Problems activating your account? Send notification email to: admin@post4vps.com
Host4Fun Budget VPS Hosting
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
iptables problem solving
#1
A few hours ago I tried studying iptables! But some errors made my VPS unable to connect! Is there a solution to this problem?


Attached Files Image(s)
   
Semester IV Exam
#2
Your iptables rule allows connections from client port 9022 to server port 9022. However clients that connect to the server usually have a random port and hitting 9022 as its client port is a odd of 1 to 65535. The last rule you executed blocks all other connections. So you cannot connect to your VPS unless your client port is 9022.

Use the emergency console or emergency VNC in your control panel and delete all rules using:
iptables -F
iptables -X

The correct rule to open port 9022 (TCP I assume) would be:
iptables -A INPUT -p tcp --dport 9022 -j ACCEPT


You should be watching out what you are doing! If you set your INPUT chain to DROP make sure you have setup iptables rules properly or you will lock out yourself like you did.

You also need some more rules if you plan to leave the INPUT chain on dropped. Rules that allow replies to connections that you have started and etc.

See here: https://post4vps.com/Thread-Basic-secure...h-iptables

If you want to set this up properly do it over the emergency SSH / VNC so you can test if it works without being locked out.
With best regards from Germany
Hidden Refuge Robot



Thanks a lot for the free VPS 16 Post4VPS & HostLease!
#3
    Here at least I found a problem That is when giving the command -P INPUT DROP It also blocks port 22


Attached Files Image(s)
   
Semester IV Exam
#4
You didn't read what I have posted... Well.

Opening port 22 only and then setting your INPUT chain to DROP will NOT WORK! You need additional rules.

The order of how you execute the iptables rules also matters. You first opened port 22 and then said to DROP all traffic. The last rules in this case overrides all rules set before. So you get disconnected.

You need to use emergency SSH to setup the firewall properly. First setup the chains and to DROP then open ports as needed and setup further rules that allow automatic replies to connections you have initialized.

It is all described in the topic I linked in my previous post: https://post4vps.com/Thread-Basic-secure...h-iptables


Basically the script you need to run to do everything in a single run is:
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT

Run this from a emergency SSH session or emergency VNC - NOT FROM THE VPS DIRECTLY! After running it you can attempt to connect.
With best regards from Germany
Hidden Refuge Robot



Thanks a lot for the free VPS 16 Post4VPS & HostLease!
#5
Wow it works, but I don't have access to EMERGENCY VNC on the panel
Semester IV Exam
#6
Great to hear that it works.

You have no access to emergency SSH in your VPS control panel? Ok. How come? No VPS control panel? Usually SolusVM and Virtualizor both have either emergency SSH or VNC features.

Maybe open a support ticket?
With best regards from Germany
Hidden Refuge Robot



Thanks a lot for the free VPS 16 Post4VPS & HostLease!
#7
I don't get access to SolusVM for security reasons for service providers!

So, the problem is Solved !
@Dynamo can you close this thread?
Semester IV Exam
#8
(07-22-2019, 12:30 PM)Hidden Refuge Wrote:  Great to hear that it works.

You have no access to emergency SSH in your VPS control panel? Ok. How come? No VPS control panel? Usually SolusVM and Virtualizor both have either emergency SSH or VNC features.

Maybe open a support ticket?

It's an Admin managed VPS @Hidden Refuge. It doesn't come with a reseller panel. I wish it did as @chanalku91 is a power user and keeping me busy with reinstalling the OS! Tongue
Terminal
Thank you to Post4VPS and VirMach for my VPS 9!  It's in upgrade hospital at the moment.  Hope we can get VPS 9 Phoenix in its previous great shape again. We're on a mission!
#9
@chanalku91 Further info from the sponsor (Greg) says VPS 16 is not as well protected with DDoS as VPS 17. Why not apply for VPS 17, and you'll then be the absolute best person to test how well their DDoS is working on VPS 17.
Terminal
Thank you to Post4VPS and VirMach for my VPS 9!  It's in upgrade hospital at the moment.  Hope we can get VPS 9 Phoenix in its previous great shape again. We're on a mission!
 


Possibly Related Threads...
Thread Author Replies Views Last Post
  Problem installing some packages hamed 6 196 10-14-2019, 01:31 PM
Last Post: hamed
  Port Forwarding Problem - Public port to Private Port chanalku91 10 324 09-17-2019, 04:56 PM
Last Post: Hidden Refuge
  Iptables Melvin 7 394 07-29-2019, 05:02 AM
Last Post: humanpuff69
  direct admin login problem hamed 6 315 07-21-2019, 10:21 AM
Last Post: hamed
  Some packages problem Debian Rehan 11 564 07-06-2019, 08:32 AM
Last Post: arsalahmed786

Forum Jump:


Users browsing this thread: 1 Guest(s)

Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - SSDBlaze - Abc-Hosters - Hyper Expert - Shadow Hosting - Bladenode - HostDoc - Hostlease


About Post4VPS

Post4VPS is a forum/destiny where you can Delploy Your Free VPSs just by the Power of Posts.

We Provide VPSs of many locations like Germany,US,Canada,France,London,etc.

We also Provide VPSs of Both Linux and Windows OS.