RE: [qmailtoaster] Re: Apache issues

Mike Canty Wed, 12 Jan 2011 15:34:15 -0800

Eric,
        We are running the standard set up with iptables (see config below).
We also have in place a Cisco 800 Series Router.  The firewall part is not
really my thing, can you give me some pointers.


Cheers

# Generated by iptables-save v1.3.5 on Tue Jun 29 01:43:23 2010
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [6:1052]
-A INPUT -i eth0 -f -j DROP 
-A INPUT -s 127.0.0.0/255.0.0.0 -i ! lo -j DROP 
-A INPUT -s 10.0.0.0/255.0.0.0 -i ! lo -j DROP 
-A INPUT -s 224.0.0.0/240.0.0.0 -i ! lo -j DROP 
-A INPUT -s 0.0.0.0/255.0.0.0 -i ! lo -j DROP 
-A INPUT -s 255.255.255.255 -i ! lo -j DROP 
-A INPUT -s 169.254.0.0/255.255.0.0 -i ! lo -j DROP 
-A INPUT -s 221.240.0.102 -i ! lo -j DROP 
-A INPUT -s 203.215.94.193 -i ! lo -j DROP 
-A INPUT -s 218.71.137.68 -i ! lo -j DROP 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 20 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 25 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT 
-A INPUT -p udp -m udp --dport 53 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 110 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT

-A INPUT -p tcp -m tcp --dport 113 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT

-A INPUT -p tcp -m tcp --dport 143 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT

-A INPUT -p tcp -m tcp --dport 443 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT

-A INPUT -p tcp -m tcp --dport 465 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT

-A INPUT -p tcp -m tcp --dport 587 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT

-A INPUT -p tcp -m tcp --dport 873 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 902 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT

-A INPUT -p tcp -m tcp --dport 995 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -m state --state NEW -j REJECT --reject-with icmp-port-unreachable 
-A OUTPUT -o lo -j ACCEPT 
-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT 
-A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT 
-A OUTPUT -p icmp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
COMMIT
# Completed on Tue Jun 29 01:43:23 2010

-----Original Message-----
From: Eric Shubert [mailto:e...@shubes.net] 
Sent: Thursday, 13 January 2011 9:55 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Apache issues

On 01/12/2011 03:16 PM, Mike Canty wrote:
> To all,
>
> I have a server that is having some problems with some "apache"
> services.The machine appears to have a runaway process that takes up
> just over 20% of the CPU, but this is enough to stop all mail and to a
> certain extent network as well.
>
> The problem for me is this machine is at a remote site. When this
> process runs away, I cannot connect to the network remotely, to resolve
> the issue, I need to get someone internally to log on to the server
> itself and kill the process.
>
> When I say "Apache", that is the user listed against the process, so it
> must be some form of web service.The command at fault is either "std" or
> "s", although I have seen a "perl" command giving issues as well, but
> not to the same effect.
>
> Does anyone have any idea what may be causing this?Or what I can do to
> rectify?
>
> Cheers
>
> Mike Canty
>

 From what you've said, it sounds a little like a DoS attack. It sounds 
as though the problem process is saturating the network.

What sort of firewall, internal to QMT as well as external, is involved?

-- 
-Eric 'shubes'


----------------------------------------------------------------------------
-----
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
    Vickers Consulting Group offers Qmailtoaster support and installations.
      If you need professional help with your setup, contact them today!
----------------------------------------------------------------------------
-----
     Please visit qmailtoaster.com for the latest news, updates, and
packages.
     
      To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
     For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com




---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
    Vickers Consulting Group offers Qmailtoaster support and installations.
      If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
     Please visit qmailtoaster.com for the latest news, updates, and packages.
     
      To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
     For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Re: Apache issues

Reply via email to