[Scenario]

Okay Linux users, this is your time to shine!

I currently have a single dedicated server running CentOS 6 and IP tables. This one hosts my TS3, SA:MP and web services. I have a small VPS on a completely different network with a completely different host that is dedicated to running the IRC network.

The problem is, when the SA:MP IRC bots try to connect to the IRC VPS, they simply timeout. Obviously, not getting through the firewall on the dedicated Linux box. I have tried adding MULTIPLE different entries to the firewall and have enabled/disabled/restarted the firewall hundreds of times, to no avail. The bot's just won't connect!

Does ANYBODY know why this could be? Or, better yet, the exact entries I need to configure on the firewall?

I've checked the IRC VPS's firewall and it's not blocking connections, so it makes no sense.

[RayW]

In the iptables rules file, make sure the ACCEPT rules get placed before the DROP and REJECT rules.

This should allow IRC connections:

Код:

iptables -A INPUT -i eth0 -p tcp -m tcp --sport 6667 -j ACCEPT 
iptables -A OUTPUT -o eth0 -p tcp -m tcp --dport 6667 -j ACCEPT

Obviously change eth0 to whatever network interface you're using.

[dugi]

Some of the server providers block the default irc port on their routers completely, most of the irc networks such as ours have another alternative port that's rarely blocked: 8067, so I suggest trying that also.

[Scenario]

Quote:

Originally Posted by RayW In the iptables rules file, make sure the ACCEPT rules get placed before the DROP and REJECT rules. This should allow IRC connections: Код: iptables -A INPUT -i eth0 -p tcp -m tcp --sport 6667 -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp -m tcp --dport 6667 -j ACCEPT Obviously change eth0 to whatever network interface you're using.

Added those rules, enabled the new configuration, restarted the firewall service, disabled the service, enabled the service, restarted the SA:MP server, reloaded the FS, still no connection. It seems to only get through when I COMPLETELY disable the firewall on the dedicated box.

Quote:

Originally Posted by dugi Some of the server providers block the default irc port on their routers completely, most of the irc networks such as ours have another alternative port that's rarely blocked: 8067, so I suggest trying that also.

I thought of that too, but people can still connect to the IRC through regular IRC clients, so that can't be the problem. The SA:MP server's IRC bots only connect when the firewall on the dedicated box is completely turned off...


EDIT: Seems like it only works when either the firewall is disabled completely, or after trying to connect, I restart the firewall- it will connect.

[RayW]

You may have to edit the iptables rules file manually. For CentOS, I believe that is located in /etc/sysconfig/iptables - What you'll need to do is place the ACCEPT rules above all the DROP and REJECT rules... OR you could flush iptables complete (iptables -F) and re-add all your iptables one by one, starting with the ACCEPT rules for IRC.

If that still does not work, can you provide a copy of iptables -L ?

[Scenario]

Actually, it seems like the actual configuration isn't being loaded. I ran a search on the IRC VPS's IP address, and it didn't find anything. So, now I'm checking the file manually, still not seeing the IP. Even though the configuration is set to allow all incoming/outgoing packets for the IP.

Something VERY interesting is going on here...




RESOLVED. It seems there was a major configuration issue. The problem has seemingly resolved itself.

Thanks for the help, RayW and dugi!