SOLVED Firewall blocked all ports and not possible login to ssh

F

feerdispzoo

Verified User
Joined
Jan 17, 2022
Messages
189
Ubuntu 20.40. I;ve install ufw to add ports to firewall.

I've add 2 ports 53 and 3306 and exit SSH. This ports working correct. Now I try connect again to ssh and not possible. Looks like when I install ufw this locked all others ports which not in this list...


I try disable firewall directly from Hetzner panel but this not resolve my issue. What I should do now? There is any solution ?
 
Why do you install ufw?
When you install Directadmin, then CSF/LFD is installed by default. Or did you choose not to install CSF/LFD?

Also 2 ports is way to less and 3306 is dangerous because then mysql can be reached from outside. Normally you don't want that.
As said, it's too less because you also need ports like 2222 to reach the DA interface and 80 for web etc. etc..

If you can't reach Directadmin interface and can't disable the firewall in any way, the only solution is the ask Hetzner maybe KVM access. You can also do that yourself via the Hetzner robot, boot into recovery mode.
Then configure your firewall correctly and reboot.

My advise, don't go messing with a firewall while CSF/LFD makes your life a lot easier and also there is a plugin so you can manage it from within DA.
 
Hello @Richard,
thank you for your quick response. Yes, the problem is this block all ports and I not have access anywhere.

I try run system in resuce mode in Hetzner. When I try add port to allowed list:
ufw allow 22/tcp
after reboot system still the same issue.

also when I add allow 22/tcp and then check ufw status then is error not found ip_tabled in resuce system

This command working correct when I have access to production server. But after enable resuce this command not changes anything ufw allow 22/tcp
 
feerdispzoo said:
also when I add allow 22/tcp and then check ufw status then is error not found ip_tabled in resuce system
Click to expand...
Correct, commands only work if you mount the filesystem in a certain way. There is a documentation about that at the Hetzner website on how to do that.

Hetzner Rescue System - Hetzner Docs

docs.hetzner.com docs.hetzner.com

If the server is still empty, I would suggest to create a new installation and do not use uwf anymore.
 
I just spent more than 11 hours configuring today, and unfortunately I am unable to reinstall the system right now. I ordered a 3h remote console from Hetzner. They will be connected soon, do you think that I will be able to unlock it via the remote KVM console? this is my fail by end of day..
 
Oh oeps... yes then I can understand.
I answered you via PM. If it's KVM console you login directly to the system correct? In that case you could just use the commands to disable uwf.

sudo ufw disable

Also disable it in the ufw config...see links in pm. ;)
 
Richard G said:
Oh oeps... yes then I can understand.
I answered you via PM. If it's KVM console you login directly to the system correct? In that case you could just use the commands to disable uwf.

sudo ufw disable

Also disable it in the ufw config...see links in pm. ;)
Click to expand...
that's great, thanks for the confirmation!. Thanks also for the reply PM.
In that case I will wait and hold off mount disk temporary, because this operation may end badly by me: D, until hetzner connects KVM consoles to me and then I tries to disable it via above command.

@update
Now I get details to login to KVM Console from Hetzner. A try this now.

@working! : )
 
Last edited:
Great!
Nice to hear you manage to fix it. If you want, you can edit your first post and set the prefix to "solved".

KVM is a winner.
 
You must log in or register to reply here.
Back
Top