Get the most out of your Centmin Mod LEMP stack
Become a Member

CSF Does centminmod limits/restrict Incoming PING/ICMP_IN?

Discussion in 'Other Centmin Mod Installed software' started by RoldanLT, Apr 9, 2018.

  1. RoldanLT

    RoldanLT Well-Known Member

    4,157
    1,007
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,421
    Local Time:
    11:37 AM
    1.11
    10.2
    Aside from ICMP_IN_RATE on csf.conf?

    I have this problem with OVH Dedicated servers when I ping a single Server IP
    from several location including my Local Desktop it gets timeout a lot.

    OVH Dedicated servers on CA and SGP running CentOS 7.4.
    Both just installed last month.
     
  2. RoldanLT

    RoldanLT Well-Known Member

    4,157
    1,007
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,421
    Local Time:
    11:37 AM
    1.11
    10.2
    I even get several OVH Monitoring Emails per day that trigger the timeout.
    Then will be alive again after a minute/few seconds.

    But websites running fine.
     
  3. RoldanLT

    RoldanLT Well-Known Member

    4,157
    1,007
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,421
    Local Time:
    11:37 AM
    1.11
    10.2
    If someone can share their OVH Server IP with Centminmod installed also, It would be great so I can test on that also.
     
  4. RoldanLT

    RoldanLT Well-Known Member

    4,157
    1,007
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,421
    Local Time:
    11:37 AM
    1.11
    10.2
    I compare some csf.conf, Why is that some has?
    WAITLOCK = "1"
    or
    WAITLOCK = "0"
     
  5. eva2000

    eva2000 Administrator Staff Member

    33,688
    7,459
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,470
    Local Time:
    1:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    only CSF Firewall setting that affects ping inbound rates AFAIK. What's exact ping command you use ? where are you ping from ?

    Did you properly whitelist OVH monitoring ips etc as per https://community.centminmod.com/threads/ovh-icmp-ping-whitelist-for-csf-firewall.11427/
    maybe ask on CSF forums https://forum.configserver.com/ ?
     
    • Informative Informative x 1
  6. ArisC

    ArisC Member

    97
    25
    18
    Jun 1, 2017
    Ratings:
    +46
    Local Time:
    6:37 AM
    Nginx 1.13.10
    MariaDB 10.1.32
    The default limit is set to 1/s, meaning one request per second, so if 3 or 6 monitors all ping your server at the same time, then some/most of them will fail due to this limit. Either set it higher than 1/s (which is the default) or set it to 0 to remove the limit completely
     
    • Like Like x 1
    • Agree Agree x 1
  7. RoldanLT

    RoldanLT Well-Known Member

    4,157
    1,007
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,421
    Local Time:
    11:37 AM
    1.11
    10.2
    ping MyIP -t
    on my Windows CMD.
    My local desktop.
    Not yet, I'll do it now.
     
  8. RoldanLT

    RoldanLT Well-Known Member

    4,157
    1,007
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,421
    Local Time:
    11:37 AM
    1.11
    10.2
    Yay I can see my IP and some OVH IP being blocked :D.
     
  9. RoldanLT

    RoldanLT Well-Known Member

    4,157
    1,007
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,421
    Local Time:
    11:37 AM
    1.11
    10.2
    I have set it to 10 per second already, I think that helps.
     
    • Like Like x 1
  10. RoldanLT

    RoldanLT Well-Known Member

    4,157
    1,007
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,421
    Local Time:
    11:37 AM
    1.11
    10.2
    So I'll change port 22 with my custom ssh port?
     
  11. eva2000

    eva2000 Administrator Staff Member

    33,688
    7,459
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,470
    Local Time:
    1:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    yup :)
     
    • Friendly Friendly x 1
  12. RoldanLT

    RoldanLT Well-Known Member

    4,157
    1,007
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,421
    Local Time:
    11:37 AM
    1.11
    10.2
    Anyway we can enable RTM on Centminmod based server?
     
  13. RoldanLT

    RoldanLT Well-Known Member

    4,157
    1,007
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,421
    Local Time:
    11:37 AM
    1.11
    10.2
    But your code use /sbin/iptables only, is that fine?
     
  14. RoldanLT

    RoldanLT Well-Known Member

    4,157
    1,007
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,421
    Local Time:
    11:37 AM
    1.11
    10.2
    I also added UptimeRobot and PingDom IP's to csf.allow and csf.ignore, seems to help.
     
  15. eva2000

    eva2000 Administrator Staff Member

    33,688
    7,459
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,470
    Local Time:
    1:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    try and see RTM: your server status in real time - OVH
    both iptables commands go to same place
    Code (Text):
    ls -lah /sbin/iptables
    lrwxrwxrwx 1 root root 13 Mar 28 03:48 /sbin/iptables -> xtables-multi
    

    Code (Text):
    ls -lah /usr/sbin/iptables
    lrwxrwxrwx 1 root root 13 Mar 28 03:48 /usr/sbin/iptables -> xtables-multi
    

    Code (Text):
    rpm -ql iptables | grep bin
    /usr/bin/iptables-xml
    /usr/sbin/ip6tables
    /usr/sbin/ip6tables-restore
    /usr/sbin/ip6tables-save
    /usr/sbin/iptables
    /usr/sbin/iptables-restore
    /usr/sbin/iptables-save
    /usr/sbin/xtables-multi
    
     
    • Like Like x 1
  16. ArisC

    ArisC Member

    97
    25
    18
    Jun 1, 2017
    Ratings:
    +46
    Local Time:
    6:37 AM
    Nginx 1.13.10
    MariaDB 10.1.32
    I currently have the same problem with Linode, I have some servers in Vultr default csf and one server on Linode and I'm getting timeouts... Weird.... I'm using hetrixtools
     
  17. eva2000

    eva2000 Administrator Staff Member

    33,688
    7,459
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,470
    Local Time:
    1:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    Well technically you should whitelist your respective owned VPS/servers with each respective CSF Firewall if you want to continuously ping or remotely connect with each other ;)

    For monitors you should also whitelist their ips if you have issues some examples outlined at CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS
     
    • Informative Informative x 1
..