ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Issue with IP

https://mail.forum.configserver.com/viewtopic.php?t=8774

Page 1 of 1

Issue with IP

Posted: 25 Jun 2015, 10:31
by armitage318
Hi,
I just installed CSF on a cPanel server (CentOS 5.11) - TESTING mode OFF.
One of my customer are complaining about problems with pop3 connection.
I gained access through Teamviewer on his machine and I verified that, from this specific ip, it is impossibile to connect to my server (I tried with telnet on port 25, 80, 110 and so on.. I always got connection timeout issue).
I stopped csf (csf -x) and the problem was solved.
Anyway, I don't find any log for this specific ip on /var/log/lfd.log (or through web interface).
I used csf -w (1.1.1.1 is forged obviously)

Code: Select all

# csf -w  1.1.1.1
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:INPUT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:INPUT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:LOCALINPUT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:LOCALINPUT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:LOGDROPIN '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:LOGDROPIN '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:DENYIN '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:DENYIN '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:DENYOUT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:DENYOUT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:ALLOWIN '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:ALLOWIN '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:ALLOWOUT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:ALLOWOUT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:INVALID '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:INVALID '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:INVDROP '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:INVDROP '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: I:LOGACCEPT '
LOG  tcp opt -- in * out *  1.1.1.1  -> 0.0.0.0/0  tcp flags:0x17/0x02 LOG flags 0 level 4 prefix `Firewall: O:LOGACCEPT '
How can I troubleshoot this?

Thank you very much!

Re: Issue with IP

Posted: 02 Jul 2015, 01:58
by cubanvj
csf -g "customer's IP" on the server will tell you if it's being blocked and when. You can also grep "customer's IP" /var/log/messages and /var/log/secure , this should show you when attempts where made to connect along with when the IP started being blocked by the kernel.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited