1 Topic by rik (edited by rik 2021-07-13 21:52:15)

  • rik
  • Member
  • Offline
  • Registered: 2021-07-13
  • Posts: 3

Topic: Firewall issue

I've have a problem with my server which is blocking ports i'm not telling it to block. I've cleared the iptables rules and turned of ufw but it still blocks a port. Is there a new kind of firewall iredmail is using i'm missing?

nft was the firewall I was missing.


==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version: 1.4.0 MARIADB edition
- Deployed with iRedMail Easy
- Linux/BSD distribution name and version: ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MARIADB
- Web server (Apache or Nginx):Nginx
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 816

Re: Firewall issue

Which port is blocked?

some isp block ports from outside, so it might not be related to your configuration at all, or that the port you are looking for is only listening to localhost and not public ip.

without any further information, this can't be solved

3 Reply by rik (edited by rik 2021-07-13 05:45:09)

  • rik
  • Member
  • Offline
  • Registered: 2021-07-13
  • Posts: 3

Re: Firewall issue

There are multiple blocked but I only care about 9090 atm. It seems that only the ones related to iredmail are open(22,25,80,110,143,443,587,993,995) and everything else is close leading me to believe its a firewall blocking them. As far as I can see my host (OVH) doesn't block any ports i'm trying to use. I've already made iptables accept everything and turned off/added the ports to ufw but those ain't the onces that block them.

4 Reply by wylel

  • wylel
  • wylel
  • Member
  • Offline
  • Registered: 2019-04-29
  • Posts: 63

Re: Firewall issue

Can you share the IPTABLES and UFW rules for that port that you have set? I would also check Fail2Ban to make sure its not blocking there.

5 Reply by rik

  • rik
  • Member
  • Offline
  • Registered: 2021-07-13
  • Posts: 3

Re: Firewall issue

iptables:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

ufw (when enabled)

Status: active

To                         Action      From
--                         ------      ----
9090                       ALLOW       Anywhere
9091                       ALLOW       Anywhere
22                         ALLOW       Anywhere
9090 (v6)                  ALLOW       Anywhere (v6)
9091 (v6)                  ALLOW       Anywhere (v6)
22 (v6)                    ALLOW       Anywhere (v6)

After looking into fail2ban configurations i've found a guy mentioning that most distros went to nft as default firewall.. After flushing those rules it works. So I guess the answer to my question was nft.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Firewall issue

Do you have /etc/default/iptables and it blocks port 8080 by default.
or /etc/nftables.conf?

7 Reply by hooman

  • hooman
  • Member
  • Offline
  • Registered: 2023-04-25
  • Posts: 1

Re: Firewall issue

ZhangHuangbin wrote:

Do you have /etc/default/iptables and it blocks port 8080 by default.
or /etc/nftables.conf?

I had issue with zabbix agent which I had installed on the iredmail server & the zabbix server couldn't connect to it. It was the nftable that had blocked all ports except the ones that iredmail services was using & by editing the /etc/nftables.conf the problem was solved!
Thank you very much