New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
(Solved) VestaCP firewall stops all Outwards DNS lookup -even apt-get update
I'm not much versed with IPtables right now... I have setup VestaCP on a server and I made some "raw" rules there to block certain ports and allow some of them.
However after this, all outwards dns lookups stop. I can't ping google.com, can't do apt-get update, worst --- exim can't resolve any domains to send mails to.
Can you suggest what to be added to my rules tables ? will I need to it manually overide or setup the rule in my VestaCP firewall panel ??
My _iptables -L -n _shows
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-VESTA tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8083
fail2ban-MAIL tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587,2525,110,995,143,993
fail2ban-SSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9562
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587,2525
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 3306,5432
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 110,995,143,993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8083
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9810
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2257
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5901
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT all -- x.x.x.x 0.0.0.0/0
ACCEPT all -- y.y.y.y 0.0.0.0/0
ACCEPT all -- 127.0.0.1 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-MAIL (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-VESTA (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-ssh (0 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain vesta (0 references)
target prot opt source destination
This discussion has been closed.
Comments
Sorry for this thread -- I acknowledged the same issue here and resolved it.
http://lowendtalk.com/discussion/44292/solved-server-with-vestacp-and-firewall-enabled-blocks-dns-lookups