Forums

Resolved
0 votes
My server is community 6.8.0 version, configured as a gateway, web proxy transparent enabled, antivirus and antiphishing enabled, intrusion detection and prevention enabled, the content filter is on. Egress firewall allows all, the Custom filter is configured to prevent 80 and 443 ports for IPs that are forbidden to use the Internet.
Here is a sample of the iptables rule iptables -t nat -A PREROUTING -p tcp -s 192.168.21.120 --dport 443 -j DNAT --to 192.168.21.1
My problem is that eg 192.168.21.120 IP address, or the computer that is configured with the specific address, is not able to connect to https sites after I delete iptables rule that denies https traffic and restart ClearOS server. This happens with all IPs I am trying to enable.
This firewall issue has happened recently and I am able to use only IP addresses that I am using for a longer time. And those addresses are working normally - browsing http and https sites without any problems. When I change the IP on the computer that cannot access the Internet to the IP that is working, it is working fine...
it might be important to say that I had a problem related to firewall antivirus this week - one of the sites I am visiting was not reachable when antivirus was enabled in App Policies - the message was something like antivirus cannot scan sometging..., but after a day or two - it was working fine.
I would highly appreciate any help related to mentioned above!
Thursday, February 01 2018, 04:49 PM
Share this post:

Accepted Answer

Thursday, February 01 2018, 05:49 PM - #Permalink
Resolved
0 votes
Please can you give a full iptables listing with:
iptables -nvL
iptables-nvL -t nat
Please put the listing between "code" tags which is the piece of paper icon with a "<>" on it.

Re the antivirus, there was a bad rule released by the clamav team which on servers with high use blocked all sorts of websites. The clamav people released a rule set later in the day to remove the bad rule. ClearOS updates the clamav rules itself hourly so the problem would have gone away within an hour of the updates rules being made available.
The reply is currently minimized Show
Responses (3)
  • Accepted Answer

    Thursday, February 01 2018, 06:55 PM - #Permalink
    Resolved
    0 votes
    Hi Nick
    I am updating server now, I will send listing as soon as it is done.
    Yes, clamav was the cause and it was solved quickly.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, February 01 2018, 07:31 PM - #Permalink
    Resolved
    0 votes
    iptables -nvL
    deleted
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, February 01 2018, 07:35 PM - #Permalink
    Resolved
    0 votes
    iptables-nvL -t nat

    Here is what i have learned:

    All files in /etc/clearos/firewall.d/ are in use by the firewall config!
    I had a file named 'custom_backup' in the same directory filled with outdated iptables rules content, and those rules were applied as well!!!
    After deleting 'custom_backup' file from /etc/clearos/firewall.d/ folder and restarting firewall, everything is working as supposed to.

    Thanks Nick, iptables -nvL -t nat helped me to solve the issue - it was obvious what was going on!

    Bye
    The reply is currently minimized Show
Your Reply