Join the community today
Register Now

CSF Jenkins firewall whitelist ports for CSF Firewall ?

Discussion in 'Other Centmin Mod Installed software' started by Tythus, Aug 16, 2015.

  1. Tythus

    Tythus Premium Member Premium Member

    56
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    2:34 AM
    Hi guys 'n' gals,

    I have been trying to install Jenkins on the same server I have installed centmin and it seems CSF is blocking it from updating is there a way for me to test which port is being blocked?
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    12:34 PM
    Nginx 1.13.x
    MariaDB 5.5
  3. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    12:34 PM
    Nginx 1.13.x
    MariaDB 5.5
  4. Tythus

    Tythus Premium Member Premium Member

    56
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    2:34 AM
    it isn't that whenever I click the update button on Jenkins it always times out the connection to grab a file it isn't an issue at their side as if I proxy through the server i have no issue
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    12:34 PM
    Nginx 1.13.x
    MariaDB 5.5
    Unfortunately, never used Jenkins myself so entirely sure where to look. The logs I mentioned probably would be first place to look. Maybe you need to whitelist remote ips?
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    12:34 PM
    Nginx 1.13.x
    MariaDB 5.5
    built in firewall ? Installing Jenkins on Red Hat distributions - Jenkins - Jenkins Wiki
    oh they're referring to CentOS firewall = iptables or in Centmin Mod's case CSF Firewall
     
  7. Tythus

    Tythus Premium Member Premium Member

    56
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    2:34 AM
    I can't as it uses mirrors the amount of IP's would be too large and changing to do that currently the only way I can update is to disable csf update then re-enable it but thats just eugh I wish there was a way I could whitelist it better I'm even having the same issue with git
     
  8. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    12:34 PM
    Nginx 1.13.x
    MariaDB 5.5
    You'd have to explain in more detail how you have Jenkins setup and from where the connecting IPs are coming on hitting that update button and git issues
     
  9. Tythus

    Tythus Premium Member Premium Member

    56
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    2:34 AM
    so with git I ran
    git clone centminmod/centminmod ยท GitHub centminmod
    I got constant git timeouts from running that command so that I couldn't clone the repo but the moment I turned off csf I could.

    All jenkins does is open an outgoing HTTP/HTTPS connects it pulls a json list for all the updates and their locations then pulls the file in a standard HTTP/HTTPS download
     
  10. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    12:34 PM
    Nginx 1.13.x
    MariaDB 5.5
    For git, it requires whitelisting port 9418 in CSF Firewall. Centmin Mod .08 stable whitelists this by default on fresh installs. For Centmin Mod .07+ and older, you need to whitelist 9418 port in CSF Firewall as outlined on upgrade page here

    if you are using much older Centmin Mod versions, double check that HTTPS port 443 on TCP_OUT/TCP6_OUT is actually defined in /etc/csf/csf.conf - it should be though. Although, from your above git clone command over https protocol it would suggest that maybe port 443 isn't in your TCP_OUT/TCP6_OUT list ?

    i.e. default for centmin mod .08 stable
    Code:
    egrep '^TCP_|^TCP6_' /etc/csf/csf.conf
    TCP_IN = "20,21,22,25,53,80,110,111,143,161,443,465,587,993,995,1110,1186,1194,2202,11211,11212,11213,11214,2049,2112,22000,22001,2222,3000,3334,8080,8888,81,9000,9001,9312,9418,10000,10500,10501,6081,6082,30865,3000:3050"
    TCP_OUT = "993,995,465,587,111,2049,1110,1194,9418,20,21,22,25,53,80,110,113,443,587,993,995"
    TCP6_IN = "20,21,22,25,53,80,110,111,143,161,443,465,587,993,995,1110,1186,1194,2202,11211,11212,11213,11214,2049,2112,22000,22001,2222,3000,3334,8080,8888,81,9000,9001,9312,9418,10000,10500,10501,6081,6082,30865,3000:3050"
    TCP6_OUT = "993,995,465,587,20,21,22,25,53,80,110,113,443,587,993,995"
    Jenkins docs say you need 8080 and 8443 ports whitelisted too i think
     
    Last edited: Aug 17, 2015
  11. Tythus

    Tythus Premium Member Premium Member

    56
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    2:34 AM
    nah that's only for it's internal webserver but I had those open anyway
     
  12. Tythus

    Tythus Premium Member Premium Member

    56
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    2:34 AM
    well it's now fixed whatever it was when I updated that thanks <3
     
    • Like Like x 1
  13. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    12:34 PM
    Nginx 1.13.x
    MariaDB 5.5
    good to hear :)