/ Register

Want more timely Centmin Mod News Updates?
Become a Member

CSF Does centminmod limits/restrict Incoming PING/ICMP_IN?

Discussion in 'Other Centmin Mod Installed software' started by rdan, Apr 9, 2018.

Previous Thread Next Thread
Loading...
  1. Apr 9, 2018 #1
    rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    Aside from ICMP_IN_RATE on csf.conf?

    I have this problem with OVH Dedicated servers when I ping a single Server IP
    from several location including my Local Desktop it gets timeout a lot.

    OVH Dedicated servers on CA and SGP running CentOS 7.4.
    Both just installed last month.
     
  2. Apr 9, 2018 #2
    rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    I even get several OVH Monitoring Emails per day that trigger the timeout.
    Then will be alive again after a minute/few seconds.

    But websites running fine.
     
  3. Apr 9, 2018 #3
    rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    If someone can share their OVH Server IP with Centminmod installed also, It would be great so I can test on that also.
     
  4. Apr 9, 2018 #4
    rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    I compare some csf.conf, Why is that some has?
    WAITLOCK = "1"
    or
    WAITLOCK = "0"
     
  5. Apr 9, 2018 #5
    eva2000

    eva2000 Administrator Staff Member

    37,214
    8,128
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,514
    Local Time:
    11:11 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    only CSF Firewall setting that affects ping inbound rates AFAIK. What's exact ping command you use ? where are you ping from ?

    Did you properly whitelist OVH monitoring ips etc as per https://community.centminmod.com/threads/ovh-icmp-ping-whitelist-for-csf-firewall.11427/
    maybe ask on CSF forums https://forum.configserver.com/ ?
     
    • Informative Informative x 1
  6. Apr 9, 2018 #6
    ArisC

    ArisC Active Member

    113
    27
    28
    Jun 1, 2017
    Ratings:
    +52
    Local Time:
    3:11 AM
    Nginx Latest
    MariaDB Latest
    The default limit is set to 1/s, meaning one request per second, so if 3 or 6 monitors all ping your server at the same time, then some/most of them will fail due to this limit. Either set it higher than 1/s (which is the default) or set it to 0 to remove the limit completely
     
    • Like Like x 1
    • Agree Agree x 1
  7. Apr 10, 2018 #7
    rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    ping MyIP -t
    on my Windows CMD.
    My local desktop.
    Not yet, I'll do it now.
     
  8. Apr 10, 2018 #8
    rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    Yay I can see my IP and some OVH IP being blocked :D.
     
  9. Apr 10, 2018 #9
    rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    I have set it to 10 per second already, I think that helps.
     
    • Like Like x 1
  10. Apr 10, 2018 #10
    rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    So I'll change port 22 with my custom ssh port?
     
  11. Apr 10, 2018 #11
    eva2000

    eva2000 Administrator Staff Member

    37,214
    8,128
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,514
    Local Time:
    11:11 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yup :)
     
    • Friendly Friendly x 1
  12. Apr 10, 2018 #12
    rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    Anyway we can enable RTM on Centminmod based server?
     
  13. Apr 10, 2018 #13
    rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    But your code use /sbin/iptables only, is that fine?
     
  14. Apr 10, 2018 #14
    rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    I also added UptimeRobot and PingDom IP's to csf.allow and csf.ignore, seems to help.
     
  15. Apr 10, 2018 #15
    eva2000

    eva2000 Administrator Staff Member

    37,214
    8,128
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,514
    Local Time:
    11:11 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    try and see RTM: your server status in real time - OVH
    both iptables commands go to same place
    Code (Text):
    ls -lah /sbin/iptables
lrwxrwxrwx 1 root root 13 Mar 28 03:48 /sbin/iptables -> xtables-multi

    Code (Text):
    ls -lah /usr/sbin/iptables
lrwxrwxrwx 1 root root 13 Mar 28 03:48 /usr/sbin/iptables -> xtables-multi

    Code (Text):
    rpm -ql iptables | grep bin
/usr/bin/iptables-xml
/usr/sbin/ip6tables
/usr/sbin/ip6tables-restore
/usr/sbin/ip6tables-save
/usr/sbin/iptables
/usr/sbin/iptables-restore
/usr/sbin/iptables-save
/usr/sbin/xtables-multi
     
    • Like Like x 1
  16. Apr 12, 2018 #16
    ArisC

    ArisC Active Member

    113
    27
    28
    Jun 1, 2017
    Ratings:
    +52
    Local Time:
    3:11 AM
    Nginx Latest
    MariaDB Latest
    I currently have the same problem with Linode, I have some servers in Vultr default csf and one server on Linode and I'm getting timeouts... Weird.... I'm using hetrixtools
     
  17. Apr 12, 2018 #17
    eva2000

    eva2000 Administrator Staff Member

    37,214
    8,128
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,514
    Local Time:
    11:11 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Well technically you should whitelist your respective owned VPS/servers with each respective CSF Firewall if you want to continuously ping or remotely connect with each other ;)

    For monitors you should also whitelist their ips if you have issues some examples outlined at CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS
     
    • Informative Informative x 1
Previous Thread Next Thread
Loading...
..

.