Re: [Fail2ban-users] ProFtpd DROP net-fw TLS connection from client ftp
Il 2017-08-09 11:30 Darac Marjal ha scritto: On Tue, Aug 08, 2017 at 03:55:52PM -0400, Bill Shirley wrote: Looks like you haven't opened up sftp(port 115) in Shorewall. Post on the shorewall-us...@lists.sourceforge.net list. Tom Eastep is very helpful. [..] I don't know if is Fail2ban to tell to Shorewall to Drop this connection or if I should open a specific question on Shorewall ML. Hi friends, I'm here today at a step from the atomic Holocaust (..) I have deepened the situation thanks to the support of the list Shorewall and I have come to the solution, that here I expose here. The problem was the passive ports that FTPS (not SFTP) need, and here the solution: ProFtpd (sftp.conf-> that could be now renamed to tls.conf or ftps.conf as you like): PassivePorts39152 49152 Shorewall (rules): ACCEPT net $FW tcp 39152:49152 #PROSFTP PASSIVE PORT Thanks again Davide -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Re: [Fail2ban-users] ProFtpd DROP net-fw TLS connection from client ftp
Hi, There is a big difference between sftp (SSH file transfer) and ftps (FTP over SSL). For SFTP, port 115 seems to be reserved (but I believe most ssh implementations just use the ssh port (22) for this). For FTPS, ports 989 (data) and 990 are reserved. It depends on what you configured in proftpd, maybe it can do both protocols. The commmand "sudo netstat -tunlp | grep -i proftp" will show you on which ports your running instance of proftpd is listening. Then decide which ports you need to open in your firewall. Anyway, this is no fail2ban question :) Good luck, Tom Hendrikx On 09-08-17 10:16, Davide Marchi wrote: > Il 2017-08-08 21:55 Bill Shirley ha scritto: >> Looks like you haven't opened up sftp(port 115) in Shorewall. Post on >> the >> shorewall-us...@lists.sourceforge.net list. Tom Eastep is very helpful. > > > I've open the 115 port both with Shorewall and PROFTPD (and restart), > but with no luck. > Now I open a post to Shorewall-users! > > >> >> If it were fail2ban blocking traffic, you would see it in the log file. >> > > > Yes I know, but I had the fear of not having read well all the logs.. > > >> Note if you're not using fail2ban with ipsets actions instead of >> iptables, you're >> going to run into problems if you do a 'shorewall restart'. It will >> clear your bans. >> > > > I think I'm right in this situation! Obviously I would like to switch to > Ipsets mode now that you warned me of the danger (and thank you very > much for that!) > Could you give me some documentation link to deepen the topic? > > >> If you still think the problem could be fail2ban, post your config, >> action, and log >> files. >> >> Billlists.sourceforge.net/lists/listinfo/fail2ban-users > > > > > Many thanks Bill! > > -- > > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Re: [Fail2ban-users] ProFtpd DROP net-fw TLS connection from client ftp
Looks like you haven't opened up sftp(port 115) in Shorewall. Post on the shorewall-us...@lists.sourceforge.net list. Tom Eastep is very helpful. If it were fail2ban blocking traffic, you would see it in the log file. Note if you're not using fail2ban with ipsets actions instead of iptables, you're going to run into problems if you do a 'shorewall restart'. It will clear your bans. If you still think the problem could be fail2ban, post your config, action, and log files. Bill On 8/8/2017 1:42 PM, Davide Marchi wrote: Hi friends, I tell you immediately that I am not clear whether the matter concerns Shorewall rather than Fail2ban, so you have pity for me :-) I've configured ProFtpd to connect by tls (SSLv3 TLSv1 -> Letsencypt certificate) and if I stop shorewall the "sftp" connection works fine, but with Shorewall up, it DROP the connection: Aug 8 18:50:10 server kernel: [16438563.572121] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=132.142.22.10 DST=44.320.032.111 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=63283 DF PROTO=TCP SPT=33175 DPT=55298 WINDOW=29200 RES=0x00 SYN URGP=0 Now I wondering where is the problem, I don't know if is Fail2ban to tell to Shorewall to Drop this connection or if I should open a specific question on Shorewall ML. Many thanks to all! Davide Italy -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users