1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Desperate: ho to do a whois request on port 43

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by jaimet, Feb 11, 2010.

  1. jaimet

    jaimet Guest

    0
     
    Hi,

    I'm trying to execute a PHP script on a plesk 9 server. The main point of the script is to execute a socket request to whois.crsnic.net so i can check if a domain is available or not.

    When i execute the script on my computer, everyting works fine; but when doing it on the server i get a connection timed out error message.

    So i think that my server is blocking the requests i do with this script on port 43. I've tried to setup the plesk firewall, opening the port but still the same. Maybe i'm doing soemthin wrong...

    Is this a firewall problem?

    Php?

    Other?

    I'm desperate.
     
  2. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,576
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    Did you tried to check connection to 43 port from your Plesk server?
    For example:

    If you can't connect, check that you haven't any iptables rules with
    And correct it if it is necessary.
     
  3. jaimet

    jaimet Guest

    0
     
    Thanks for your answer!

    trying the telnet command, it gets hung on:
    Trying 199.7.59.74...

    Si it sure will be an iptables issue. How do i modify it?

    If i modify it directly, will the plesk firewall overwite it or there's no problem?

    I use the plesk firewall module to set a new custom rule, but it does not work anyway...
     
    Last edited by a moderator: Feb 11, 2010
  4. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,576
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    I don't know how it was firewalled - via Plesk interface or directly with iptables rules in CLI. Try to check it in Plesk first and if it is not firewalled there - modify your rules directly.
     
  5. jaimet

    jaimet Guest

    0
     
    Yea i did a custom plesk firewall rule, but it does nothing....

    The rule is set this way:


    outgoing communication on TCP and UDP port 43 granted to any machine.

    but still does not work...
     
  6. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,576
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    Remove rule for 43 port manually with CLI.
     
  7. jaimet

    jaimet Guest

    0
     
    When i update my firewall rule, i get a script that i suppose represents all the iptables server setup.

    I don't understand what happens, cause the 43 port is listed on this script but still not works???


    This is the script:



    echo 0 > /proc/sys/net/ipv4/ip_forward
    ([ -f /var/lock/subsys/ipchains ] && /etc/init.d/ipchains stop) >/dev/null 2>&1 || true
    (rmmod ipchains) >/dev/null 2>&1 || true
    /sbin/iptables -F
    /sbin/iptables -X
    /sbin/iptables -Z
    /sbin/iptables -P INPUT DROP
    /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/iptables -A INPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
    /sbin/iptables -A INPUT -m state --state INVALID -j DROP
    /sbin/iptables -P OUTPUT DROP
    /sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/iptables -A OUTPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
    /sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
    /sbin/iptables -P FORWARD DROP
    /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/iptables -A FORWARD -p tcp ! --syn -j REJECT --reject-with tcp-reset
    /sbin/iptables -A FORWARD -m state --state INVALID -j DROP
    /sbin/iptables -A INPUT -i lo -j ACCEPT
    /sbin/iptables -A OUTPUT -o lo -j ACCEPT
    /sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT
    /sbin/iptables -t mangle -F
    /sbin/iptables -t mangle -X
    /sbin/iptables -t mangle -Z
    /sbin/iptables -t mangle -P PREROUTING ACCEPT
    /sbin/iptables -t mangle -P OUTPUT ACCEPT
    /sbin/iptables -t mangle -P INPUT ACCEPT
    /sbin/iptables -t mangle -P FORWARD ACCEPT
    /sbin/iptables -t mangle -P POSTROUTING ACCEPT
    /sbin/iptables -t nat -F
    /sbin/iptables -t nat -X
    /sbin/iptables -t nat -Z
    /sbin/iptables -t nat -P PREROUTING ACCEPT
    /sbin/iptables -t nat -P OUTPUT ACCEPT
    /sbin/iptables -t nat -P POSTROUTING ACCEPT

    /sbin/iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp --dport 8880 -j ACCEPT

    /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT

    /sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT

    /sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT

    /sbin/iptables -A INPUT -p tcp --dport 587 -j ACCEPT

    /sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT

    /sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp --dport 995 -j ACCEPT

    /sbin/iptables -A INPUT -p tcp --dport 143 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp --dport 993 -j ACCEPT

    /sbin/iptables -A INPUT -p tcp --dport 106 -j ACCEPT

    /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT

    /sbin/iptables -A INPUT -p tcp --dport 5432 -j DROP

    /sbin/iptables -A INPUT -p tcp --dport 9008 -j DROP
    /sbin/iptables -A INPUT -p tcp --dport 9080 -j DROP

    /sbin/iptables -A INPUT -p udp --dport 137 -j DROP
    /sbin/iptables -A INPUT -p udp --dport 138 -j DROP
    /sbin/iptables -A INPUT -p tcp --dport 139 -j DROP
    /sbin/iptables -A INPUT -p tcp --dport 445 -j DROP

    /sbin/iptables -A INPUT -p udp --dport 1194 -j DROP

    /sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp --dport 53 -j ACCEPT

    /sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -j ACCEPT

    /sbin/iptables -A INPUT -j ACCEPT

    /sbin/iptables -A OUTPUT -p tcp --dport 43 -j ACCEPT
    /sbin/iptables -A OUTPUT -p udp --dport 43 -j ACCEPT

    /sbin/iptables -A OUTPUT -j ACCEPT

    /sbin/iptables -A FORWARD -j DROP
     
Loading...