ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

lfd/csf not working as expected (block when should accept)

https://mail.forum.configserver.com/viewtopic.php?t=9608

Page 1 of 1

lfd/csf not working as expected (block when should accept)

Posted: 05 Jul 2016, 10:01
by jonaskellens
Hello

using CentOS 6.
using csf v9.07

I notice that certain traffic is being blocked, although it should be accepted.

First,
In file csf.allow I have listed the IP-adres of server.mydomain.tld

Second, I have firewall config :
TCP_OUT = 0:65535
UDP_OUT = 0:65535

But when I make command :
scp -2 -i ~/.ssh/id_rsa /root/backup_db.sql.gz MyUser@server.mydomain.tld:/home/MyUser

I get :
ssh: connect to host server.mydomain.tld port 22: Connection timed out
lost connection

There is no firewall on host server.mydomain.tld and connection from other servers succeeds.
And yes, sshd_config on host server.mydomain.tld is configured for port 22.

When I shut down firewall (csf/lfd) everything works well !

The problem really is with csf/lfd. Why is it blocking this outgoing traffic ??


Thanks.

Re: lfd/csf not working as expected (block when should accept)

Posted: 06 Jul 2016, 02:07
by Sergio
Did you change your SSH port to another port? If so, have you tried to use -P #PORT in your scp command?

Re: lfd/csf not working as expected (block when should accept)

Posted: 25 Jul 2016, 13:47
by jonaskellens
Hello

have you read my entire post ?

I say : "And yes, sshd_config on host server.mydomain.tld is configured for port 22."

Changing this to another ssh port makes no change.

I also for example see in /var/log/messages :

Jul 25 14:39:41 server kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=my.loc.al.ip DST=my.ser.ver.ip LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=33695 DF PROTO=TCP SPT=53648 DPT=6739 WINDOW=29200 RES=0x00 SYN URGP=0
Jul 25 14:39:42 server kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=my.loc.al.ip DST=my.ser.ver.ip LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=33696 DF PROTO=TCP SPT=53648 DPT=6739 WINDOW=29200 RES=0x00 SYN URGP=0
Jul 25 14:39:44 server kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=my.loc.al.ip DST=my.ser.ver.ip LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=33697 DF PROTO=TCP SPT=53648 DPT=6739 WINDOW=29200 RES=0x00 SYN URGP=0

While my.loc.al.ip is listed in the csf.allow file, it is still being blocked.

How is that possible ?

csf/lfd is not working as would be expected.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited