My IP is... banned?

kuba-orlik · November 16, 2019, 3:49pm

My YunoHost server

Hardware: VPS bought online
YunoHost version: 3.6.5.3
I have access to my server : Through SSH & through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

I cannot connect to my yunohost server from my home IP. Both ssh and http give “connection refused”. Connecting from a different IP (another building and proxy) work fine.

fail2ban does not seem to be the culprit:

root@yuno:/home/admin# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed:	0
|  |- Total failed:	17
|  `- File list:	/var/log/auth.log
`- Actions
   |- Currently banned:	0
   |- Total banned:	0
   `- Banned IP list:

no traces of blocking in iptables, either:

root@yuno:/home/admin# sudo iptables -L INPUT -v -n
Chain INPUT (policy DROP 379 packets, 19885 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 2103  259K f2b-yunohost  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443
 2103  259K f2b-wallabag2  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443
 2103  259K f2b-nextcloud  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443
10923 1345K f2b-pam-generic  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
10928 1345K f2b-recidive  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
   24  1008 f2b-postfix-sasl  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 25,587,143,993,110,995
    0     0 f2b-dovecot  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 110,995,143,993,587,4190
   24  1008 f2b-postfix  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 25,587
 1981  252K f2b-nginx-http-auth  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443
 1919  169K f2b-sshd-ddos  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
 1919  169K f2b-sshd   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
15777 2126K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
   77  4396 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
   12   528 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25
   14   632 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
   58  3012 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
  119  6928 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5222
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5269
  577 48900 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    2   442 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:5353
  502 30120 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
 1954 63689 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0

I’m running out of ideas about what to check. I set up yunohost only yesterday and it worked from the banned IP

Zinkie · November 16, 2019, 4:07pm

Can you connect from outside your LAN (ie from computers not connected to your home wifi / ethernet cable)? If you can, but it doesn’t work when connecting from home then you probably have a hairpinning issue.

kuba-orlik · November 16, 2019, 4:20pm

I’ve just figured out what the issue was. My ip landed in the recidive jail. Unbanning it with fail2ban-client set recidive unbanip <ip-address> helped. Now I only have to figure out what caused the ban.

Sorry for trouble and thank you for help!

Zinkie · November 17, 2019, 12:05am

Glad you figured it out. If you figure out what caused the ban, it would be useful to post it here to help future people having this issue.

kuba-orlik · November 17, 2019, 3:16pm

I think the most likely cause for that ban is that one of my desktop apps tried to connect to it with invalid credentials in the background. Could’ve been Nextcloud, Korganizer or Evolution