Control Web Panel
Security => CSF Firewall => Topic started by: iamstevenelson on November 13, 2016, 03:09:23 PM
-
Hello i am new to centos web panel and cloud hosting stuffs. My website using SMTP gsuite google apps email to collect enquiries from visitors via contact form. This works good if i turned off firewall in centoswebpanel. when i turned on firewall, smtp not working. customers are ended in json uncaught connection timed out error popups. How to fix this? i need firewall to protect our site from hackers and spammer ips.
Thanks
Steve
-
what about white-list the ips ?
-
how to whitelist googe apps ip? you mean these ip addresses? https://support.google.com/a/answer/60764?hl=en
-
you need to extract the ip addresses first
-
Could you please guide me the steps?
-
add this IP ranges to white list this are all google IPs
64.18.0.0/20
64.233.160.0/19
66.102.0.0/20
66.249.80.0/20
72.14.192.0/18
74.125.0.0/16
108.177.8.0/21
173.194.0.0/16
207.126.144.0/20
209.85.128.0/17
216.58.192.0/19
216.239.32.0/19
2001:4860:4000::/36
2404:6800:4000::/36
2607:f8b0:4000::/36
2800:3f0:4000::/36
2a00:1450:4000::/36
2c0f:fb50:4000::/36
172.217.0.0/19
-
add this IP ranges to white list this are all google IPs
64.18.0.0/20
64.233.160.0/19
66.102.0.0/20
66.249.80.0/20
72.14.192.0/18
74.125.0.0/16
108.177.8.0/21
173.194.0.0/16
207.126.144.0/20
209.85.128.0/17
216.58.192.0/19
216.239.32.0/19
2001:4860:4000::/36
2404:6800:4000::/36
2607:f8b0:4000::/36
2800:3f0:4000::/36
2a00:1450:4000::/36
2c0f:fb50:4000::/36
172.217.0.0/19
thank you let me try.
-
Sandeep.
Adding ips to whitelist not works but this solution is finally working.
You have to allow outgoing traffic to ports 25, 465, 587 and in the case of Mandrill 2525 as will. You should actually be fine enabling only the one you will connect to. So:
sudo vim /etc/csf/csf.conf
add 25,2525,465,587 to TCP_OUT, and to TCP6_OUT if you use IPv6.
You might also need to remove that ports from SMTP_PORTS if you have SMTP_BLOCK enabled (if it is set to 1).
http://stackoverflow.com/questions/26320979/configure-csf-to-allow-outbound-smtp
It will be useful if any one faces the similar issue.
thanks