Forums

Resolved
0 votes
Hi folks, I hope someone can shed light on this. I am running ClearOS 6.6 community, with great success for a few years now. My users are accessing a data volume via ftp and sftp with no issues. Starting yesterday, people started having connection problems. They would see connection refused (from a variety of clients winscp, ftp, windows, mac, linux) coming in from the outside. My comcast router has port forwarding rules that haven't changed with 21 and 22 open, and range 60000-61000. Watching the /var/log/secure I see them attempting to get authenticated (in some cases). They get booted off, and I don't see sessions closed. Now no one can get in, except for me here on the local network. I can ssh in locally no problem. From outside ssh fails. Before I get lost with comcast support, I'm wondering if anyone out there has advice? I hate to abandon this setup, its been perfect for a LONG time. Please help!
In Support
Wednesday, April 08 2020, 04:23 PM
Share this post:
Responses (2)
  • Accepted Answer

    Wednesday, April 08 2020, 08:52 PM - #Permalink
    Resolved
    0 votes
    Thanks Nick - yes I do realize I should upgrade. I hate to touch anything that's working, of course. I was able to figure this out and we can make this resolved. Maybe this explanation will be useful to someone.

    I actually work for Arris (now CommScope) and the router is from Arris - my ISP is Comcast.

    It has an "Advanced Security" feature (nice marketing). which allows them to manage a table of blacklisted ip addresses. Its used for the Parental control features. In my case I have the comcast router port forwarding to clearos for ftp and sftp using the standard ports. And of course I'm constantly getting whacked with guess-the-password (and other) attacks. Relentlessly.

    Apparently, at some point in the recent past, they instituted a rule that if the advanced security feature is turned on (the default), it uses and tracks an ip address blacklist. That blacklist renders the port forwarding ineffective for ip addresses it decides are "bad". My regular users somehow made it onto the list, and were silently failing. I managed to find the comcast webpage (you can't do it on the router any more), turned OFF Advanced Security, and then had to restore the portforwarding settings. Working again!

    Moral of the story:


    write down your port forwarding router rules
    keep up with your ISP and the feature set implemented for your router
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, April 08 2020, 05:55 PM - #Permalink
    Resolved
    0 votes
    I hope you're really on 6.9 or 6.10, whatever is the latest! There have been no updates since last summer and 6.x went end of life last year. Really you should be looking to upgrade to 7.x.

    From my last statement you may realise there have been no updates for a long time so nothing has been changed in ClearOS. Are you out of disk space or memory. Dor disk space do a "df -h", for memory, check the logs for something like OOM Killer (but make the search case insesnitive and I don't know the exact words.
    The reply is currently minimized Show
Your Reply