add any IPs on the csf.allow file.

Re: TCP_OUT Blocked in open port

Posted: 02 Jul 2014, 14:14
by ddtnero
Oh, now it works. Thanks for the reply.
Can I ask another question?
I've seen that if I type

Code: Select all

iptables --list
I can see the Chains of iptables.
I can't understand how the chain denyin is fill. I've many ip in this chain, how are these IPs entered?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited