only one website getting block by firewall

Offline

Issue

only one website getting block by firewall

Resolved

0 votes

Only one website getting block by firewall, its a https
add this rule to custom firewall with website ip/ website name, but its not working
iptables -t nat -I PREROUTING -d xxx.xxx.xxx.xxx -p tcp --dport 443 -j ACCEPT
no content filter that i know
Any help will be apreciate

In Firewall

Thursday, November 23 2017, 01:06 AM

Share this post:

Responses (7)

Accepted Answer

carlos feliciano

Offline
Monday, December 25 2017, 07:57 PM - #Permalink
Resolved

0 votes

Thanks for your help, but I decide to factory default the clearbox 300 maybe you can help me?

I been trying to restore my Clearbox 300 to factory with no luck, I think theres no CF card so Im not getting any menu when hitting the arrows keys to allow factory defaults. I downloaded Clearos 7.4 Bussiness trial from website. Using Rufus create the usb image and boot from usb.
But I have doubts if a install this trial version will it recognize my box and install as a full version or i will have to buy new a license?
The reply is currently minimized Show
Accepted Answer
Nick Howitt

Offline
Wednesday, December 13 2017, 12:56 PM - #Permalink
Resolved

0 votes

There is no easy way to disable the firewall temporarily,but I did not see any blocking when I looked at you firewall before. Please can you give the contents of /etc/clearos/network.conf as you seem to have a lot of interfaces and it is confusing me.

Do you have any custom firewall rules?

Are you running the proxy/content filter?

Also which is the LAN and destination IP being blocked?
The reply is currently minimized Show
Accepted Answer

carlos feliciano

Offline
Tuesday, December 12 2017, 10:13 PM - #Permalink
Resolved

0 votes

Is there a command to disable the firewall for a few seconds to see if I can open the website. Its an email web page by the way that is getting block. Right now im using a vpn to access the web page. But I need to fix this.
The reply is currently minimized Show
Accepted Answer
Nick Howitt

Offline
Saturday, November 25 2017, 02:08 PM - #Permalink
Resolved

0 votes

Are you trying to bypass the proxy for this address as I can't see any firewall blocking of anything going out through enp2s0?

Note that in Custom rules, it is safer to use "$IPTABLES" and not "iptables".

Also don't use FQDN's as you may not get the intended result. This is because iptables resolves the FQDN to an IP address when it applies the rule and it is only then that IP address which is matched going forwards. If the domain uses a round-robin for it's DNS, then next time you try that FQDN you may get a similar but different IP address and this will not be affected by your rule.
The reply is currently minimized Show

Accepted Answer

carlos feliciano

Offline

Saturday, November 25 2017, 01:44 AM - #Permalink

Resolved

0 votes

   iptables -nvL

Chain INPUT (policy DROP 16540 packets, 1238K bytes)

 pkts bytes target     prot opt in     out     source               destination 

 3749  220K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID

    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x12/0x12 state NEW reject-with tcp-reset

  736  149K DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02 state NEW

    0     0 DROP       all  --  enp2s0 *       127.0.0.0/8          0.0.0.0/0   

    0     0 DROP       all  --  enp2s0 *       169.254.0.0/16       0.0.0.0/0   

    0     0 DROP       all  --  enp7s0 *       127.0.0.0/8          0.0.0.0/0   

    0     0 DROP       all  --  enp7s0 *       169.254.0.0/16       0.0.0.0/0   

  135 16660 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0   

    0     0 ACCEPT     all  --  pptp+  *       0.0.0.0/0            0.0.0.0/0   

    0     0 ACCEPT     all  --  tun+   *       0.0.0.0/0            0.0.0.0/0   

18769 3582K ACCEPT     all  --  enp3s0 *       0.0.0.0/0            0.0.0.0/0   

 1169  397K ACCEPT     udp  --  enp4s0 *       0.0.0.0/0            255.255.255.255      udp spt:68 dpt:67

    0     0 ACCEPT     tcp  --  enp4s0 *       0.0.0.0/0            255.255.255.255      tcp spt:68 dpt:67

50767 3528K ACCEPT     udp  --  enp4s0 *       192.168.22.0/24      192.168.22.1         udp dpt:53

    5   269 ACCEPT     tcp  --  enp4s0 *       192.168.22.0/24      192.168.22.1         tcp dpt:53

    1    48 ACCEPT     icmp --  enp4s0 *       0.0.0.0/0            0.0.0.0/0            icmptype 0

  223 31332 ACCEPT     icmp --  enp4s0 *       0.0.0.0/0            0.0.0.0/0            icmptype 3

 4199 3361K ACCEPT     icmp --  enp4s0 *       0.0.0.0/0            0.0.0.0/0            icmptype 8

    0     0 ACCEPT     icmp --  enp4s0 *       0.0.0.0/0            0.0.0.0/0            icmptype 11

    0     0 ACCEPT     udp  --  enp5s0 *       0.0.0.0/0            255.255.255.255      udp spt:68 dpt:67

    0     0 ACCEPT     tcp  --  enp5s0 *       0.0.0.0/0            255.255.255.255      tcp spt:68 dpt:67

