Evesy
By:
Evesy

Port randomly closing -- Not allowing new connections

November 15, 2014 1.3k views

Hi there, I'm running murmur/mumble on my server (a VoIP application) which is running CentOS 6.5. I'm having some trouble in which the port clients connect on (64738) will randomly become unavailable. When I run my iptable/firewall script (See below) the port will be available and users can connect fine, however after a couple of minute the port will close (Connected users will remain connected however new users won't be able to connect).

The server is still listening on that port when this is happening:
tcp 0 0 :::64738 :::* LISTEN

Below is the script I am using to set my iptables (also running fail2ban):

#!/bin/sh

PATH=/sbin:/bin:/usr/sbin:/usr/bin

if [ "$IFACE" = "eth0" ]; then
    #Stop Fail2Ban Service
    echo Stopping Fail2Ban
    service fail2ban stop

    # Mangle and Set IPTABLES
    iptables -F
    iptables -X
    #echo Allowing ssh to 178.62.168.117 from AT and Home ONLY
    #iptables -A INPUT -p tcp -s 80.229.44.217 --dport 22 -j ACCEPT
    #iptables -A INPUT -p tcp -s 193.243.130.17 --dport 22 -j ACCEPT
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT

    echo Allowing Custom Ports
    iptables -A INPUT -p udp --dport 64738 -j ACCEPT
    iptables -A INPUT -p tcp --dport 64738 -j ACCEPT

    echo Allowing http and https
    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    echo Allowing icmp
    iptables -A INPUT -p icmp -j ACCEPT
    echo Allowing local
    iptables -A INPUT -s 127.0.0.1 -j ACCEPT
    iptables -A INPUT -s 127.0.1.1 -j ACCEPT
    echo Allowing connections already made
    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
    echo Reject all other traffic
    iptables -A INPUT -j REJECT
    iptables -A FORWARD -j REJECT

    #Save the standard reset-rules just incase we lose the script, or something goes wrong.
    iptables-save -c > /etc/iptables.rules

    #Restart Fail2Ban
    echo Restarting Fail2Ban
    service fail2ban start
else
    if [ "$IFACE" = "" ]; then
        echo "No IFACE Specified!"
        exit 0
    else
        echo "$IFACE can't bring up firewall status!"
        exit 0
    fi
fi

Can anyone immediately see what may be the cause of this issue? Any further information please just let me know

Thanks

2 comments
  • I'm suspecting it's fail2ban throttling the connections. Try disabling it -- does that fix it?

    sudo service fail2ban stop
    
  • Hi, I solved this the other day. It turned out another application that I used a script to install came bundled with CSF, which wasn't allowing that port. I have since removed the second firewall

    Thanks,
    Mike

1 Answer

This question was answered by @Evesy:

Hi, I solved this the other day. It turned out another application that I used a script to install came bundled with CSF, which wasn't allowing that port. I have since removed the second firewall

Thanks,
Mike

View the original comment

Have another answer? Share your knowledge.