/ Register

Welcome to Centmin Mod Community
Become a Member

CSF Jenkins firewall whitelist ports for CSF Firewall ?

Discussion in 'Other Centmin Mod Installed software' started by Tythus, Aug 16, 2015.

Tags:
Previous Thread Next Thread
Loading...
  1. Aug 16, 2015 #1
    Tythus

    Tythus Member

    61
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    6:31 AM
    Hi guys 'n' gals,

    I have been trying to install Jenkins on the same server I have installed centmin and it seems CSF is blocking it from updating is there a way for me to test which port is being blocked?
     
  2. Aug 16, 2015 #2
    eva2000

    eva2000 Administrator Staff Member

    54,892
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,811
    Local Time:
    4:31 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  3. Aug 16, 2015 #3
    eva2000

    eva2000 Administrator Staff Member

    54,892
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,811
    Local Time:
    4:31 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  4. Aug 16, 2015 #4
    Tythus

    Tythus Member

    61
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    6:31 AM
    it isn't that whenever I click the update button on Jenkins it always times out the connection to grab a file it isn't an issue at their side as if I proxy through the server i have no issue
     
  5. Aug 16, 2015 #5
    eva2000

    eva2000 Administrator Staff Member

    54,892
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,811
    Local Time:
    4:31 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Unfortunately, never used Jenkins myself so entirely sure where to look. The logs I mentioned probably would be first place to look. Maybe you need to whitelist remote ips?
     
  6. Aug 16, 2015 #6
    eva2000

    eva2000 Administrator Staff Member

    54,892
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,811
    Local Time:
    4:31 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    built in firewall ? Installing Jenkins on Red Hat distributions - Jenkins - Jenkins Wiki
    oh they're referring to CentOS firewall = iptables or in Centmin Mod's case CSF Firewall
     
  7. Aug 17, 2015 #7
    Tythus

    Tythus Member

    61
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    6:31 AM
    I can't as it uses mirrors the amount of IP's would be too large and changing to do that currently the only way I can update is to disable csf update then re-enable it but thats just eugh I wish there was a way I could whitelist it better I'm even having the same issue with git
     
  8. Aug 17, 2015 #8
    eva2000

    eva2000 Administrator Staff Member

    54,892
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,811
    Local Time:
    4:31 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You'd have to explain in more detail how you have Jenkins setup and from where the connecting IPs are coming on hitting that update button and git issues
     
  9. Aug 17, 2015 #9
    Tythus

    Tythus Member

    61
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    6:31 AM
    so with git I ran
    git clone centminmod/centminmod ยท GitHub centminmod
    I got constant git timeouts from running that command so that I couldn't clone the repo but the moment I turned off csf I could.

    All jenkins does is open an outgoing HTTP/HTTPS connects it pulls a json list for all the updates and their locations then pulls the file in a standard HTTP/HTTPS download
     
  10. Aug 17, 2015 #10
    eva2000

    eva2000 Administrator Staff Member

    54,892
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,811
    Local Time:
    4:31 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    For git, it requires whitelisting port 9418 in CSF Firewall. Centmin Mod .08 stable whitelists this by default on fresh installs. For Centmin Mod .07+ and older, you need to whitelist 9418 port in CSF Firewall as outlined on upgrade page here

    if you are using much older Centmin Mod versions, double check that HTTPS port 443 on TCP_OUT/TCP6_OUT is actually defined in /etc/csf/csf.conf - it should be though. Although, from your above git clone command over https protocol it would suggest that maybe port 443 isn't in your TCP_OUT/TCP6_OUT list ?

    i.e. default for centmin mod .08 stable
    Code:
    egrep '^TCP_|^TCP6_' /etc/csf/csf.conf
TCP_IN = "20,21,22,25,53,80,110,111,143,161,443,465,587,993,995,1110,1186,1194,2202,11211,11212,11213,11214,2049,2112,22000,22001,2222,3000,3334,8080,8888,81,9000,9001,9312,9418,10000,10500,10501,6081,6082,30865,3000:3050"
TCP_OUT = "993,995,465,587,111,2049,1110,1194,9418,20,21,22,25,53,80,110,113,443,587,993,995"
TCP6_IN = "20,21,22,25,53,80,110,111,143,161,443,465,587,993,995,1110,1186,1194,2202,11211,11212,11213,11214,2049,2112,22000,22001,2222,3000,3334,8080,8888,81,9000,9001,9312,9418,10000,10500,10501,6081,6082,30865,3000:3050"
TCP6_OUT = "993,995,465,587,20,21,22,25,53,80,110,113,443,587,993,995"
    Jenkins docs say you need 8080 and 8443 ports whitelisted too i think
     
    Last edited: Aug 17, 2015
  11. Aug 17, 2015 #11
    Tythus

    Tythus Member

    61
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    6:31 AM
    nah that's only for it's internal webserver but I had those open anyway
     
  12. Aug 17, 2015 #12
    Tythus

    Tythus Member

    61
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    6:31 AM
    well it's now fixed whatever it was when I updated that thanks <3
     
  13. Aug 17, 2015 #13
    eva2000

    eva2000 Administrator Staff Member

    54,892
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,811
    Local Time:
    4:31 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    good to hear :)
     
Previous Thread Next Thread
Loading...

.