Jump to content

Problem with connection (firewall rules)

Recommended Posts

Hi i use on my hosting (OVH) firewall on panel OVH.
I block all ports TCP and UDP. Only have open 80 and 443 and have problem to checking license and connection:


Connections to external sites are not working properly. This can cause problems with unofficial services. Contact your hosting (server) provider and ask them to resolve this issue.

https://remoteservices.invisionpower.com/connectionCheck/?version=107038 Connection timed out after 10000 milliseconds

When disable firewall totally all work. Can tell me what IP or Port must be open, only TCP 80 and 443 not work. Thanks for answer.

Could contain: Text, Computer Hardware, Electronics, Hardware

Edited by Glory88
Link to comment
Share on other sites

5 hours ago, Glory88 said:

Add more infromation. Board working but can't reflash license and see this error. 
Why I use this firewall and can't disable, because I have for my IP open FTP, SSH port.

Thanks for any reply.

Those are all inbound services. You don’t want your firewall restricting outbound connections. 

Link to comment
Share on other sites

1 minute ago, Randy Calvert said:

Those are all inbound services. You don’t want your firewall restricting outbound connections. 

Have open port 80 and 443 for all IP traffic but as you can see, it's still too little to work.

Link to comment
Share on other sites

This post was recognized by Marc!

Randy Calvert was awarded the badge 'Helpful' and 5 points.

What happens when you try to run the following command from the server via SSH?

curl -svo /dev/null https://remoteservices.invisionpower.com


If the above command does not work, it's a firewall issue.

The output SHOULD look something like:

curl -svo /dev/null https://remoteservices.invisionpower.com
*   Trying [2600:9000:2508:ec00:16:1470:7d40:93a1]:443...
* Connected to remoteservices.invisionpower.com (2600:9000:2508:ec00:16:1470:7d40:93a1) port 443 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
} [337 bytes data]
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* (304) (IN), TLS handshake, Unknown (8):
{ [19 bytes data]
* (304) (IN), TLS handshake, Certificate (11):
{ [5030 bytes data]
* (304) (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* (304) (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* (304) (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / AEAD-AES128-GCM-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=remoteservices.invisioncommunity.com
*  start date: Feb 24 00:00:00 2023 GMT
*  expire date: Feb  8 23:59:59 2024 GMT
*  subjectAltName: host "remoteservices.invisionpower.com" matched cert's "remoteservices.invisionpower.com"
*  issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M02
*  SSL certificate verify ok.
* using HTTP/2
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: remoteservices.invisionpower.com]
* h2h3 [user-agent: curl/7.71.1-DEV]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x7f8ae000f400)
> GET / HTTP/2
> Host: remoteservices.invisionpower.com
> user-agent: curl/7.71.1-DEV
> accept: */*
< HTTP/2 500 
< content-type: text/html; charset=UTF-8
< content-length: 0
< date: Sat, 17 Jun 2023 15:09:46 GMT
< set-cookie: AWSALB=NcKhSYLwWLgh7aoGLNLNvun4SZ2jppFOAQ7+R4MXstAJutTYeHbMBytHjYTjQl7deYakTzjIZtpFQhOrH+heaCsP0G+Ezlz/wZEu/AGSPf36y2umJMkaYAazjQgW; Expires=Sat, 24 Jun 2023 15:09:46 GMT; Path=/
< set-cookie: AWSALBCORS=NcKhSYLwWLgh7aoGLNLNvun4SZ2jppFOAQ7+R4MXstAJutTYeHbMBytHjYTjQl7deYakTzjIZtpFQhOrH+heaCsP0G+Ezlz/wZEu/AGSPf36y2umJMkaYAazjQgW; Expires=Sat, 24 Jun 2023 15:09:46 GMT; Path=/; SameSite=None
< server: Apache
< x-cache: Error from cloudfront
< via: 1.1 c625b1bdde545acdeb26c9f6ad3a8c6e.cloudfront.net (CloudFront)
< x-amz-cf-pop: IAD12-P1
< x-amz-cf-id: FL5WuKYD_sg0GW2jdobrQeVb2B6Iusx0DUKg7ymsCEcRDlZZtia1qw==
{ [0 bytes data]
* Connection #0 to host remoteservices.invisionpower.com left intact

If you don't have the above, it means the firewall never allowed the outbound request.  

Firewalls have two network paths.  Inbound (meaning from the internet to your server) and outbound (from your server to the internet).  Your firewall sounds like it is blocking OUTBOUND while allowing INBOUND.  If you are not sure how to fix this, you would need to work with your hosting provider.


Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...