Outgoing connections from dedicated server denied with iptables shut off - Plesk

user934549
August 30, 2012
271 views
3 votes
3 Answers

I have a peculiar problem with my dedicated webserver. It’s running CentOS and uses PLESK for administration through web.

I noticed the problem in the title when trying to update plugins in wordpress aswell as wordpress itself. When trying to update a plugin or wordpress it throws me this error:

“Download failed.: Failed to connect to 72.233.56.139: Permission denied”

First thing I did was to apply a rule (in the PLESK firewall) that allowed both incoming and outgoing traffic to the IP, but to no avail. I further investigated this by SSHing into the server and checking the iptables, which has the following outgoing rules:

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02     reject-with tcp-reset
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            72.233.56.138
ACCEPT     tcp  --  0.0.0.0/0            72.233.56.138
ACCEPT     udp  --  0.0.0.0/0            72.233.69.88
ACCEPT     udp  --  0.0.0.0/0            72.233.69.89
ACCEPT     udp  --  0.0.0.0/0            66.135.58.62
ACCEPT     udp  --  0.0.0.0/0            66.135.58.61
ACCEPT     tcp  --  0.0.0.0/0            72.233.69.88
ACCEPT     tcp  --  0.0.0.0/0            72.233.69.89
ACCEPT     tcp  --  0.0.0.0/0            66.135.58.62
ACCEPT     tcp  --  0.0.0.0/0            66.135.58.61
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

The other IPs are for the Akismet anti-spam filter which is also not working (it cannot connect to the akismet servers).

I contacted my host and they looked into it, but the reply I got was that they didn’t know (!) what caused the problem and said I needed to figure it out myself.

First thing I tried was to stop iptables and opening up everything, but I still get permission denied on outgoing traffic (incoming is allowed and works perfectly as people can comment/spam like crazy on my blog).

Does anyone know what I could try to further troubleshoot this? It seems very strange that the traffic is still blocked even though the firewall is completely (?) shut down using “iptables stop”.

Answers

take this stop firewall script; it works.

#! /bin/bash

# In order to flush all iptables rules , Run the following commands :

/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -P OUTPUT ACCEPT

- user934549
- August 31, 2012 at 5:33 pm
- 0 votes
0
Of all things, I eventually found out that the problem was caused by selinux which was set to “enforced”. I changed it using
```
# nano -w etc/sysconfig/selinux 
```
And changing the line “SELINUX=enforcing” to “SELINUX=permissive” and reboot my server. Now everything is working as it’s supposed to.
Login or Signup to reply.

- JBWebproducties
- December 23, 2012 at 8:06 pm
- 0 votes
0
I had the same problem and your solution did work. However, the solution I found here https://unix.stackexchange.com/questions/8854/how-do-i-configure-selinux-to-allow-outbound-connections-from-a-cgi-script
was able to fix it as well without the need of completely disabling the SELinux firewall features.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Outgoing connections from dedicated server denied with iptables shut off – Plesk

Answers