<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Verdana","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";color:#1F497D'>Thanks Chuck<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";color:#1F497D'>All seems OK at the moment. This is the current status. Does this look right?:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal>[root@ns5 ~]# iptables -L -n | more<o:p></o:p></p><p class=MsoNormal>Chain INPUT (policy ACCEPT)<o:p></o:p></p><p class=MsoNormal>target prot opt source destination<o:p></o:p></p><p class=MsoNormal>dFix2 all -- 0.0.0.0/0 0.0.0.0/0<o:p></o:p></p><p class=MsoNormal>acctin all -- 0.0.0.0/0 0.0.0.0/0<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Chain FORWARD (policy ACCEPT)<o:p></o:p></p><p class=MsoNormal>target prot opt source destination<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Chain OUTPUT (policy ACCEPT)<o:p></o:p></p><p class=MsoNormal>target prot opt source destination<o:p></o:p></p><p class=MsoNormal>acctout all -- 0.0.0.0/0 0.0.0.0/0<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Chain acctin (1 references)<o:p></o:p></p><p class=MsoNormal>target prot opt source destination<o:p></o:p></p><p class=MsoNormal> all -- 0.0.0.0/0 192.168.250.240<o:p></o:p></p><p class=MsoNormal> all -- 0.0.0.0/0 127.0.0.1<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Chain acctout (1 references)<o:p></o:p></p><p class=MsoNormal>target prot opt source destination<o:p></o:p></p><p class=MsoNormal> all -- 192.168.250.240 0.0.0.0/0<o:p></o:p></p><p class=MsoNormal> all -- 127.0.0.1 0.0.0.0/0<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Chain compass_fw (0 references)<o:p></o:p></p><p class=MsoNormal>target prot opt source destination<o:p></o:p></p><p class=MsoNormal>ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED<o:p></o:p></p><p class=MsoNormal>ACCEPT all -- 0.0.0.0/0 0.0.0.0/0<o:p></o:p></p><p class=MsoNormal>ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53<o:p></o:p></p><p class=MsoNormal>ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20<o:p></o:p></p><p class=MsoNormal>ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21<o:p></o:p></p><p class=MsoNormal>ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22<o:p></o:p></p><p class=MsoNormal>ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25<o:p></o:p></p><p class=MsoNormal>ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53<o:p></o:p></p><p class=MsoNormal>ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53<o:p></o:p></p><p class=MsoNormal>ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80<o:p></o:p></p><p class=MsoNormal>ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:81<o:p></o:p></p><p class=MsoNormal>ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110<o:p></o:p></p><p class=MsoNormal>ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143<o:p></o:p></p><p class=MsoNormal>ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443<o:p></o:p></p><p class=MsoNormal>ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:444<o:p></o:p></p><p class=MsoNormal>ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587<o:p></o:p></p><p class=MsoNormal>ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993<o:p></o:p></p><p class=MsoNormal>ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995<o:p></o:p></p><p class=MsoNormal>LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `Compass Security: '<o:p></o:p></p><p class=MsoNormal>DROP all -- 0.0.0.0/0 0.0.0.0/0<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Chain dFix2 (1 references)<o:p></o:p></p><p class=MsoNormal>target prot opt source destination<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Chain dFixblock2 (0 references)<o:p></o:p></p><p class=MsoNormal>target prot opt source destination<o:p></o:p></p><p class=MsoNormal>LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4<o:p></o:p></p><p class=MsoNormal>DROP all -- 0.0.0.0/0 0.0.0.0/0<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> blueonyx-bounces@mail.blueonyx.it [mailto:blueonyx-bounces@mail.blueonyx.it] <b>On Behalf Of </b>Chuck Tetlow<br><b>Sent:</b> 18 September 2013 18:30<br><b>To:</b> BlueOnyx General Mailing List<br><b>Subject:</b> [BlueOnyx:13705] Re: Message Log<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Hi Richard, <br><br>If you don't want those blocks - use the command-line command: "iptables -L -n | more" <br>to find the rule that is blocking. The output will looks something like this under the "acctin" chain: <br><br>DROP all -- 0.0.0.0/0 192.168.250.240/32 <br>or <br>DROP tcp -- 195.195.131.183 192.168.250.240 tcp dpt:80 <br>or maybe even <br>DROP all -- 192.195.131.183 0.0.0.0/32 <br><br>You're looking in the "acctin" chain for something showing that destination IP 192.168.250.240, and destination port TCP80. Once you find the rule, count down from the top to see what rule number it is (like 5th from the top). Then use the command: "iptables -D acctin 5" to delete that rule. <br><br>Alternately, you can delete it by duplicating it (its just harder with the syntax). So that second rule above would be deleted with: <br>iptables -D acctin -p tcp -s 195.195.131.183 -d 192.168.250.240 --dport 80 -j DROP <br><br>See why I say counting down the number of rules and deleting it by line