View previous topic :: View next topic |
Author |
Message |
Lars Senior Member
Joined: 25 Oct 2010 Posts: 136
|
Posted: Thu Nov 12, 2015 8:30 pm Post subject: SMS-2.0.7 blocks one of my machines from local access |
|
|
Well, again gerasimos ,
It's still concerning the fit2pc server with SMS-2.0.7 I inherited from my friend last january. As I've mentioned he had configured it for use with http (html and CMS-systems) and fftp.
Last spring you suggested that I'ld use tightvnc since I had problems with the fit2pc's graphics card driver. I used it ca 4 weeks during the spring just to get an overview of the machine and OS. -Only two days ago I had the time to start configuring it for my needs. -All the time vnc worked like a charm .
-Until late last night! I could not login anymore. Closed my SMS and my vnc-client (my main working machine). I was anyway finished with configuring httpd incl https.
Today I started looking for corrupted configuration files and studied the logs I could find:
the vnc server log just reported
Code: | "11/11/15 17:44:18 Rejected connection from client 192.168.X.X" |
my client's terminal
Code: | "vncviewer: VNC server closed connection" |
-Searched internet and found nothing alike.
vnc still not working.
I anyway continued my configuring the 2.0.7 server today: set up ddclient to my DNS service, ftp and finally nfs.
-When I now tried ftp and nfs from my main working machine through my local network,I did get severe problems. My FTP clients did not work, trying from terminal returned
Code: | "421 Service not available, remote server has closed connection." |
and nfs takes up to ten minutes to connect.
First I thought I had misconfigured them and went through the whole process again, checking.
(I have got all those services on my SMS-1.6.0 server and they work perfect).
After revising the configurations two times I still could not get vnc, ftp or nfs working.
Checked my working machines firewall for causes, nothing.
By chance I started up another working machine and was surprised when I perfectly could connect to nfs, ftp and vnc from there. Other local IP? Now I started to suspect that it was SMS-2.0.7 that blocked my main machine.
Just to be sure I tried two other distributions on my main machine (same local IP), SuSE13.1 and Slackware-14: ftp, nfs and vnc didn't work there either.
The problem probably lies in some service or firewall in SMS-2.0.7. The problem is that I do not know which firewall or security services my friend used or how he had configured them?? -I'm certain that he has used only services that comes with the SMS-2.0.7.
What I can say can have caused the blocking is that, especially yesterday, I logged in to my SMS-server a real lot of times! And quite some times failed.
If my suspicions are correct I would be real grateful for help to get my main machine out of this block! It's from this I maintain my server, and it besides is my most modern.
Best regards
Lars |
|
Back to top |
|
Lars Senior Member
Joined: 25 Oct 2010 Posts: 136
|
Posted: Thu Nov 12, 2015 11:03 pm Post subject: |
|
|
Could it be fail2ban?
found some logs that could indicate that.
Lars |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Fri Nov 13, 2015 1:13 pm Post subject: |
|
|
Most likely try to restart or stop fail2ban
smsconfig fail2ban restart
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
Lars Senior Member
Joined: 25 Oct 2010 Posts: 136
|
Posted: Fri Nov 13, 2015 5:08 pm Post subject: |
|
|
Sorry, that did not help.
My main machine is after two days still blocked in my local network.
While waiting I tried to understand the way fail2ban worked. -As far as I could understand it works by for instance adding rules to iptables. -It was hard to find iptables since my friend hasn't got any /etc/rc.d/rc.firewall, but after a while I found I could read iptables(?) through
# iptable -L
After fiddling a while I found 4 failban chains with references(?)
fail2ban-BadBots
fail2ban-ProFTPD
fail2ban-SSH
fail2ban-dovecot-pop3imap
guessed references could mean rules added by fail2ban(?).
Found no way to read out if my blocked ip was listed in any of those chains, but "in blind" tried to remove my blocked ip, if it was in any of them by running:
# iptables -D fail2ban-dovecot-pop3imap -s 192.168.X.X -j DROP
# iptables -D fail2ban-SSH -s 192.168.X.X -j DROP
# iptables -D fail2ban-ProFTPD -s 192.168.X.X -j DROP
# iptables -D fail2ban-BadBots -s 192.168.X.X -j DROP
from all I got
iptables: Bad rule (does a matching rule exist in that chain?).
which probably means that my blocked ip never was there(?)
Since I've got no /etc/rc.d/rc.firewall I can't stop iptables (if it's running).
Looked for ev other firewalls, like guarddog, but found none.
Stopping fail2ban however didn't work:
I still cannot connect locally to my SMS-2.0.7 server with vnc, ftp or nfs from my main workstation and it's a real problem for me.
Could it be something else that blocks my All OS' on my main workstation -same IP- from connecting with SMS? |
|
Back to top |
|
Lars Senior Member
Joined: 25 Oct 2010 Posts: 136
|
Posted: Fri Nov 13, 2015 9:27 pm Post subject: |
|
|
Well, I finally found it !
tcpd had added
[my blocked local IP]
to /etc/hosts.deny about the time I got vnc and ftp problems.
Now everything is working.
One final question only (since I spent 8 hours today trying to understand fail2ban's way of working):
Since I haven't got iptables active (that's anyway how I understand that I've got no /etc/rc.d/rc.firewall):
Does fail2ban really work? Where can I find and modify the existing jails?
Best reards
Lars |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Sat Nov 14, 2015 12:24 pm Post subject: |
|
|
Iptables are active alright, the rc.firewall is for applying rules at boot...
The fail2ban jail confis /etc/fail2ban/jail.conf...
Gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
Lars Senior Member
Joined: 25 Oct 2010 Posts: 136
|
Posted: Sun Nov 15, 2015 5:38 pm Post subject: |
|
|
Thank you again Gerasimos!
I really appreciate all the help you have given me through the years !
Now I hopefully can manage on my own. This last week I have configured up the servermachine with S*M*S-2.0.7 I inherited from my friend.
Best regards
Lars |
|
Back to top |
|
|