Want more timely Centmin Mod News Updates?
Become a Member

CSF Does centminmod limits/restrict Incoming PING/ICMP_IN?

Discussion in 'Other Centmin Mod Installed software' started by rdan, Apr 9, 2018.

  1. rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    Aside from ICMP_IN_RATE on csf.conf?

    I have this problem with OVH Dedicated servers when I ping a single Server IP
    from several location including my Local Desktop it gets timeout a lot.

    OVH Dedicated servers on CA and SGP running CentOS 7.4.
    Both just installed last month.
     
  2. rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    I even get several OVH Monitoring Emails per day that trigger the timeout.
    Then will be alive again after a minute/few seconds.

    But websites running fine.
     
  3. rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    If someone can share their OVH Server IP with Centminmod installed also, It would be great so I can test on that also.
     
  4. rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    I compare some csf.conf, Why is that some has?
    WAITLOCK = "1"
    or
    WAITLOCK = "0"
     
  5. eva2000

    eva2000 Administrator Staff Member

    37,214
    8,128
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,514
    Local Time:
    11:11 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    only CSF Firewall setting that affects ping inbound rates AFAIK. What's exact ping command you use ? where are you ping from ?

    Did you properly whitelist OVH monitoring ips etc as per https://community.centminmod.com/threads/ovh-icmp-ping-whitelist-for-csf-firewall.11427/
    maybe ask on CSF forums https://forum.configserver.com/ ?
     
    • Informative Informative x 1
  6. ArisC

    ArisC Active Member

    113
    27
    28
    Jun 1, 2017
    Ratings:
    +52
    Local Time:
    3:11 AM
    Nginx Latest
    MariaDB Latest
    The default limit is set to 1/s, meaning one request per second, so if 3 or 6 monitors all ping your server at the same time, then some/most of them will fail due to this limit. Either set it higher than 1/s (which is the default) or set it to 0 to remove the limit completely
     
    • Like Like x 1
    • Agree Agree x 1
  7. rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    ping MyIP -t
    on my Windows CMD.
    My local desktop.
    Not yet, I'll do it now.
     
  8. rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    Yay I can see my IP and some OVH IP being blocked :D.
     
  9. rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    I have set it to 10 per second already, I think that helps.
     
    • Like Like x 1
  10. rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    So I'll change port 22 with my custom ssh port?
     
  11. eva2000

    eva2000 Administrator Staff Member

    37,214
    8,128
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,514
    Local Time:
    11:11 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yup :)
     
    • Friendly Friendly x 1
  12. rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    Anyway we can enable RTM on Centminmod based server?
     
  13. rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    But your code use /sbin/iptables only, is that fine?
     
  14. rdan

    rdan Premium Member Premium Member

    4,414
    1,058
    113
    May 25, 2014
    Ratings:
    +1,541
    Local Time:
    9:11 AM
    Mainline
    10.2
    I also added UptimeRobot and PingDom IP's to csf.allow and csf.ignore, seems to help.
     
  15. eva2000

    eva2000 Administrator Staff Member

    37,214
    8,128
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,514
    Local Time:
    11:11 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    try and see RTM: your server status in real time - OVH
    both iptables commands go to same place
    Code (Text):
    ls -lah /sbin/iptables
    lrwxrwxrwx 1 root root 13 Mar 28 03:48 /sbin/iptables -> xtables-multi
    

    Code (Text):
    ls -lah /usr/sbin/iptables
    lrwxrwxrwx 1 root root 13 Mar 28 03:48 /usr/sbin/iptables -> xtables-multi
    

    Code (Text):
    rpm -ql iptables | grep bin
    /usr/bin/iptables-xml
    /usr/sbin/ip6tables
    /usr/sbin/ip6tables-restore
    /usr/sbin/ip6tables-save
    /usr/sbin/iptables
    /usr/sbin/iptables-restore
    /usr/sbin/iptables-save
    /usr/sbin/xtables-multi
    
     
    • Like Like x 1
  16. ArisC

    ArisC Active Member

    113
    27
    28
    Jun 1, 2017
    Ratings:
    +52
    Local Time:
    3:11 AM
    Nginx Latest
    MariaDB Latest
    I currently have the same problem with Linode, I have some servers in Vultr default csf and one server on Linode and I'm getting timeouts... Weird.... I'm using hetrixtools
     
  17. eva2000

    eva2000 Administrator Staff Member

    37,214
    8,128
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,514
    Local Time:
    11:11 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Well technically you should whitelist your respective owned VPS/servers with each respective CSF Firewall if you want to continuously ping or remotely connect with each other ;)

    For monitors you should also whitelist their ips if you have issues some examples outlined at CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS
     
    • Informative Informative x 1
..