Resolved Firewall configuration Plesk

[TheLuckyGuy]

Hello Plesk community,

I do have a big firewall problem.

After restarting or turning the server off all ports are blocked.

After using the command "iptables --flush" all things are working again.

I tryed using the firewall inside the plesk panel. But I can't connect to the ftp service I'am blocked out.

Should I turn of the centos firewall and activate the firewall in plesk panel or is their no difference?

What do you thing is causing the error?

Can I somehow reset the firewall settings that I eventually added into some file before I come along the plesk firewall?

I'am not using File2Ban. Should I install that plugin? I used it before maybe something old is working against me.

• Below is the the firewall code that plesk generates.
• I use sshd on port 2222
• The only Person that should connect to ftp and sshd is my ip Adress.

http://pastebin.com/JJ7zXstF

 

[UFHH01]

Hi TheLuckyGuy,

Should I turn of the centos firewall and activate the firewall in plesk panel or is their no difference?

The CentOS firewall is not being configured/setup by Plesk and it's components. You have to configure/setup this third-party package on your very own.

What do you thing is causing the error?

A mis- / un-configured firewall is causing such issues.

Can I somehow reset the firewall settings that I eventually added into some file before I come along the plesk firewall?

What did you add? Where did you add it?

I'am not using File2Ban. Should I install that plugin?

Sure you should install this Plesk component. It is well documented and it will help you to secure your server.

 

[TheLuckyGuy]

Hi TheLuckyGuy,
The CentOS firewall is not being configured/setup by Plesk and it's components. You have to configure/setup this third-party package on your very own.

How should I configure it, I thought plesk is taking care of it with that plugin? Any guide on that?

A mis- / un-configured firewall is causing such issues.

can't find them looking for help

What did you add? Where did you add it?

First I tryed securing the server manually. Didn't changed anything thought. Did yum updates...

Sure you should install this Plesk component. It is well documented and it will help you to secure your server.

I installed that plugin again. Activated ssh and sshd but I don't think I need it since I only connect via one ip address to ssh and ftp...

Any ideas why I can't connect to proftp service when I deactived the firewall settings but when I actived them again. I'am looked out. The connections times out.

 

[UFHH01]

Hi TheLuckyGuy,

How should I configure it, I thought plesk is taking care of it with that plugin?

The Plesk extension "Firewall" has got nothing to do with your CentOS - package "firewalld" ( this is a stand - alone - daemon ) and as stated before, Plesk and it's components don't configure/setup "firewalld".

Any guide on that?

Well, you are here at the "Plesk - Onyx" - related - forum. If you desire help for other products/software/packages, pls. consider to open a thread at: => Home > Forum > General Discussion > Open Topics

Any ideas why I can't connect to proftp service when I deactived the firewall settings but when I actived them again. I'am looked out. The connections times out.

You might be interested in a thread like: => no access via FTP

In addition, it would really help, if you provide corresponding entries from your logs, to that people trying to help you have something to start with their investigations. Descriptions are nice, but FACTS are better. ​

 

[TheLuckyGuy]

Hi TheLuckyGuy,
The Plesk extension "Firewall" has got nothing to do with your CentOS - package "firewalld" ( this is a stand - alone - daemon ) and as stated before, Plesk and it's components don't configure/setup "firewalld".

I stoped the service "firewalld" in sshd. I could suddenly use ftp again. Looking into the Plesk Panel => Firewall. Nothing changed. I tryed login in from an other location worked, because firewall module disabled manually via ssh.
I disabled the module in the admin panel and actived it again. Firewall Module turned on. I could not connect to ftp again.
So plesk is using the firewalld module. I thought turning of firwalld would help the other firewall to work correctly again.

Well, you are here at the "Plesk - Onyx" - related - forum. If you desire help for other products/software/packages, pls. consider to open a thread at: => Home > Forum > General Discussion > Open Topics

I want that Plesk firewall module is managing it. But that is constantly blocking me out
"I need a step by step guide on how to setup the plesk firewall module"

You might be interested in a thread like: => no access via FTP

In addition, it would really help, if you provide corresponding entries from your logs, to that people trying to help you have something to start with their investigations. Descriptions are nice, but FACTS are better. ​

I'am trying my best to understand that KB. But I can't fix my errors. I'am trying to get ftp working with these lines but I failed. I even made it worst then it was before. Now I can't connect to the ftp anymore without disabling the firewall. So I destroyed my working setup with that tutorial.

I can't establish any connection: http://i.imgur.com/aUsJHhs.jpg

Here is an image of the firewall configuration: http://i.imgur.com/PlhJDZA.jpg

I did that: http://i.imgur.com/AhXGMXn.jpg

Make sure the passive ports range has been configured in the additional configuration ('.conf') file inside the '/etc/proftpd.d/' directory (check the content of files '50-plesk.conf' or '60-ppa.conf' if they exist and find the PassivePorts parameter). If not, create the configuration file manually. For example 'passive_ports.conf':

I allowed the passive range in the firewall plugin http://i.imgur.com/PlhJDZA.jpg

The ports range also should be allowed for incoming connections in your firewall (e.g., in Plesk > Tools & Settings > Firewall).