number is easier?? <br><br><br><br>Chuck <br><br><br>P.S. - If you can't figure out which line is doing the blocking, use the "iptables -L -n -v" command and send the output back to the list. I'll look it over and see if I can figure out which firewall rule is doing the blocking. <br><br><br><br><span style='font-size:10.0pt'><br><br><b>---------- Original Message -----------</b> <br>From: "Richard Sidlin" <<a href="mailto:richard@sidlin.co.uk">richard@sidlin.co.uk</a>> <br>To: "'BlueOnyx General Mailing List'" <<a href="mailto:blueonyx@mail.blueonyx.it">blueonyx@mail.blueonyx.it</a>> <br>Sent: Wed, 18 Sep 2013 18:11:02 +0100 <br>Subject: [BlueOnyx:13702] Re: Message Log <br><br>> Thanks Chuck. I certainly [UTF-8?]don’t want access to port 80 blocked and we received complaints today that it was unavailable. I have Dfix2 installed but I [UTF-8?]don’t want it blocking access! <br>> <br>> <br>> </span><b><span lang=EN-US style='font-size:10.0pt'>From:</span></b><span lang=EN-US style='font-size:10.0pt'> <a href="mailto:blueonyx-bounces@mail.blueonyx.it">blueonyx-bounces@mail.blueonyx.it</a> [<a href="mailto:blueonyx-bounces@mail.blueonyx.it">mailto:blueonyx-bounces@mail.blueonyx.it</a>] <b>On Behalf Of </b>Chuck Tetlow <br>> <b>Sent:</b> 18 September 2013 17:55 <br>> <b>To:</b> BlueOnyx General Mailing List <br>> <b>Subject:</b> [BlueOnyx:13700] Re: Message Log</span><span style='font-size:10.0pt'> <br>> <br>> Those log entries show that someone at 195.195.131.183 was trying to connect to 192.168.250.240 on TCP port 80. So they're trying to hit the webpage at the address 192.168.250.240, but were being blocked by the IPTables firewall software on your BX server. <br>> <br>> Does that source address mean anything to you? What is on that destination IP address, and does that site have a webpage? And probably the most important question - why would the IPTables software be configured to block someone hitting a webpage?? <br>> <br>> I can't imagine DFix or one of the other automated security tools blocking webpage requests to TCP Port 80, but I don't know all those packages well - so it could be something automatic. But on first guess - I'd suggest someone would have had to manually configure that block. That then goes back to the last question - why would someone want to block access to a webpage/website?? <br>> <br>> Chuck <br>> <br>> <b>---------- Original Message -----------</b> <br>> From: "Richard Sidlin" <<a href="mailto:richard@sidlin.co.uk">richard@sidlin.co.uk</a>> <br>> To: <<a href="mailto:blueonyx@mail.blueonyx.it">blueonyx@mail.blueonyx.it</a>> <br>> Sent: Wed, 18 Sep 2013 17:38:09 +0100 <br>> Subject: [BlueOnyx:13699] Message Log <br>> <br>> > Hi <br>> > <br>> > I have loads of these in my message log. Anything to be concerned about? <br>> > <br>> > Sep 18 12:30:44 ns5 kernel: IN=eth0 OUT= MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.183 DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=32494 DF PROTO=TCP SPT=42963 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 <br>> > Sep 18 12:30:56 ns5 kernel: IN=eth0 OUT= MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.182 DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=43175 DF PROTO=TCP SPT=53690 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 <br>> > Sep 18 12:30:56 ns5 kernel: IN=eth0 OUT= MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.183 DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=32495 DF PROTO=TCP SPT=42963 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 <br>> > Sep 18 12:31:05 ns5 kernel: IN=eth0 OUT= MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.183 DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64909 DF PROTO=TCP SPT=48409 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 <br>> > Sep 18 12:31:07 ns5 kernel: IN=eth0 OUT= MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.183 DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=48816 DF PROTO=TCP SPT=42656 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 <br>> > Sep 18 12:31:08 ns5 kernel: IN=eth0 OUT= MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.183 DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=64910 DF PROTO=TCP SPT=48409 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 <br>> > Sep 18 12:31:12 ns5 kernel: IN=eth0 OUT= MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.182 DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8668 DF PROTO=TCP SPT=55189 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 <br>> > Sep 18 12:31:14 ns5 kernel: IN=eth0 OUT= MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.183 DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=64911 DF PROTO=TCP SPT=48409 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 <br>> > Sep 18 12:31:15 ns5 kernel: IN=eth0 OUT= MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.182 DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=8669 DF PROTO=TCP SPT=55189 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 <br>> > <br>> > Thanks <br>> > <br>> > Richard <br>> > </span><span style='font-size:22.5pt'> </span><span style='font-size:10.0pt'><br>> > <br>> <b>------- End of Original Message -------</b> <br><b>------- End of Original Message -------</b> </span><o:p></o:p></p></div></div></body></html>