• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

License update fails - ka.swsoft.com

C

carpman

Guest
Hello, ok when trying to retrieve keys for license update it fails with error:

Code: 
Licensing Server Unreachable: Unable to connect with licensing server.
Please make sure that your network allows communication to ka.swsoft.com:5224.
For more details check system help pages.


output via ssh shows issues with ka.swsoft.com


Code: 
# nmap -P0 -p5224 ka.swsoft.com

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2008-07-28 11:51 GMT
Failed to resolve given hostname/IP: ka.swsoft.com.  Note that you can't use '/mask' AND '[1-4,7,100-]' style IP ranges
WARNING: No targets were specified, so 0 hosts scanned.
Nmap run completed -- 0 IP addresses (0 hosts up) scanned in 0.024 seconds

# traceroute ka.swsoft.com
traceroute: unknown host ka.swsoft.com

i have added ka.swsoft.com to hosts.allow but still no joy, i know the domain is ok as can find from home connection.


I am using the firewall via plesk CP which setup as below, i even added rule to allow outgoing to port 5224

Code: 
#!/bin/sh
#
# Automatically generated by Plesk netconf
#

set -e

echo 0 > /proc/sys/net/ipv4/ip_forward
([ -f /var/lock/subsys/ipchains ] && /etc/init.d/ipchains stop) >/dev/null 2>&1 || true
(rmmod ipchains) >/dev/null 2>&1 || true
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -m state --state INVALID -j DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A FORWARD -m state --state INVALID -j DROP
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
/sbin/iptables -t mangle -Z
/sbin/iptables -t mangle -P PREROUTING ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT
/sbin/iptables -t mangle -P INPUT ACCEPT
/sbin/iptables -t mangle -P FORWARD ACCEPT
/sbin/iptables -t mangle -P POSTROUTING ACCEPT
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -t nat -Z
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 8443 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 995 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 143 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 993 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 106 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 5432 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 9008 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 9080 -j ACCEPT

/sbin/iptables -A INPUT -p udp --dport 137 -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 138 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 139 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 445 -j ACCEPT

/sbin/iptables -A INPUT -p udp --dport 1194 -j ACCEPT

/sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 53 -j ACCEPT

/sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -j ACCEPT

/sbin/iptables -A INPUT -j ACCEPT

/sbin/iptables -A OUTPUT -p tcp --dport 5224 -j ACCEPT
/sbin/iptables -A OUTPUT -p udp --dport 5224 -j ACCEPT

/sbin/iptables -A OUTPUT -j ACCEPT

/sbin/iptables -A FORWARD -j DROP

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /usr/local/psa/var/modules/firewall/ip_forward.active
chmod 644 /usr/local/psa/var/modules/firewall/ip_forward.active
#
# End of script
#
 
Hello, ok i change my dns resolve setting to the OpenDNS resolvers IP and now i can ping and nmap update domains, traceroute seem to have issues.

Code: 
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2008-07-28 16:45 GMT
Interesting ports on ka.parallels.com (64.131.90.38):
PORT     STATE SERVICE
5224/tcp open  unknown

Code: 
# traceroute ka.swsoft.com
traceroute to ka.swsoft.com (64.131.90.38), 30 hops max, 38 byte packets
 1  uunet-gw.supremeservers.co.uk (194.216.112.1)  0.232 ms  0.193 ms  0.189 ms
 2  62.255.63.33 (62.255.63.33)  14.446 ms  8.047 ms  8.015 ms
 3  brhm-lam-2-tenge14-2544.network.virginmedia.net (62.255.63.34)  9.251 ms  10.289 ms  7.829 ms
 4  brhm-t3core-1a-ge-210-0.network.virginmedia.net (213.106.231.245)  7.559 ms  7.364 ms  7.056 ms
 5  bir-bb-a-so-020-0.network.virginmedia.net (213.105.174.1)  10.922 ms  7.366 ms  7.867 ms
 6  bir-bb-b-ge-000-0.network.virginmedia.net (62.253.185.154)  8.392 ms  7.498 ms  7.618 ms
 7  nth-bb-a-so-100-0.network.virginmedia.net (62.253.185.105)  7.314 ms  7.528 ms  8.053 ms
 8  * * *
 9  cr02.frf02.pccwbtn.net (80.81.192.50)  24.340 ms  23.356 ms  23.000 ms
10  servint.ge5-7.br01.wdc02.pccwbtn.net (63.218.83.2)  104.288 ms  109.548 ms  112.482 ms
11  dl1-si-dc.swsoft.net (64.131.87.10)  104.463 ms  105.278 ms  103.780 ms
12  ix7-si-dc.swsoft.net (64.131.90.221)  104.329 ms  104.464 ms  105.303 ms
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
 
Ok i left it overnight and seem autoupdater worked with change of dns
 
that trace route probably just means that they dont allow echo from out side of their network past the edge routers. We dont allow those on our network from anything not on our ip space either, so it may not be representative of a problem.
 
You must log in or register to reply here.

Similar threads

S
Issue Cant activate the plesk firewall
Replies
5
Views
828
martinez.marcias@gmai
M
Liwindo
Input New Firewall App 18.0.52
Replies
4
Views
1K
Liwindo
Liwindo
Sailorhost
Question IPv6 unreachable
Replies
4
Views
2K
Sailorhost
Sailorhost
E
Issue IPv6 - unreachable domain
Replies
6
Views
2K
mow
M
ChrisMonder
Question How to ignore/block POP3/IMAP login attempts for a non existent domain in my server?
Replies
4
Views
3K
ChrisMonder
ChrisMonder
Back
Top