Firewall [SOLVED]: Various firewall problems after VPS reboot [Firewall-cmd or iptables?]

Firewall [SOLVED]: Various firewall problems after VPS reboot [Firewall-cmd or iptables?]

Home Forums Firewall Firewall [SOLVED]: Various firewall problems after VPS reboot [Firewall-cmd or iptables?]

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #34448

    Anonymous

    QuestionQuestion

    CentOS 7, VPS

    NGinx, virtualmin, pm2, mongodb, mongo-express, openvpn

    Hi guys, im new to VPS and linux in general but loving the flexibility and things im learning so please stay with me as im sure im about to look very ignorant.. 😛

    I have purchased a VPS, working well up until I rebooted it to fix some OpenVPN issues, on reboot I had to manually restart essentially everything and there seems to be some issues with my firewall now.

    Some of my services seem to be working fine, for instance ‘nginx’ will properly reverse proxy to my running application, but mongodb wont grab database information, but it will work externally? (I can retrieve my database results with an outside product connecting with a URI…)

    and I couldnt even connect with SSH!
    Anyway I modified some rule-sets on firewall-cmd and now I can finally connect to SSH but I am still having lots of trouble, lots of services seem to be not working due to firewall issues.

    Id installed iptables following a tutorial but I have firewall-cmd which I am fine using is it safe to uninstall this? And is there a way to just open up all ports so I dont have to discover every problem of every service and open that port etc?

    Will post any needed information from configs etc.

    #34449

    Anonymous

    Accepted AnswerAnswer

    Let’s try to answer step-by-step:

    1. It’s safe to uninstall firewalld? Yes, if you install iptables-services insted.
    2. Is there a way to just open up all ports? Yes but it’s not safe to open all ports, some ports shouldn’t be accessed from Internet, because they could use for some bad things, like DDoS third party servers.
    3. How to configure firewall? If you already installed iptables-services you could stop firewalld(systemctl stop firewalld), remove it, configure iptables and start it(systemctl start iptables) and don’t forget to enable it(systemctl enable iptables). Simple configuration that allow access to several ports you could see below(there is open tcp ports 22,80, 443 and udp port 1194).

    *filter

    :INPUT ACCEPT [0:0]

    :FORWARD ACCEPT [0:0]

    :OUTPUT ACCEPT [0:0]

    -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT

    -A INPUT -p icmp -j ACCEPT

    -A INPUT -i lo -j ACCEPT

    -A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT

    -A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT

    -A INPUT -p tcp -m state –state NEW -m tcp –dport 443 -j ACCEPT

    -A INPUT -p udp -m udp –dport 1194 -j ACCEPT

    -A INPUT -j REJECT –reject-with icmp-host-prohibited

    -A FORWARD -j REJECT –reject-with icmp-host-prohibited COMMIT

    iptables configuration file in CentOS located in /etc/sysconfig/iptables

    Source: https://serverfault.com/questions/885617/various-firewall-problems-after-vps-reboot-firewall-cmd-or-iptables
    Author: Alexander Tolkachev
    Creative Commons License
    This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.