    0     0 ACCEPT     udp  --  enp5s0 *       192.168.20.0/24       192.168.20.1          udp dpt:53

    0     0 ACCEPT     tcp  --  enp5s0 *       192.168.20.0/24       192.168.20.1          tcp dpt:53

    0     0 ACCEPT     icmp --  enp5s0 *       0.0.0.0/0            0.0.0.0/0            icmptype 0

    0     0 ACCEPT     icmp --  enp5s0 *       0.0.0.0/0            0.0.0.0/0            icmptype 3

    0     0 ACCEPT     icmp --  enp5s0 *       0.0.0.0/0            0.0.0.0/0            icmptype 8

    0     0 ACCEPT     icmp --  enp5s0 *       0.0.0.0/0            0.0.0.0/0            icmptype 11

 1093 32012 ACCEPT     icmp --  enp2s0 *       0.0.0.0/0            0.0.0.0/0            icmptype 0

    0     0 ACCEPT     icmp --  enp2s0 *       0.0.0.0/0            0.0.0.0/0            icmptype 3

   11   544 ACCEPT     icmp --  enp2s0 *       0.0.0.0/0            0.0.0.0/0            icmptype 8

    0     0 ACCEPT     icmp --  enp2s0 *       0.0.0.0/0            0.0.0.0/0            icmptype 11

    0     0 ACCEPT     udp  --  enp2s0 *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68

    0     0 ACCEPT     tcp  --  enp2s0 *       0.0.0.0/0            0.0.0.0/0            tcp spt:67 dpt:68

    

 

Chain FORWARD (policy DROP 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination 

  237 13272 ACCEPT     all  --  enp4s0 enp3s0  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

  191  8404 DROP       all  --  enp4s0 enp3s0  0.0.0.0/0            0.0.0.0/0   

  474 50244 ACCEPT     all  --  enp3s0 enp4s0  0.0.0.0/0            0.0.0.0/0   

    0     0 ACCEPT     all  --  enp4s0 enp5s0  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

   54  3078 DROP       all  --  enp4s0 enp5s0  0.0.0.0/0            0.0.0.0/0   

    0     0 ACCEPT     all  --  enp5s0 enp4s0  0.0.0.0/0            0.0.0.0/0   

    0     0 ACCEPT     all  --  enp5s0 enp3s0  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

    0     0 DROP       all  --  enp5s0 enp3s0  0.0.0.0/0            0.0.0.0/0   

    0     0 ACCEPT     all  --  enp3s0 enp5s0  0.0.0.0/0            0.0.0.0/0   

    0     0 ACCEPT     all  --  enp5s0 enp4s0  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

    0     0 DROP       all  --  enp5s0 enp4s0  0.0.0.0/0            0.0.0.0/0   

    0     0 ACCEPT     all  --  enp4s0 enp5s0  0.0.0.0/0            0.0.0.0/0   

    

  30M   33G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

    0     0 ACCEPT     all  --  pptp+  *       0.0.0.0/0            0.0.0.0/0   

    0     0 ACCEPT     all  --  tun+   *       0.0.0.0/0            0.0.0.0/0   

 4820  334K ACCEPT     all  --  enp3s0 *       0.0.0.0/0            0.0.0.0/0   

 104K   11M ACCEPT     all  --  enp4s0 *       0.0.0.0/0            0.0.0.0/0   

    0     0 ACCEPT     all  --  enp5s0 *       0.0.0.0/0            0.0.0.0/0   



Chain OUTPUT (policy DROP 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination 

  135 16660 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0   

    0     0 ACCEPT     all  --  *      pptp+   0.0.0.0/0            0.0.0.0/0   

    0     0 ACCEPT     all  --  *      tun+    0.0.0.0/0            0.0.0.0/0   

11667 4165K ACCEPT     all  --  *      enp3s0  0.0.0.0/0            0.0.0.0/0   

27969 3959K ACCEPT     icmp --  *      enp2s0  0.0.0.0/0            0.0.0.0/0   

    0     0 ACCEPT     udp  --  *      enp2s0  0.0.0.0/0            0.0.0.0/0            udp spt:68 dpt:67

    0     0 ACCEPT     tcp  --  *      enp2s0  0.0.0.0/0            0.0.0.0/0            tcp spt:68 dpt:67

   



Chain DROP-lan (0 references)

 pkts bytes target     prot opt in     out     source               destination 

    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

The reply is currently minimized Show

Accepted Answer

carlos feliciano

Offline
Friday, November 24 2017, 10:09 PM - #Permalink
Resolved

0 votes

I cant post this info for security reasons. . What should I be looking for?
The reply is currently minimized Show
Accepted Answer
Nick Howitt

Offline
Thursday, November 23 2017, 01:08 PM - #Permalink
Resolved

0 votes

That sounds very odd. What is the output of:
iptables -nvL iptables -nvL -t nat
And please put the results between "code" tags (the piece of paper icon with a <> on it)
The reply is currently minimized Show

Your Reply

Please login to post a reply

You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.

Community Forums

ClearOS Portal

ClearVM Platform

ClearVM 2 Platform

Forums