Connections to various ports not making it through to fresh install VM server

3 posts / 0 new
Last post
#1 Mon, 10/30/2017 - 09:08
vns990.co

Connections to various ports not making it through to fresh install VM server

For those not already familiar be aware that virtualmin by default now installs and runs the following modules:

FirewallD and Fail2ban

This was the cause of many lost hours and pure fury trying to figure out why various server applications just outright refused to connect.

The penny dropped when today i spotted these two offenders running and i proceeded to shut them down.

BINGO! Oh look hello outside world welcome back LTNS.

I hope this saves anyone else going through the same stress levels in the IT community. May your IOT be nice to you and be hassle free.

Regards.

Mon, 10/30/2017 - 10:56
scotwnw

Just FYI, unless you have installed another firewall, shutting down FIrewallD means every port/application on your VM is now open to the world.
And shutting down fail2ban means people/bots can password guess ALL day, thousands of times an hour.

Hopefully you have other such protections in place.

Mon, 10/30/2017 - 17:17
Joe
Joe's picture

Sorry it caused frustration! It was documented in the VM6 release notes (and a few other places, though our docs are a mess right now and need a major overhaul), and during installation you'll see both services getting configured during "phase 3". It'll say "Configuring Firewalld" and "Configuring Fail2ban" and it'll also show up in the logs, and we have modules for both in Webmin, so you can see what rules are in effect from the GUI.

Disabling it is generally fine. I mean, firewalld provides a little bit of protection to have a firewall (but much less than many people think, in a server environment). fail2ban is pretty useful, though, as it allows shutting down some kinds of brute force attack that aren't handled well by the services themselves. Webmin has pretty good brute force protection built in, but sshd and mail and a few others don't really handle it very well. And, there's also the benefit of when one service is being attacked, it shuts down access for all services from the offending IP, so that makes it that much harder for an attacker to get it via brute force.

--

Check out the forum guidelines!

Topic locked