Meine IP wird automatisch auf dem Server gesperrt

475
Riz-waan

Ich muss wissen, durch welches Programm oder durch welche bestimmte Regel meine IP-Adresse gesperrt wird. Dies ist häufig der Fall, wenn ich programmiere. Es verbietet die interne IP-Adresse meines Routers, da ich mich über das LAN verbinde. Nach etwa 10 Minuten wird die IP-Adresse deaktiviert. Ich muss wissen, was das macht.

Hier ist das Kernel-Log,

Jul 24 12:40:35 buntubox-001 kernel: [68405.371388] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:42:40 buntubox-001 kernel: [68530.812091] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:44:46 buntubox-001 kernel: [68656.252761] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:46:51 buntubox-001 kernel: [68781.693450] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:48:56 buntubox-001 kernel: [68907.134130] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:51:02 buntubox-001 kernel: [69032.574810] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:53:07 buntubox-001 kernel: [69158.015484] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:55:13 buntubox-001 kernel: [69283.456341] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:57:18 buntubox-001 kernel: [69408.896851] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:59:24 buntubox-001 kernel: [69534.337509] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:01:29 buntubox-001 kernel: [69659.778153] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:03:35 buntubox-001 kernel: [69785.218879] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:05:40 buntubox-001 kernel: [69910.659585] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:07:45 buntubox-001 kernel: [70036.100269] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:09:51 buntubox-001 kernel: [70161.540931] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:11:56 buntubox-001 kernel: [70286.981572] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:14:02 buntubox-001 kernel: [70412.422228] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:16:07 buntubox-001 kernel: [70537.862891] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:18:13 buntubox-001 kernel: [70663.303475] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:20:18 buntubox-001 kernel: [70788.744104] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Hier ist das Protokoll von fail2ban:

2017-07-24 06:25:17,215 fail2ban.server [1219]: INFO rollover performed on /var/log/fail2ban.log  2017-07-24 06:25:50,566 fail2ban.filter [1219]: INFO Log rotation detected for /var/log/auth.log  2017-07-24 06:27:31,632 fail2ban.filter [1219]: INFO [sshd] Found 177.129.242.80  2017-07-24 07:42:37,836 fail2ban.filter [1219]: INFO [sshd] Found 171.25.193.131  2017-07-24 07:44:27,693 fail2ban.filter [1219]: INFO [sshd] Found 87.154.220.202  2017-07-24 07:44:27,760 fail2ban.filter [1219]: INFO [sshd] Found 87.154.220.202  2017-07-24 08:17:01,802 fail2ban.filter [1219]: INFO [sshd] Found 119.193.140.164  2017-07-24 09:44:05,257 fail2ban.filter [1219]: INFO [sshd] Found 91.197.232.103  2017-07-24 13:09:25,355 fail2ban.filter [1219]: INFO [sshd] Found 218.68.140.168

