hi Anton When i enable firewall or iptables, traccar web refuse connection (my ip is not banned), but when i disable iptables then traccar is ok, even with open ports 8082 and 3306, so i need to open another port or allow an external ip apart from my ip to connect correctly? is there a log of connection issues? i see wrapper log and tracker server log but their logs are until 1:10am and im trying right now (10:22am) it seems that is not logging, in this vps i have dynamic webs and other web apps that use mysql and there is not issues with them
this is my iptables (its to long so i erased some deny ips to post here),
# Generated by iptables-save v1.4.7 on Thu Oct 20 17:36:51 2016
*mangle
:PREROUTING ACCEPT [7503529:4856583671]
:INPUT ACCEPT [7503529:4856583671]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6612115:5036329774]
:POSTROUTING ACCEPT [6605258:5035604287]
COMMIT
# Completed on Thu Oct 20 17:36:51 2016
# Generated by iptables-save v1.4.7 on Thu Oct 20 17:36:51 2016
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:ALLOWIN - [0:0]
:ALLOWOUT - [0:0]
:CC_DENY - [0:0]
:DENYIN - [0:0]
:DENYOUT - [0:0]
:INVALID - [0:0]
:INVDROP - [0:0]
:LOCALINPUT - [0:0]
:LOCALOUTPUT - [0:0]
:LOGDROPIN - [0:0]
:LOGDROPOUT - [0:0]
:cphulk - [0:0]
-A INPUT -j cphulk
-A INPUT -s 79.143.183.251/32 ! -i lo -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -s 79.143.183.251/32 ! -i lo -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -s 79.143.183.251/32 ! -i lo -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -s 79.143.183.251/32 ! -i lo -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -s 213.136.95.11/32 ! -i lo -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -s 213.136.95.11/32 ! -i lo -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -s 213.136.95.11/32 ! -i lo -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -s 213.136.95.11/32 ! -i lo -p udp -m udp --sport 53 -j ACCEPT
-A INPUT ! -i lo -j LOCALINPUT
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -p tcp -j INVALID
-A INPUT ! -i lo -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 2077 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 2078 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 2079 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 2080 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 2082 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 2083 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 2086 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 2087 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 2095 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 2096 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 8082 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 384 -j ACCEPT
-A INPUT ! -i lo -p udp -m state --state NEW -m udp --dport 20 -j ACCEPT
-A INPUT ! -i lo -p udp -m state --state NEW -m udp --dport 21 -j ACCEPT
-A INPUT ! -i lo -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A INPUT ! -i lo -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A INPUT ! -i lo -p icmp -m icmp --icmp-type 0 -m limit --limit 1/sec -j ACCEPT
-A INPUT ! -i lo -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT ! -i lo -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT ! -i lo -j LOGDROPIN
-A INPUT -s 192.168.1.0/24 -i eth0 -j ACCEPT
-A INPUT -s 107.20.231.49/32 -i eth0 -j ACCEPT
-A INPUT -s 185.27.133.12/32 -i eth0 -j ACCEPT
-A INPUT -s 107.20.230.40/32 -i eth0 -j ACCEPT
-A OUTPUT -d 79.143.183.251/32 ! -o lo -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -d 79.143.183.251/32 ! -o lo -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -d 79.143.183.251/32 ! -o lo -p tcp -m tcp --sport 53 -j ACCEPT
-A OUTPUT -d 79.143.183.251/32 ! -o lo -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -d 213.136.95.11/32 ! -o lo -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -d 213.136.95.11/32 ! -o lo -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -d 213.136.95.11/32 ! -o lo -p tcp -m tcp --sport 53 -j ACCEPT
-A OUTPUT -d 213.136.95.11/32 ! -o lo -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT ! -o lo -j LOCALOUTPUT
-A OUTPUT ! -o lo -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT ! -o lo -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m tcp --sport 53 -j ACCEPT
-A OUTPUT ! -o lo -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT ! -o lo -p tcp -j INVALID
-A OUTPUT ! -o lo -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
...
