Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
241
CSF Firewall / Re: How to make WireGuard work?
« on: March 14, 2022, 05:00:39 AM »
CSF firewall uses it's configuration file to write the iptables rules. But it does not have the ability to do masquarading built in. So they have a call in their program to look for 2 files. csfpre.sh, and csfpost.sh where you can customize rules for the firewall that it cannot do itself. If you read the script, line by line:
This get's the "Global" Ip's for 6 and 4. It makes sure that they are not the loopback or private ip's
These two lines are what allows you to communicate with the server itself, and completely bypass the firewall, giving you full access to all ports.
Similar to the ipv4 block, but makes sure that we have a global ipv6 address. If not, does not execute.
Code: [Select]
ip=$(ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p)
ip6=$(ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}' | sed -n "$ip6_number"p)This get's the "Global" Ip's for 6 and 4. It makes sure that they are not the loopback or private ip's
Code: [Select]
/usr/sbin/iptables -t nat -A POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to $ipThis line is what allows your VPN ip's access to the internetCode: [Select]
/usr/sbin/iptables -I INPUT -p udp --dport $port -j ACCEPTActually. Delete this line. It's redundant to opening the port in csf.confCode: [Select]
/usr/sbin/iptables -I FORWARD -s 10.7.0.0/24 -j ACCEPT
/usr/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPTThese two lines are what allows you to communicate with the server itself, and completely bypass the firewall, giving you full access to all ports.
Code: [Select]
if [[ -n "$ip6" ]]; then
/usr/sbin/ip6tables -t nat -A POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to $ip6
/usr/sbin/ip6tables -I FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT
/usr/sbin/ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
fiSimilar to the ipv4 block, but makes sure that we have a global ipv6 address. If not, does not execute.
242
CSF Firewall / Re: How to make WireGuard work?
« on: March 14, 2022, 04:12:25 AM »
And there is your problem. CWP removes firewalld, and installs CSF firewall. Please do the following:
yum remove firewalld
nano /etc/csf/csfpost.sh (and add the following script)
chmod 700 /etc/csf/csfpost.sh
csf -r
Then you should have wireguard working
yum remove firewalld
nano /etc/csf/csfpost.sh (and add the following script)
Code: [Select]
ip=$(ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p)
ip6=$(ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}' | sed -n "$ip6_number"p)
/usr/sbin/iptables -t nat -A POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to $ip
/usr/sbin/iptables -I INPUT -p udp --dport $port -j ACCEPT
/usr/sbin/iptables -I FORWARD -s 10.7.0.0/24 -j ACCEPT
/usr/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
if [[ -n "$ip6" ]]; then
/usr/sbin/ip6tables -t nat -A POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to $ip6
/usr/sbin/ip6tables -I FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT
/usr/sbin/ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
fichmod 700 /etc/csf/csfpost.sh
csf -r
Then you should have wireguard working
243
CSF Firewall / Re: How to make WireGuard work?
« on: March 12, 2022, 05:42:29 PM »
If you want to utilize it as a "proxy" server, you need to configure the firewall to allow wireguard to access the internet through masquarading. I'm not sure what guide you used, but here is a good example:
https://www.smarthomebeginner.com/linux-wireguard-vpn-server-setup/
https://www.smarthomebeginner.com/linux-wireguard-vpn-server-setup/
244
CentOS-WebPanel Bugs / Re: Error Too Many Redirects - Varnish Cache Issue
« on: March 12, 2022, 07:16:15 AM »
Did you try this in your wp-config.php
Don't forget to purge the cache after making any changes.
Code: [Select]
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
$_SERVER['HTTPS'] = 'on';
}
if ( !isset( $_SERVER['HTTPS'] ) ) {
$_SERVER['HTTPS'] = 'on';
}Don't forget to purge the cache after making any changes.
245
CSF Firewall / Re: How to make WireGuard work?
« on: March 12, 2022, 06:43:12 AM »
If you are able to connect to it, then it is indeed working. What exactly are you trying to accomplish. BTW, you can put ports 1:65530 in both TCP_OUT and UDP_OUT to not block any outgoing connections from your server (NOt advised, but good for troubleshooting).
246
CentOS-WebPanel Bugs / Re: Error Too Many Redirects - Varnish Cache Issue
« on: March 12, 2022, 05:59:21 AM »
Please take a look at the following article:
https://saadhost.com/solved-err_too_many_redirects-varnishnginx/
https://saadhost.com/solved-err_too_many_redirects-varnishnginx/
247
DNS / Re: my dns do not resolve
« on: March 12, 2022, 03:14:39 AM »
Contact your registar, and tell them you need Glue Records for your domain to point to your server. They will know what to do from there if they are worth anything.
248
DNS / Re: DNS/NS Set up
« on: March 12, 2022, 03:05:04 AM »https://prnt.sc/meYGp-z8gxYy
If your nameserver are set to ns1.mifm.online and ns2.mifm.online, then it should be working. The only thing I can think of, is that the .online extension does not have the capability of being used as nameservers. Some extensions do not support Glue Records, and it's quite possible .online is one of them. Which is why most people use .com/.net as nameserver domains.
249
PHP / Re: 502 Bad Gateway
« on: March 11, 2022, 12:57:28 PM »
Nginx cannot run without php-fpm. Apache uses built in modules to connect to php. Nginx does not have those, so it requires a standalone version of php such as php-cgi or php-fpm
250
PHP / Re: 502 Bad Gateway
« on: March 11, 2022, 04:01:06 AM »
you should also check the /usr/local/apache/domlogs/ for both the access and error logs. They should give some insight as to why you are receiving 403 errors.
251
CentOS 7 Problems / Re: No Access to Centos Web Panel
« on: March 10, 2022, 11:36:48 PM »
log files are clogging up your system. Remove all of the files in /var/log that do not end with .log
Also, to find the large files on the system,
cd /
du -hsx * | sort -rh | head -10
Then start hammering down the largest directories to find the largest files
Also, to find the large files on the system,
cd /
du -hsx * | sort -rh | head -10
Then start hammering down the largest directories to find the largest files
252
CentOS 7 Problems / Re: No Access to Centos Web Panel
« on: March 10, 2022, 09:11:01 PM »Quote
DISK FULL: Can't start MySQL!
Log into your server:
cd /var/log
rm -rf *.1
rm -rf *.gz
Free up some space, then start mysqld service
253
DNS / Re: DNS/NS Set up
« on: March 10, 2022, 05:10:23 PM »
This is 100% a DNS issue. You really need to contact the registar about the issue.
254
E-Mail / Re: How to change MX record to subdomain?
« on: March 10, 2022, 05:08:20 PM »
MX records should be as follows
@ IN MX 0 [and domain/sub that points to the server]. << Don't forget the period at the end
@ = domain
0 = mailserver priority
@ IN MX 0 [and domain/sub that points to the server]. << Don't forget the period at the end
@ = domain
0 = mailserver priority
255
PHP / Re: 502 Bad Gateway
« on: March 10, 2022, 05:02:01 PM »
403 errors typically means that you have permission issues. make sure directories are chmod 755, and files 644 in your web roots. Also make sure the files are owned by the user
