Submitted by lxtrix on Sun, 08/30/2009 - 03:24
I'm having trouble accessing Virtualmin.
I'm hosting it on Port 2086 of a CentOS 5.3 Server.
I have allowed access to port 2086 using the Linux Firewall page
When i login to SSH and disable iptables, i am able to access port 2086 but when i re-enable it. I cannot.
Status:
Active
Comments
Submitted by JamieCameron on Sun, 08/30/2009 - 13:02 Comment #1
Could you attach your /etc/sysconfig/iptables file to this bug report, so we can see what rules are active?
Submitted by lxtrix on Sun, 08/30/2009 - 17:23 Comment #2
# Generated by iptables-save v1.3.5 on Mon Aug 31 08:19:02 2009
*nat
:PREROUTING ACCEPT [8:406]
:POSTROUTING ACCEPT [1:266]
:OUTPUT ACCEPT [1:266]
COMMIT
# Completed on Mon Aug 31 08:19:02 2009
# Generated by iptables-save v1.3.5 on Mon Aug 31 08:19:02 2009
*mangle
:PREROUTING ACCEPT [80:11545]
:INPUT ACCEPT [80:11545]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [68:55513]
:POSTROUTING ACCEPT [68:55513]
COMMIT
# Completed on Mon Aug 31 08:19:02 2009
# Generated by iptables-save v1.3.5 on Mon Aug 31 08:19:02 2009
*filter
:FORWARD ACCEPT [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
# Accept traffic from internal interfaces
-A INPUT ! -i eth0 -j ACCEPT
# Accept traffic with the ACK flag set
-A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
# Allow incoming data that is part of a connection we established
-A INPUT -m state --state ESTABLISHED -j ACCEPT
# Allow data that is related to existing connections
-A INPUT -m state --state RELATED -j ACCEPT
# Accept responses to DNS queries
-A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
# Accept responses to our pings
-A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT
# Accept notifications of unreachable hosts
-A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT
# Accept notifications to reduce sending speed
-A INPUT -p icmp -m icmp --icmp-type source-quench -j ACCEPT
# Accept notifications of lost packets
-A INPUT -p icmp -m icmp --icmp-type time-exceeded -j ACCEPT
# Accept notifications of protocol problems
-A INPUT -p icmp -m icmp --icmp-type parameter-problem -j ACCEPT
# Allow connections to our SSH server
-A INPUT -p tcp -m tcp --dport 3131 -j ACCEPT
# Allow connections to our IDENT server
-A INPUT -p tcp -m tcp --dport auth -j ACCEPT
# Respond to pings
-A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT
# Allow DNS zone transfers
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
# Allow DNS queries
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
# Allow connections to webserver
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# Allow SSL connections to webserver
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
# Allow connections to mail server
-A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 25,587
# Allow connections to FTP server
-A INPUT -p tcp -m tcp --dport 20:21 -j ACCEPT
# Allow connections to POP3 server
-A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 110,995
# Allow connections to IMAP server
-A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 143,220,993
# Allow connections to Webmin
-A INPUT -p tcp -m tcp --dport 2086:2096 -j ACCEPT
# Allow connections to Usermin
-A INPUT -p tcp -m tcp --dport 2082 -j ACCEPT
COMMIT
# Completed on Mon Aug 31 08:19:02 2009
Submitted by JamieCameron on Sun, 08/30/2009 - 17:50 Comment #3
That looks OK to me ..
Is your box perhaps behind some other firewall or NAT device which may be also blocking port 2086?
Submitted by lxtrix on Sun, 08/30/2009 - 18:15 Comment #4
i defiantly couldn't get through port 10000, so i decided to move to port 2086 because my virtual server provider has this port open for cPanel WHM. which seeing as i'm not using. the port is free.
the thing that i find really unusual is the fact then when i disable iptables on VM i am to login to Virtual/Webmin whereas when enabled it just times out ....
i'm unsure of what could be causing this ..
Submitted by JamieCameron on Sun, 08/30/2009 - 18:35 Comment #5
That is odd, as the firewall rules clearly allow port 2086.
What is the output from "iptables -L" when the firewall is active?
Submitted by lxtrix on Mon, 08/31/2009 - 08:21 Comment #6
yeah, that's what i thought.
as i'm only new to linux, i thought that maybe my i.p. address had been blocked. before realising that is not possible as i can still login via SSH and access port 80 for web requests.
i've attached the output of iptables -L
Submitted by andreychek on Mon, 08/31/2009 - 08:33 Comment #7
Hmm, the port "2086" (amongst a few others) doesn't seem to show up in the output there.
I'm not quite sure if that's due to the problem you're seeing, or whether that's where the listing had "frozen" :-)
Could you try listing the iptables rules again, but use this command (which avoids DNS lookups, and should display pretty quickly)?
iptables -L -n
Thanks!
Submitted by lxtrix on Mon, 08/31/2009 - 13:51 Comment #8
hmmm....
i'm going to contact my virtual server provider about this one ....... when i disabled the firewall, logged in to webmin and applied the firewall rules. the command "iptables -L -n" showed an output matching my iptables config file. however, after a few short minutes the same command showed different output ..... and i was no longer able to access webmin again.
the reason why this problem has suddenly occured is because my ISP provide dynamic i.p. addresses although my previous one (c58-107-105-43.livrp1.nsw.optusnet.com.au) is allowed access to all ports my current one is not.
thanks for your help, will let you know what they have to say...