/ Register

Get the most out of your Centmin Mod LEMP stack
Become a Member

CSF Rsync not working with csf enabled

Discussion in 'Other Centmin Mod Installed software' started by pamamolf, Jun 5, 2016.

Tags:
Previous Thread Next Thread
Loading...
Page 2 of 2
  1. Oct 12, 2016 #21
    YuchiRO

    YuchiRO Member

    100
    6
    18
    Jan 12, 2015
    Ratings:
    +8
    Local Time:
    9:10 AM
    5.5.4
    1. check for clues in /var/log/lfd.log and /var/log/messages for your servers ips related entries

    ldf dont show any ip relate both server
    message show blocked ip but it's yesterday, today i try rsync comand again and dont see any blocked as yesterday.

    2. check if either server ips are blocked in respective csf firewall via grep command

    Server 2
    Code:
    csf -g 1.1.1.1

Chain            num   pkts bytes target     prot opt in     out     source               destination

ALLOWIN          1        0     0 ACCEPT     tcp  --  !lo    *       1.1.1.1       0.0.0.0/0            tcp dpt:2222

ALLOWOUT         1        0     0 ACCEPT     tcp  --  *      !lo     1.1.1.1       0.0.0.0/0            tcp dpt:1111

IPSET: No matches found for 1.1.1.1


ip6tables:

Chain            num   pkts bytes target     prot opt in     out     source               destination
No matches found for 1.1.1.1 in ip6tables
    Server 1
    Code:
     csf -g 2.2.2.2

Chain            num   pkts bytes target     prot opt in     out     source               destination

ALLOWIN          1        0     0 ACCEPT     tcp  --  !lo    *       2.2.2.2       0.0.0.0/0            tcp dpt:1111

ALLOWOUT         1        0     0 ACCEPT     tcp  --  *      !lo     2.2.2.2       0.0.0.0/0            tcp dpt:2222

IPSET: No matches found for 2.2.2.2


ip6tables:

Chain            num   pkts bytes target     prot opt in     out     source               destination
No matches found for 2.2.2.2 in ip6tables

    Yes, i added to both server.
     
  2. Oct 12, 2016 #22
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    12:10 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    if they were added properly the server ips will show up in csf -g ipaddr output

    looks like they'd not
     
  3. Oct 12, 2016 #23
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    12:10 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    what if you just whitelist ip ?
    Code (Text):
    csf -a ipaddr
     
  4. Oct 12, 2016 #24
    YuchiRO

    YuchiRO Member

    100
    6
    18
    Jan 12, 2015
    Ratings:
    +8
    Local Time:
    9:10 AM
    5.5.4

    when i add ip with this command

    Code:
    Adding 1.1.1.1 to csf.allow and iptables ACCEPT...
csf: IPSET adding [1.1.1.1] to set [chain_ALLOW]
     
  5. Oct 12, 2016 #25
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    12:10 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    yes that means properly whitelisted ip

    then try rsync

    ensure custom sshd port is in /etc/csf/csf.conf TCP_IN/TCP_OUT and TCP6_IN/TCP6_OUT comma separated list of whitelisted ports on both servers
     
  6. Oct 12, 2016 #26
    YuchiRO

    YuchiRO Member

    100
    6
    18
    Jan 12, 2015
    Ratings:
    +8
    Local Time:
    9:10 AM
    5.5.4
    Thanks, work like charm.
     
  7. Oct 12, 2016 #27
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    12:10 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    guess the other method has issues which is strange, worked for me
     
  8. Feb 7, 2020 #28
    Meirami

    Meirami Active Member

    154
    28
    28
    Dec 21, 2017
    Ratings:
    +63
    Local Time:
    5:10 AM
    This is really old thread, but still usefull. I'd like to share my way to do this.
    I rsynced between 2 dedicated ipv4s, so I think it's ok to open all ports.
    Server1 cfs -ta server2IP 'time in seconds'
    Server2 csf -ta server1IP 'time in seconds'
    *Time is how long rule is active

    After this, I scratched my head for a while.
    No connection.
    Until I remembered. I didn't use correct port.
    So, on server1 rsync 'server2 sshport' and rsync is connected.
     
Previous Thread Next Thread
Loading...
Page 2 of 2

.