Plesk Firewall question

[ebijs]

Hello guys,

I have read this useful topic. Many thanks for that.

My provider however ask me to open a specific IP address to open all ports on protocols (TCP / UDP and ICMP) for all in- and outbound traffic.

How should I implement this in pfwmng.js?

Ebijs.

 

[visupport]

Custom firewall port settings

In Plesk pfwmng.js the following arrays are set:

var PortsTCP = new Array ("20",21,22,25,53,80,110,143,443,465,993,995,3389,8443
30000);
var PortsUDP = new Array ("0", 53, 53, 0, 123, 123);

To add specific tcp ports (e.g., Remote Man Server
9535/tcp and SNMP 161/udp) these arrays should be modified like this:

var PortsTCP = new Array ("20",21,22,25,53,80,110,143,443,465,993,995,3389,8443
30000,9535);
var PortsUDP = new Array ("0", 53, 53, 0, 123, 123,0,161,161);

 

[dimensions]

Switching firewall on crashed server

Hmm, probably firewall is a little bit too strict. Try this version - pfwmng_ft2.zip
Download, unpack, and replace pfwmng.js script that comes in Plesk/admin/bin with the new one. Please let us know how it works for you.

Tried the above.
But after replacing the file the firewall never started and crashed the server. All services went down?

any idea?

 

[jhabbley]

I've had Plesk 7.0.2 installed and running great for the past month or so. I'm more than pleased with the product overall. The firewall is limited, configuration-wise, but works fine.

Today, I wanted to allow Enterprise Manager access (via port 1433) from my desktop. So I modified the pfwmng.js file as described above to allow access to port 1433 from my ip address specifically. However, I'm runnign into some problems...

Even though I've backed out all of my changes to pfwmng.js, I'm still getting this particular error in the EventLog.

Source: Application Error
Category: (100)
Type: Error
Event ID: 1000
Description:
"Faulting application netsh.exe, version 5.2.3790.0, faulting module ipmontr.dll, version 5.2.3790.0, fault address 0x0000461d

If I run the pfwmng.js from the command line (via "cscript -nologo pfwmng.js --mode on"), everything works great and the firewall works.

However, if I try to enable the firewall via the Plesk interface, this error shows up, and "netsh routing ip show filter 'Local Area Connection'" only shows filters up to port 465 as being established. This leads me to think that for some reason, it's breaking on port 993 (the next port in the PortsTCP Array in the script)

Any ideas?

Again, this error happens even with all of my modifications to pfwmng.js removed. And the script seems to run fine via the command line. So it's got to be the way Plesk is executing it, right?

 

[webm2]

Trying to get Plesk firewall to allow connetion to remote MS SQL server

We have 2 Windows2003 servers on the same network. 1 runing Plesk 7 and one as a dedicated MS SQL 2000 server.

When we turn on Plesk Firewall, it is blocking the connection to the SQL server.

I have added TCP port 1433 to the pfwmng.js, then recycled the firewall, but it didn't seem to help.

Any Ideas?

Also, what is the proper way to open up outbound traffic from the server via the web browser and FTP while Plesk Firewall is on. I saw that JayTee and AndiC_UK were discussing this in an earlier thread.

Thanks for your help!

 

[empc]

Hey LastChoice, thx for that explanetion.
Only when i am trying to use it i get some kind of error from plesk (and when i try to use the command with hand in a dos box i also get a simulair error). What i added was the next line:

tfile.WriteLine ("routing ip add filter " + intf + " input 217.115.203.226 255.255.255.224 0.0.0.0 0.0.0.0 proto=tcp 0 0");

It's based on the following line that LastChoice posted:
tfile.WriteLine ("routing ip add filter " + intf + " input yyy.yyy.yyy.yyy mmm.mmm.mmm.mmm 0.0.0.0 0.0.0.0 proto=tcp 0 0");

But when i add mine line into the script and i restart the firewall then i get the next error:

ICF::update() failed: ifmng::set_icf() failed:
ifmng failed: Unable to set firewall mode:
Setting mode "On" Adding Input Filters on "LAN-verbinding" Netsh commands in the file
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rad40CD1.tmp" have failed to execute.
The reason given is: Het volgende IP-adres is geen geldig adres: 255.255.255.224. 1 Error(s) during execution.

--------------------------------------------------------------------------------
0: D:\Plesk\admin\htdocs\server\icf.php:29 psaerror(string "ICF::update() failed: ifmng::set_icf() failed:
ifmng failed: Unable to set firewall mode: Setting mode "On" Adding Input Filters on "LAN-verbinding"
Netsh commands in the file "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rad40CD1.tmp" have failed to execute.
The reason given is: Het volgende IP-adres is geen geldig adres: 255.255.255.224. 1 Error(s) during execution. ")


("Het volgende IP-adres is geen geldig adres: 255.255.255.224." this means: "The following IP-adress is not a valid adress: 255.255.255.224")

So i think, let's put the mask the 0.0.0.0 but then i get the same error (only the ip numbers are changed into 0.0.0.0 and not 255.255.255.224).

Does any of you have any idea what i am doing wrong?
I have checked and double checked the mask on mine server and i know for sure that this adress is the rigth one.

The server i am running plesk on is an windows 2003 server and it's running plesk 7.0.2

 

[dimensions]

PASV doens work when Firewall on

How do we enable PASV FTP connections when the firewall is on?