Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Why is ufw denying outgoing connections?

  1. #1
    Join Date
    Jan 2007
    Beans
    6,542
    Distro
    Ubuntu 13.04 Raring Ringtail

    Why is ufw denying outgoing connections?

    I have just enabled ufw on my VPS, and it's now blocking several things from working (mail, a couple of Wordpress plugins)
    My current rules are:
    Code:
    Status: active
    Logging: on (low)
    Default: deny (incoming), allow (outgoing)
    New profiles: skip
    
    To                         Action      From
    --                         ------      ----
    80/tcp                     ALLOW IN    Anywhere
    443                        ALLOW IN    Anywhere
    22                         ALLOW IN    Anywhere
    25/tcp                     ALLOW IN    Anywhere
    8443                       ALLOW IN    Anywhere
    So if it's supposed to allow outgoing, why am I hitting a brick wall? Everything works fine with ufw disabled. Web pages are being served fine, and I can connect to ports I've specifically allowed (ie: SSH and 8443). I've tried explicitly allowing the IPs that one of my Wordpress plugins requires, but even that made no difference.

  2. #2
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,554
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Why is ufw denying outgoing connections?

    My guess is that your are still blocking ports that your programs need to send packets through. Your list of allowed incoming ports is really small.

  3. #3
    Join Date
    Sep 2011
    Beans
    1,531

    Re: Why is ufw denying outgoing connections?

    I don't see DNS port 53, don't you need that?

    You may want to look at this thread
    http://ubuntuforums.org/showthread.php?t=1876124

    I've also found it helpful to look at my firewall logs when I'm trying to run something that is blocked. It will list the port numbers the service is trying to use.

  4. #4
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Why is ufw denying outgoing connections?

    Quote Originally Posted by Paqman View Post
    I have just enabled ufw on my VPS, and it's now blocking several things from working (mail, a couple of Wordpress plugins)
    My current rules are:
    Code:
    Status: active
    Logging: on (low)
    Default: deny (incoming), allow (outgoing)
    New profiles: skip
    
    To                         Action      From
    --                         ------      ----
    80/tcp                     ALLOW IN    Anywhere
    443                        ALLOW IN    Anywhere
    22                         ALLOW IN    Anywhere
    25/tcp                     ALLOW IN    Anywhere
    8443                       ALLOW IN    Anywhere
    So if it's supposed to allow outgoing, why am I hitting a brick wall? Everything works fine with ufw disabled. Web pages are being served fine, and I can connect to ports I've specifically allowed (ie: SSH and 8443). I've tried explicitly allowing the IPs that one of my Wordpress plugins requires, but even that made no difference.
    Make sure your VPS hosts doesn't block mail, some will but most don't. What worpdress plugins actually create a socket outside of httpd?

    Are you sure this is your firewall blocking these instead of maybe just a bad config. Meaning do they work if you disable your firewall?

    Code:
    sudo ufw disable
    You might also need to allow imap ports depending on what your mailserver is.

    If you can provide more info I can probably help better, but realistically that configuration shouldn't be denying any outbound connections (per the outbound allow all policy you have set)

    Hope this helps.

  5. #5
    Join Date
    Jan 2007
    Beans
    6,542
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Why is ufw denying outgoing connections?

    Quote Originally Posted by Dangertux View Post
    Make sure your VPS hosts doesn't block mail, some will but most don't. What worpdress plugins actually create a socket outside of httpd?
    The plugin is Akismet, and all it requires is TCP on 80.

    Are you sure this is your firewall blocking these instead of maybe just a bad config. Meaning do they work if you disable your firewall?
    Yep, everything works lovely with ufw down.

    If you can provide more info I can probably help better, but realistically that configuration shouldn't be denying any outbound connections (per the outbound allow all policy you have set)
    Hence my confusion. I have added in DNS btw, that was an oversight after resetting my rules and starting from scratch. Syslog does spit out the fact that the mailserver is failing CNAME lookup, so I'd already made sure all was ok in DNSland previously. Not quite sure where to go with this. I'm pretty n00bish when it comes to servers, but it's not like I'm trying to do anything complicated.

  6. #6
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,554
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Why is ufw denying outgoing connections?

    The best thing I can advise you is to log the dropped packets. I'm not sure how to turn on logging of dropped or rejected packets via ufw, however I'm sure a simple search will help you. Once you have logging on the rejected packets, its probably fairly easy to track down what port is being blocked.

  7. #7
    Join Date
    Sep 2011
    Beans
    1,531

    Re: Why is ufw denying outgoing connections?

    Quote Originally Posted by kevdog View Post
    The best thing I can advise you is to log the dropped packets. I'm not sure how to turn on logging of dropped or rejected packets via ufw, however I'm sure a simple search will help you. Once you have logging on the rejected packets, its probably fairly easy to track down what port is being blocked.
    I believe the default logging level low will report those, but if not you can bump it up to medium or high
    Code:
    sudo ufw logging high

  8. #8
    Join Date
    Jan 2007
    Beans
    6,542
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Why is ufw denying outgoing connections?

    This is exasperating, I've set logging to high, but I'm not seeing anything in the logs except from UFW itself. I get the failed CNAME lookup from qmail.

  9. #9
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,554
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Why is ufw denying outgoing connections?

    I tell you what -- I'll write an iptables script for you if you want.

    What incoming ports do you want open? I'll make sure all your output ports are open if you want.

  10. #10
    Join Date
    Jul 2008
    Location
    Canada
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Why is ufw denying outgoing connections?

    I see he's allowing the ports in but are there any ports open to allow out? If the out is set for deny, then he would have to open the desired ports out as well.
    UsingTheTerminal and PopularPages

    Smile today, cry tomorrow!
    ( Read this everyday )

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •