Glory88 Posted June 17, 2023 Posted June 17, 2023 (edited) Hi i use on my hosting (OVH) firewall on panel OVH. I block all ports TCP and UDP. Only have open 80 and 443 and have problem to checking license and connection: Quote Connections to external sites are not working properly. This can cause problems with unofficial services. Contact your hosting (server) provider and ask them to resolve this issue. https://remoteservices.invisionpower.com/connectionCheck/?version=107038 Connection timed out after 10000 milliseconds When disable firewall totally all work. Can tell me what IP or Port must be open, only TCP 80 and 443 not work. Thanks for answer. Edited June 17, 2023 by Glory88
Glory88 Posted June 17, 2023 Author Posted June 17, 2023 Add more infromation. Board working but can't reflash license and see this error. Why I use this firewall and can't disable, because I have for my IP open FTP, SSH port. Thanks for any reply.
Randy Calvert Posted June 17, 2023 Posted June 17, 2023 5 hours ago, Glory88 said: Add more infromation. Board working but can't reflash license and see this error. Why I use this firewall and can't disable, because I have for my IP open FTP, SSH port. Thanks for any reply. Those are all inbound services. You don’t want your firewall restricting outbound connections.
Glory88 Posted June 17, 2023 Author Posted June 17, 2023 1 minute ago, Randy Calvert said: Those are all inbound services. You don’t want your firewall restricting outbound connections. Have open port 80 and 443 for all IP traffic but as you can see, it's still too little to work.
Randy Calvert Posted June 17, 2023 Posted June 17, 2023 This post was recognized by Marc! Randy Calvert was awarded the badge 'Helpful' and 5 points. What happens when you try to run the following command from the server via SSH? curl -svo /dev/null https://remoteservices.invisionpower.com If the above command does not work, it's a firewall issue. The output SHOULD look something like: curl -svo /dev/null https://remoteservices.invisionpower.com * Trying [2600:9000:2508:ec00:16:1470:7d40:93a1]:443... * Connected to remoteservices.invisionpower.com (2600:9000:2508:ec00:16:1470:7d40:93a1) port 443 (#0) * ALPN: offers h2,http/1.1 * (304) (OUT), TLS handshake, Client hello (1): } [337 bytes data] * CAfile: /etc/ssl/cert.pem * CApath: none * (304) (IN), TLS handshake, Server hello (2): { [122 bytes data] * (304) (IN), TLS handshake, Unknown (8): { [19 bytes data] * (304) (IN), TLS handshake, Certificate (11): { [5030 bytes data] * (304) (IN), TLS handshake, CERT verify (15): { [264 bytes data] * (304) (IN), TLS handshake, Finished (20): { [36 bytes data] * (304) (OUT), TLS handshake, Finished (20): } [36 bytes data] * SSL connection using TLSv1.3 / AEAD-AES128-GCM-SHA256 * ALPN: server accepted h2 * Server certificate: * subject: CN=remoteservices.invisioncommunity.com * start date: Feb 24 00:00:00 2023 GMT * expire date: Feb 8 23:59:59 2024 GMT * subjectAltName: host "remoteservices.invisionpower.com" matched cert's "remoteservices.invisionpower.com" * issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M02 * SSL certificate verify ok. * using HTTP/2 * h2h3 [:method: GET] * h2h3 [:path: /] * h2h3 [:scheme: https] * h2h3 [:authority: remoteservices.invisionpower.com] * h2h3 [user-agent: curl/7.71.1-DEV] * h2h3 [accept: */*] * Using Stream ID: 1 (easy handle 0x7f8ae000f400) > GET / HTTP/2 > Host: remoteservices.invisionpower.com > user-agent: curl/7.71.1-DEV > accept: */* > < HTTP/2 500 < content-type: text/html; charset=UTF-8 < content-length: 0 < date: Sat, 17 Jun 2023 15:09:46 GMT < set-cookie: AWSALB=NcKhSYLwWLgh7aoGLNLNvun4SZ2jppFOAQ7+R4MXstAJutTYeHbMBytHjYTjQl7deYakTzjIZtpFQhOrH+heaCsP0G+Ezlz/wZEu/AGSPf36y2umJMkaYAazjQgW; Expires=Sat, 24 Jun 2023 15:09:46 GMT; Path=/ < set-cookie: AWSALBCORS=NcKhSYLwWLgh7aoGLNLNvun4SZ2jppFOAQ7+R4MXstAJutTYeHbMBytHjYTjQl7deYakTzjIZtpFQhOrH+heaCsP0G+Ezlz/wZEu/AGSPf36y2umJMkaYAazjQgW; Expires=Sat, 24 Jun 2023 15:09:46 GMT; Path=/; SameSite=None < server: Apache < x-cache: Error from cloudfront < via: 1.1 c625b1bdde545acdeb26c9f6ad3a8c6e.cloudfront.net (CloudFront) < x-amz-cf-pop: IAD12-P1 < x-amz-cf-id: FL5WuKYD_sg0GW2jdobrQeVb2B6Iusx0DUKg7ymsCEcRDlZZtia1qw== < { [0 bytes data] * Connection #0 to host remoteservices.invisionpower.com left intact If you don't have the above, it means the firewall never allowed the outbound request. Firewalls have two network paths. Inbound (meaning from the internet to your server) and outbound (from your server to the internet). Your firewall sounds like it is blocking OUTBOUND while allowing INBOUND. If you are not sure how to fix this, you would need to work with your hosting provider.
Recommended Posts