1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Firewall settings

Discussion in 'Plesk for Linux - 8.x and Older' started by Farshad@, Dec 27, 2004.

  1. Farshad@

    Farshad@ Guest

    0
     
    Hi everywone,

    Can anyone tell me how to setup the plesk firewall?

    I have this settings:

    Plesk administrative interface Allow incoming from all
    WWW server Allow incoming from all
    FTP server Allow incoming from all
    SSH (secure shell) server Allow incoming from all
    SMTP (mail sending) server Allow incoming from all
    POP3 (mail retrieval) server Allow incoming from all
    IMAP (mail retrieval) server Allow incoming from all
    Mail password change service Allow incoming from all
    MySQL server Allow incoming from all
    PostgreSQL server Allow incoming from all
    Tomcat administrative interface Allow incoming from all
    Samba (file sharing in Windows networks) Allow incoming from all
    Plesk VPN Allow incoming from all
    Domain name server Allow incoming from all
    Ping service Allow incoming from all
    System policy for incoming traffic Deny all other incoming traffic
    System policy for outgoing traffic Deny all other outgoing traffic
    System policy for forwarding of traffic Deny forwarding of all other traffic

    Is this ok?

    Thanks!
     
  2. lvalics

    lvalics Silver Pleskian Plesk Guru

    36
    43%
    Joined:
    Jun 20, 2003
    Messages:
    963
    Likes Received:
    32
    Location:
    Romania
    Try to restrict SSH access to IP.
    Also if you don't use VPN, Samba, Tomcat Admin or anything else, disable it, drop connection on that ports.
     
  3. Farshad@

    Farshad@ Guest

    0
     
    Ok, It's now:

    Plesk administrative interface Allow incoming from all
    WWW server Allow incoming from all
    FTP server Allow incoming from all
    SSH (secure shell) server Allow incoming from xx.xx.xx.xxx
    Deny incoming from all others
    SMTP (mail sending) server Allow incoming from all
    POP3 (mail retrieval) server Allow incoming from all
    IMAP (mail retrieval) server Allow incoming from all
    Mail password change service Allow incoming from all
    MySQL server Allow incoming from all
    PostgreSQL server Allow incoming from all
    Tomcat administrative interface Deny incoming from all
    Samba (file sharing in Windows networks) Deny incoming from all
    Plesk VPN Deny incoming from all
    Domain name server Allow incoming from all
    Ping service Allow incoming from all
    System policy for incoming traffic Allow all other incoming traffic
    System policy for outgoing traffic Allow all other outgoing traffic
    System policy for forwarding of traffic Deny forwarding of all other traffic


    I can't change the System policy for incoming and outgoing traffic to Deny, beceause then no one can login to the ftp. Is this a bug? I put the log file below:

    connecting to xxx.xxx.xxx.xx:21
    Connected to xxx.xxx.xxx.xx port 21
    220 ProFTPD 1.2.10 Server (ProFTPD) [xxx.xxx.xxx.xx]
    USER xxxxx
    331 Password required for filarn.
    PASS (hidden)
    230 User xxxxx logged in.
    PWD
    257 "/" is current directory.
    SYST
    215 UNIX Type: L8
    Host type (S): UNIX (standard)
    PASV
    227 Entering Passive Mode (xxx,xxx,xxx,xx,143,243).
    connecting to xxx.xxx.xxx.xx:36851
    - -
    connecting to xxx.xxx.xxx.xx:36851
    Connected to xxx.xxx.xxx.xx port 36851
    LIST
    150 Opening ASCII mode data connection for file list
    Received 1071 bytes in 0.1 secs, (10.46 KBps), transfer succeeded
    226-Transfer complete.
    226 Quotas off

    The log above is for "passive transfer mode", but if I choose "active transfer mode" then it will use just one port (21) and it's still impossible to make a ftp-connection...
     
  4. JLChafardet

    JLChafardet Regular Pleskian

    26
    57%
    Joined:
    Feb 20, 2004
    Messages:
    379
    Likes Received:
    0
    Location:
    Caracas - Venezuela
    i would recomend you to set mysql and postgre to only allow conections from localhost (127.0.0.1, and the main server ip addresses)

    that way no one will be able to relay it.

    I do on my server and works great.
     
  5. modom

    modom Guest

    0
     
    Hi,

    Is that to deny connections from all the IP's on your server or one of these?

    network (not usable)
    gateway (not usable)
    xx.xxx.xx.xx server IP (usable)(main IP, usable)
     
Loading...