-A DENYOUT -d 222.124.18.147/32 ! -o lo -j LOGDROPOUT
-A DENYOUT -d 212.129.39.239/32 ! -o lo -j LOGDROPOUT
-A DENYOUT -d 202.83.103.230/32 ! -o lo -j LOGDROPOUT
-A INVALID -m state --state INVALID -j INVDROP
-A INVALID -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j INVDROP
-A INVALID -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j INVDROP
-A INVALID -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j INVDROP
-A INVALID -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j INVDROP
-A INVALID -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j INVDROP
-A INVALID -p tcp -m tcp --tcp-flags FIN,ACK FIN -j INVDROP
-A INVALID -p tcp -m tcp --tcp-flags PSH,ACK PSH -j INVDROP
-A INVALID -p tcp -m tcp --tcp-flags ACK,URG URG -j INVDROP
-A INVALID -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j INVDROP
-A INVDROP -j DROP
-A LOCALINPUT ! -i lo -j ALLOWIN
-A LOCALINPUT ! -i lo -j DENYIN
-A LOCALINPUT ! -i lo -j CC_DENY
-A LOCALOUTPUT ! -o lo -j ALLOWOUT
-A LOCALOUTPUT ! -o lo -j DENYOUT
-A LOGDROPIN -p tcp -m tcp --dport 67 -j DROP
-A LOGDROPIN -p udp -m udp --dport 67 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 68 -j DROP
-A LOGDROPIN -p udp -m udp --dport 68 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 111 -j DROP
-A LOGDROPIN -p udp -m udp --dport 111 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 113 -j DROP
-A LOGDROPIN -p udp -m udp --dport 113 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 135:139 -j DROP
-A LOGDROPIN -p udp -m udp --dport 135:139 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 445 -j DROP
-A LOGDROPIN -p udp -m udp --dport 445 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 500 -j DROP
-A LOGDROPIN -p udp -m udp --dport 500 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 513 -j DROP
-A LOGDROPIN -p udp -m udp --dport 513 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 520 -j DROP
-A LOGDROPIN -p udp -m udp --dport 520 -j DROP
-A LOGDROPIN -p tcp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *TCP_IN Blocked* "
-A LOGDROPIN -p udp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *UDP_IN Blocked* "
-A LOGDROPIN -p icmp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *ICMP_IN Blocked* "
-A LOGDROPIN -j DROP
-A LOGDROPOUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 30/min -j LOG --log-prefix "Firewall: *TCP_OUT Blocked* " --log-uid
-A LOGDROPOUT -p udp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *UDP_OUT Blocked* " --log-uid
-A LOGDROPOUT -p icmp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *ICMP_OUT Blocked* " --log-uid
-A LOGDROPOUT -j DROP
-A cphulk -s 41.216.208.250/32 -m state --state NEW -m time --datestop 2016-10-24T16:30:34 --utc -j DROP
-A cphulk -s 92.60.179.198/32 -m state --state NEW -m time --datestop 2016-10-24T21:20:29 --utc -j DROP
COMMIT
# Completed on Thu Oct 20 17:36:51 2016
# Generated by iptables-save v1.4.7 on Thu Oct 20 17:36:51 2016
*nat
:PREROUTING ACCEPT [271844:15070578]
:POSTROUTING ACCEPT [1039543:67194232]
:OUTPUT ACCEPT [1046068:67862802]
COMMIT
# Completed on Thu Oct 20 17:36:51 2016
It sounds like iptables issue. I'm not sure why you are asking about some log. Obviously if iptables blocks the connection it won't reach Traccar server.
is perhaps iptables problems, use UFW
hi Anton When i enable firewall or iptables, traccar web refuse connection (my ip is not banned), but when i disable iptables then traccar is ok, even with open ports 8082 and 3306, so i need to open another port or allow an external ip apart from my ip to connect correctly? is there a log of connection issues? i see wrapper log and tracker server log but their logs are until 1:10am and im trying right now (10:22am) it seems that is not logging, in this vps i have dynamic webs and other web apps that use mysql and there is not issues with them
this is my iptables (its to long so i erased some deny ips to post here),