Desperate: ho to do a whois request on port 43

[jaimet]

Hi,

I'm trying to execute a PHP script on a plesk 9 server. The main point of the script is to execute a socket request to whois.crsnic.net so i can check if a domain is available or not.

When i execute the script on my computer, everyting works fine; but when doing it on the server i get a connection timed out error message.

So i think that my server is blocking the requests i do with this script on port 43. I've tried to setup the plesk firewall, opening the port but still the same. Maybe i'm doing soemthin wrong...

Is this a firewall problem?

Php?

Other?

I'm desperate.

 

[IgorG]

Did you tried to check connection to 43 port from your Plesk server?
For example:

$ telnet whois.crsnic.net 43
Trying 199.7.55.74...
Connected to whois.crsnic.net.

If you can't connect, check that you haven't any iptables rules with

# iptables -L

And correct it if it is necessary.

 

[jaimet]

Thanks for your answer!

trying the telnet command, it gets hung on:
Trying 199.7.59.74...

Si it sure will be an iptables issue. How do i modify it?

If i modify it directly, will the plesk firewall overwite it or there's no problem?

I use the plesk firewall module to set a new custom rule, but it does not work anyway...

 

[IgorG]

I don't know how it was firewalled - via Plesk interface or directly with iptables rules in CLI. Try to check it in Plesk first and if it is not firewalled there - modify your rules directly.

 

[jaimet]

Yea i did a custom plesk firewall rule, but it does nothing....

The rule is set this way:


outgoing communication on TCP and UDP port 43 granted to any machine.

but still does not work...

 

[IgorG]

Remove rule for 43 port manually with CLI.

 

[jaimet]

When i update my firewall rule, i get a script that i suppose represents all the iptables server setup.

I don't understand what happens, cause the 43 port is listed on this script but still not works???


This is the script:



echo 0 > /proc/sys/net/ipv4/ip_forward
([ -f /var/lock/subsys/ipchains ] && /etc/init.d/ipchains stop) >/dev/null 2>&1 || true
(rmmod ipchains) >/dev/null 2>&1 || true
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -m state --state INVALID -j DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A FORWARD -m state --state INVALID -j DROP
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
/sbin/iptables -t mangle -Z
/sbin/iptables -t mangle -P PREROUTING ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT
/sbin/iptables -t mangle -P INPUT ACCEPT
/sbin/iptables -t mangle -P FORWARD ACCEPT
/sbin/iptables -t mangle -P POSTROUTING ACCEPT
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -t nat -Z
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 8880 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 587 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 995 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 143 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 993 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 106 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 5432 -j DROP

/sbin/iptables -A INPUT -p tcp --dport 9008 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 9080 -j DROP

/sbin/iptables -A INPUT -p udp --dport 137 -j DROP
/sbin/iptables -A INPUT -p udp --dport 138 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 139 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 445 -j DROP

/sbin/iptables -A INPUT -p udp --dport 1194 -j DROP

/sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 53 -j ACCEPT

/sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -j ACCEPT

/sbin/iptables -A INPUT -j ACCEPT

/sbin/iptables -A OUTPUT -p tcp --dport 43 -j ACCEPT
/sbin/iptables -A OUTPUT -p udp --dport 43 -j ACCEPT

/sbin/iptables -A OUTPUT -j ACCEPT

/sbin/iptables -A FORWARD -j DROP