Und endlich ist hier mein iptables -L

root@buntubox-001:/var/www/html# iptables -L  Chain INPUT (policy DROP)  target prot opt source destination  DROP all -- 192.168.1.1 anywhere  f2b-sshd tcp -- anywhere anywhere multiport dports ssh  ufw-before-logging-input all -- anywhere anywhere  ufw-before-input all -- anywhere anywhere  ufw-after-input all -- anywhere anywhere  ufw-after-logging-input all -- anywhere anywhere  ufw-reject-input all -- anywhere anywhere  ufw-track-input all -- anywhere anywhere     Chain FORWARD (policy DROP)  target prot opt source destination  DROP all -- 192.168.1.1 anywhere  ufw-before-logging-forward all -- anywhere anywhere  ufw-before-forward all -- anywhere anywhere  ufw-after-forward all -- anywhere anywhere  ufw-after-logging-forward all -- anywhere anywhere  ufw-reject-forward all -- anywhere anywhere  ufw-track-forward all -- anywhere anywhere     Chain OUTPUT (policy ACCEPT)  target prot opt source destination  ufw-before-logging-output all -- anywhere anywhere  ufw-before-output all -- anywhere anywhere  ufw-after-output all -- anywhere anywhere  ufw-after-logging-output all -- anywhere anywhere  ufw-reject-output all -- anywhere anywhere  ufw-track-output all -- anywhere anywhere     Chain f2b-sshd (1 references)  target prot opt source destination  RETURN all -- anywhere anywhere     Chain ufw-after-forward (1 references)  target prot opt source destination     Chain ufw-after-input (1 references)  target prot opt source destination  ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns  ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm  ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn  ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds  ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps  ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc  ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST     Chain ufw-after-logging-forward (1 references)  target prot opt source destination  LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "     Chain ufw-after-logging-input (1 references)  target prot opt source destination  LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "     Chain ufw-after-logging-output (1 references)  target prot opt source destination     Chain ufw-after-output (1 references)  target prot opt source destination     Chain ufw-before-forward (1 references)  target prot opt source destination  ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED  ACCEPT icmp -- anywhere anywhere icmp destination-unreachable  ACCEPT icmp -- anywhere anywhere icmp source-quench  ACCEPT icmp -- anywhere anywhere icmp time-exceeded  ACCEPT icmp -- anywhere anywhere icmp parameter-problem  ACCEPT icmp -- anywhere anywhere icmp echo-request  ufw-user-forward all -- anywhere anywhere     Chain ufw-before-input (1 references)  target prot opt source destination  ACCEPT all -- anywhere anywhere  ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED  ufw-logging-deny all -- anywhere anywhere ctstate INVALID  DROP all -- anywhere anywhere ctstate INVALID  ACCEPT icmp -- anywhere anywhere icmp destination-unreachable  ACCEPT icmp -- anywhere anywhere icmp source-quench  ACCEPT icmp -- anywhere anywhere icmp time-exceeded  ACCEPT icmp -- anywhere anywhere icmp parameter-problem  ACCEPT icmp -- anywhere anywhere icmp echo-request  ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc  ufw-not-local all -- anywhere anywhere  ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns  ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900  ufw-user-input all -- anywhere anywhere     Chain ufw-before-logging-forward (1 references)  target prot opt source destination     Chain ufw-before-logging-input (1 references)  target prot opt source destination     Chain ufw-before-logging-output (1 references)  target prot opt source destination     Chain ufw-before-output (1 references)  target prot opt source destination  ACCEPT all -- anywhere anywhere  ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED  ufw-user-output all -- anywhere anywhere     Chain ufw-logging-allow (0 references)  target prot opt source destination  LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "     Chain ufw-logging-deny (2 references)  target prot opt source destination  RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10  LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "     Chain ufw-not-local (1 references)  target prot opt source destination  RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL  RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST  RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST  ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10  DROP all -- anywhere anywhere     Chain ufw-reject-forward (1 references)  target prot opt source destination     Chain ufw-reject-input (1 references)  target prot opt source destination     Chain ufw-reject-output (1 references)  target prot opt source destination     Chain ufw-skip-to-policy-forward (0 references)  target prot opt source destination  DROP all -- anywhere anywhere     Chain ufw-skip-to-policy-input (7 references)  target prot opt source destination  DROP all -- anywhere anywhere     Chain ufw-skip-to-policy-output (0 references)  target prot opt source destination  ACCEPT all -- anywhere anywhere     Chain ufw-track-forward (1 references)  target prot opt source destination     Chain ufw-track-input (1 references)  target prot opt source destination     Chain ufw-track-output (1 references)  target prot opt source destination  ACCEPT tcp -- anywhere anywhere ctstate NEW  ACCEPT udp -- anywhere anywhere ctstate NEW     Chain ufw-user-forward (1 references)  target prot opt source destination     Chain ufw-user-input (1 references)  target prot opt source destination  ACCEPT tcp -- anywhere anywhere tcp dpt:http  ACCEPT udp -- anywhere anywhere udp dpt:http  ACCEPT tcp -- anywhere anywhere tcp dpt:ssh  ACCEPT udp -- anywhere anywhere udp dpt:ssh  ACCEPT tcp -- anywhere anywhere tcp dpt:http /* 'dapp_Apache' */  ACCEPT all -- 192.168.1.1 anywhere  ACCEPT all -- 192.168.1.0/24 anywhere     Chain ufw-user-limit (0 references)  target prot opt source destination  LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "  REJECT all -- anywhere anywhere reject-with icmp-port-unreachable     Chain ufw-user-limit-accept (0 references)  target prot opt source destination  ACCEPT all -- anywhere anywhere     Chain ufw-user-logging-forward (0 references)  target prot opt source destination     Chain ufw-user-logging-input (0 references)  target prot opt source destination     Chain ufw-user-logging-output (0 references)  target prot opt source destination     Chain ufw-user-output (1 references)  target prot opt source destination
0

1 Antwort auf die Frage

2
djsmiley2k

Fail2ban ist ein Skript, das Protokolldateien untersucht und je nach Verbindungsfehler Verbote aufgibt.

Wenn es Sie nun verbietet und Sie keinen Verbindungsfehler hatten, ist er falsch konfiguriert und muss korrekt konfiguriert werden.

Um das Verbot zu stoppen, sollten Sie Ihren eigenen IP- / Reverse-DNS-Namen zur Whitelist hinzufügen, damit Sie nie gebannt werden. Dies funktioniert nur, wenn die IP-Adresse statisch ist.

In diesem Fall scheint es jedoch, dass alles von der unkomplizierten Firewall gesteuert wird. Ich habe die Wiki-Seite hier für Sie verlinkt.

Verwandte Probleme