CFS Firewall

[sohaib]

hey,

I need your advise, I have installed CFS Firewall on my server and for some reason its blocking all the connections, its only allowing me to access my website but its blocking all the others not accessing the web site, I am using VPS openvz, I need to know how I can have this work on my Directadmin.

Please advise.

 

[SeLLeRoNe]

You need to configure ports in CSF Configuration via DA Panel.

Regards

 

[sohaib]

Could you please tell me which ports I have to set Open to have it worked.

 

[SeLLeRoNe]

It depend on what services you wanna open, i use those:

TCP_IN 20,21,22,25,53,80,110,123,143,443,465,587,953,993,995,2087,2222,6277,8005,10000

TCP_OUT 20,21,22,25,37,43,53,80,81,110,113,443,873,953,2086,2087,2222,6277,9999

UDP_IN 20,21,53,161,953,7777,8777,9987
UDP_OUT 20,21,53,113,123,161,953

Regards

 

[sohaib]

I wanted to open all my httpd ports , ssh & email ports open please note I am using OpenVZ

 

[sohaib]

my ethernet interface card is listed as venet0:0 does it make a difference.

 

[SeLLeRoNe]

You need to seth in configuration the eth card, otherwise will apply to all eth cards if im not wrong.

Dont know if may be something different with OpenVX

Regards

 

[sohaib]

where do I need to define the settings in csf.conf do you know which line.

 

[Arieh]

If you have installed CSF on a DirectAdmin environment, it will install as a plugin. You can find it at the left corner under ConfigServer Firewall&Security, so you don't have to edit the .conf file manually.

###############################################################################
# SECTION:General Settings
###############################################################################
# By default, csf will auto-configure iptables to filter all traffic except on
# the loopback device. If you only want iptables rules applied to a specific
# NIC, then list it here (e.g. eth1, or eth+)
ETH_DEVICE =

# If you don't want iptables rules applied to specific NICs, then list them in
# a comma separated list (e.g "eth1,eth2")
ETH_DEVICE_SKIP =

I don't have these filled in, I don't think this is your problem. Check your logs why it is blocking everyone.

Here are a few you can look into:

/var/log/syslog
/var/log/messages
/var/log/lfd

Other then that I can recommend going by each setting by the time, so you know what your firewall does and doesn't do. It may take a while but as a admin you should really do it.