Where do I find log files that you need?

 

[UFHH01]

Hi TheLuckyGuy,

first of all, ... please RELAX for a second/minute/moment... you seem to overact, which blocks your logical thoughts. Get a coffee, tea, or what ever suits you best and eating a cookie might also be a good idea.

Firewall Module turned on. I could not connect to ftp again.

Pls. consider to READ and bookmark:

Plesk for Linux services logs and configuration files ( KB - article: 111 283 )​

... where you will find:

FTP

• Logs
  • /usr/local/psa/var/log/xferlog
  • /var/log/secure
• No service control (works via the Xinetd service)
• Configuration
  • /etc/xinetd.d/ftp_psa
  • /etc/proftpd.conf
  • /etc/proftpd.include

Pls. consider to inspect the log - file(s), to find possible issues/errors/problems, when trying to connect to your FTP - server.

So plesk is using the firewalld module

Wrong conclusion, sorry. The Plesk extension "Firewall" uses "iptables" and not the "firewalld" - daemon. You could verify that for yourself, by having a look at your link => http://pastebin.com/JJ7zXstF


Investigations:

=> http://i.imgur.com/aUsJHhs.jpg ... sorry... but this screenshot doesn't help to investigate issues. We can't see requests or answers to the requests... the only usefull information states clear, that the USER ( YOU or the FTP - client - software, where e even don't know, WHICH software you use, so that we might be able to reproduce your issue! ) aborted the log - process, which has got nothing to do with Plesk or it's components, or their configurations.

=> http://i.imgur.com/PlhJDZA.jpg ... according to your screenshot http://i.imgur.com/AhXGMXn.jpg you configured completely different ports, which really makes no sense here in your configuration. Why would some open port for "60000 - 65534" / tcp, when you configured the ports for ProFTPd with "57000 - 58000" ? ​

 

[TheLuckyGuy]

first of all, ... please RELAX for a second/minute/moment... you seem to overact, which blocks your logical thoughts. Get a coffee, tea, or what ever suits you best and eating a cookie might also be a good idea.

I relaxed know. And got it suddenly.

It was indeed the port thing. Thank you really much.

How can I be sure that the server will not block itself after restart?

 

[Dukemaster]

Hi @TheLuckyGuy and @UFHH01 who greatly helped me so much by his friendly, empathetic and understanding way of answering, but @IgorG and all others like the same.
I don't know if the guys know what to do now, or, if they disable everytime the Plesk Firewall and/or use unsecure normal ftp connection like I did.
But be sure, I have exactly the same problem and use FileZilla and Dreamweaver (both are not able to connect by SFTP.
Connected but not opened, network seems ok, says filezilla.
A step by step or detailed introduction would be the world greatest solution,
how to secure:
1. Complete Server (webserver together with Plesk and its components (3rd party).
2. Plesk Panel
I think this Plesk addon/built-in Firewall is only to protect Plesk Panel (!!!) itself and not the whole server and host, because of the
Solution 3. = ? [Providers firewall for the host (whatever it means)], I haven't used this since 2009. A former admin-helper in 2009 told me to disable it and made the ip-tables by his own.
The best solution ever of all time: Securing everything the Server, Plesk Panel, 3rd party only by Plesk.
Additional or main problem to handle safe connections and configure correctly mostly Filezilla/WinSCP + Dreamweaver.

Regarding to firewall I have this problem since the last years
(formerly fixed by opening Plesk Firewall for incoming traffic. But it only worked for normal (unsecure) FTP, not for SFTP (ProFTP).

Really, seems that no one wants to give the explizid how-to solution.
Security has to be most and main important point for everyone.

Greets

 

[UFHH01]

Hi Dukemaster,

Really, seems that no one wants to give the explizid how-to solution.

Sorry, but that will not work, because each server - administrator configures it's OWN, UNIQUE settings and configurations on it's server. People willing to help can't guess, HOW the server and Plesk has been installed ( unique templates/images from server hoster / manual installation based on unique scripts / manual installation based on manual commands / ... ) and therefore it is impossible to write a "How to" here, which might cover all possible steps. There are some things in the life of a server administrator, which can't be done with the help of "How to's" and "tutorials" - you just have to LEARN some linux basics here, when it comes to iptables and their usage. Pls. use the linux manuals for further answers and just make sure, that your new knowledge will be extended with the basic Plesk articles:

Which Ports Need To Be Opened for all Plesk Services to Work with a Firewall? ( KB - article 391 )​

and​

Plesk for Linux services logs and configuration files ( KB - article: 111 283 )​

P.S.: Pls. note, that this thread has been marked as "SOLVED". If you experience issues/errors/problems, you should consider to open your own thread, describing your issues/errors/problems/questions, so that people willing to help you, are able to answer to YOUR issues/errors/problems/questions.

 

[Dukemaster]

Again thanks a lot for your great wise summary of that what's important, needed and altogether what's possible.
I never knew your amazing links I collect all over the threads here. That's really my christmas present from you.