ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

CSF Not Passing DYNDNS.ORG

https://mail.forum.configserver.com/viewtopic.php?t=8069

Page 1 of 1

CSF Not Passing DYNDNS.ORG

Posted: 26 Aug 2014, 01:52
by amphibiansolutions
ConfigServer Security & Firewall - csf v7.15
CSF not passing DYNDNS traffic:

For several months I have been using CSF installed on a PBX server without problems. I lost a hard drive and reinstalled PBX SOFTWARE and CSF. Since install I have not been able to get CSF to pass traffic from DYNDNS. In other words, when I use https://myname.dyndns.(org) I see the IP address of the network I am on being blocked by CSF. And yes, all ports have been forwarded as required. Without CSF enabled, all works fine. Once CSF is enabled, then all IP's (other than those in the csf.allow file) are blocked, even those that I use with the dyndns.(org).

Any suggestions as to what or where I should look?

Thanks
amphibian

Re: CSF Not Passing DYNDNS.ORG

Posted: 28 Aug 2014, 13:54
by amphibiansolutions
Sorry for the prior post, hadn't had my coffee yet and I'm a rude person......

Let's try this again in a different approach.

In my log files I see "DynDNS: Lookup for [XXXXXXXXX.dyndns-org] failed - Lookup timeout

Where or what would one suggest the steps required to see why it fails?

In the section of CSF where you put your dyndns infor, what is the proper way to enter a dyndns name?

And, can one advise what the proper code would be to allow the following ports with dyndns
( in other words is this correct udp|in|a=5060-5065|s=xxxxxxxxxx.dyndns-org or not)

udp ports 5060-5065
rtp ports 10000-20000
https 443


Thanks
amphibian

Re: CSF Not Passing DYNDNS.ORG

Posted: 28 Aug 2014, 21:44
by ForumAdmin
amphibiansolutions wrote:DynDNS: Lookup for [XXXXXXXXX.dyndns-org] failed - Lookup timeout
That suggests either a problem with the DNS resolvers on the server, slow DNS resolvers, or with the DNS configuration of the FQDN, neither of which are anything to do with the csf configuration.
And, can one advise what the proper code would be to allow the following ports with dyndns
( in other words is this correct udp|in|a=5060-5065|s=xxxxxxxxxx.dyndns-org or not)
No. As per the csf readme.txt instructions, edit /etc/csf/csf.dyndns and use something like the following:

Code: Select all

udp|in|d=5060_5065|s=yourdomain.dyndns.org
Repeat for any other ports or protocols (udp/tcp or icmp). This assumes you have correctly configured DYNDNS in /etc/csf/csf.conf

Restart csf and then lfd after making any changes.

Re: CSF Not Passing DYNDNS.ORG

Posted: 30 Sep 2014, 00:14
by amphibiansolutions
I went and entered the "udp|in|d=5060_5065|s=yourdomain.dyndns" (replaceing the required info) and that didn't seem to work either.

When I try to https into the server using my dyndns name the csf lfd.log displays the following:

Sep 29 18:02:18 pbx lfd[12680]: *Port Scan* detected from 32.144.53.98 (US/United States/mobile-032-144-053-098.mycingular*net). 11 hits in the last 226 seconds - *Blocked in csf* for 3600 secs [PS_LIMIT]

Any suggestions on what to look for as I am at a loss.


Thanks
amphiibian
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited