Tag Archives: iptables

How to set firewall rules from a GUI in CentOS

CentOS-LogoSick and tired of countless command line statements to set your firewall rules? Me too. No matter what I try, I never get the results quite right. There’s always some switch I forget and ultimately something isn’t working.

For years I was thinking, “there has to be an easier way, like there is in Plesk”?

And today I found that there is: a rather un-obvious tool called system-config-firewall. It’s a godsend and works in CentOS 6 with iptables, and in CentOS 7 with firewalld.

Installation

To make use of it, install the following two packages:

The first one is a version that runs under Gnome and KDE, and second one works on the command line.

The Command Line Version

You can invoke the command line version by running

and it will present you with the following interface. You may need to switch the firewall off temporarily, but the tool will tell you if that’s necessary:

Screen Shot 2015-02-10 at 22.33.26

Here’s how to use the interface:

  • use the cursor keys to move up and down
  • use the SPACE bar to select items
  • use TAB to choose the next option
  • and once selected, hit RETURN

Screen Shot 2015-02-10 at 22.33.52

 

system-config-firewall has several built-in presets, such as DNS, FTP, Mail, standard and secure http ports and many others. If you need to open a specific port, hit Add on the “other” screen and define both the port and the protocol. In this example I’m opening port 3306 for incoming MySQL traffic:

Screen Shot 2015-02-10 at 22.39.30

Step forward through all available options, or select Close to move back to the first screen. Make sure the Firewall Enabled option is ticked, then hit OK and all your rules will be saved.

The Desktop Version

If you have Gnome or KDE installed, you can invoke the Desktop Version from the command line like this:

In addition, there should also be a handy menu item under System – Administration – Firewall which will start the same thing.

Screen Shot 2015-02-10 at 22.48.05

The options are much the same, perhaps a little easier on the eye and easier to select. In addition you have a Wizard which will let you start your firewall rules with a clean slate (great if you’ve been previously poking around on the command line, potentially messing things up).

Screen Shot 2015-02-10 at 22.48.53

Thousand thanks to all the developers who have written this tool: Thomas Woerner, Chris Lumens, Florian Festi, Brent Fox and many others.

  • https://bugs.centos.org/view.php?id=7831
  • http://www.cyberciti.biz/faq/linux-web-server-firewall-tutorial/
  • http://wiki.centos.org/HowTos/Network/IPTables

How to allow passive FTP connections in Plesk on Amazon EC2

AWS LogoPassive FTP connections should work out of the box in Plesk. If no other firewall or NAT is interfering with it.

I’ve recently noticed that when I install Plesk on Amazon EC2 every passive FTP connection fails with an error such as “Server sent passive reply with unroutable address. Passive mode failed.”

The reason for this mishap is twofold:

EC2 instances are behind a NAT, and therefore have an internal (unroutable) IP, and an external (public) IP. When a passive connection request comes in, ProFTP – Plesk’s default FTP Server – tells the connecting client its internal private IP address, and in turn quite rightly fails to connect to it.

On top of that, we need to make sure to open a range of ports we want to use for passive FTP connections and tell ProFTP only to use those.

Let’s do all this this step by step!

Continue reading How to allow passive FTP connections in Plesk on Amazon EC2

How to open the web interface ports for Plesk on CentOS

After installing Parallels Plesk on a fresh server you may need to open ports 8443 and 8447 to access the web interface. These ports are not open by default. If your installation went fine but you can’t access Plesk in your browser via https://yourdomain.com:8443 then it’s likely that those ports aren’t open.

Port 8443 is for Plesk Panel, and 8447 is for additional packages you can install via the web interface. Thanks a million to John Veldboom to this critical tip!

Here’s how to do it:

Now add the following two lines under the INPUT ACCEPT section:

Restart the service for those changes to take effect:

This should also work on Fedora and of course RedHat Linux.

If you get an error message upon restart, it may be that copy/paste replaced the minus signs in those switches. Just go through and replace every – manually.

  • https://wpguru.co.uk/2011/11/how-to-setup-plesk-on-new-server/
  • http://wiki.centos.org/HowTos/Network/IPTables
  • https://accounts.serverpronto.com/knowledgebase.php?action=displayarticle&id=2

How to install Plesk on CentOS 6

The other day I got myself a brand new server – so barebones that I had to do everything myself, including picking a Linux distribution. Sadly the one I wanted (CentOS 6) did not come bundled with Plesk so I had to install it manually.

I thought I’d better take some notes so I can retrace my steps.

At the time of writing, Plesk 10.3 is current, with 10.4 just around the corner. Keep this in mind – things tend to change drastically with every major release.

Continue reading How to install Plesk on CentOS 6