Search code examples
wordpresshttpiptablesdedicated-server

Outgoing connections from dedicated server denied with iptables shut off

I have a peculiar problem with my dedicated webserver. It's running CentOS and uses PLESK for administration through web.

I noticed the problem in the title when trying to update plugins in wordpress aswell as wordpress itself. When trying to update a plugin or wordpress it throws me this error:

"Download failed.: Failed to connect to 72.233.56.139: Permission denied"

First thing I did was to apply a rule (in the PLESK firewall) that allowed both incoming and outgoing traffic to the IP, but to no avail. I further investigated this by SSHing into the server and checking the iptables, which has the following outgoing rules:

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02     reject-with tcp-reset
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            72.233.56.138
ACCEPT     tcp  --  0.0.0.0/0            72.233.56.138
ACCEPT     udp  --  0.0.0.0/0            72.233.69.88
ACCEPT     udp  --  0.0.0.0/0            72.233.69.89
ACCEPT     udp  --  0.0.0.0/0            66.135.58.62
ACCEPT     udp  --  0.0.0.0/0            66.135.58.61
ACCEPT     tcp  --  0.0.0.0/0            72.233.69.88
ACCEPT     tcp  --  0.0.0.0/0            72.233.69.89
ACCEPT     tcp  --  0.0.0.0/0            66.135.58.62
ACCEPT     tcp  --  0.0.0.0/0            66.135.58.61
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

The other IPs are for the Akismet anti-spam filter which is also not working (it cannot connect to the akismet servers).

I contacted my host and they looked into it, but the reply I got was that they didn't know (!) what caused the problem and said I needed to figure it out myself.

First thing I tried was to stop iptables and opening up everything, but I still get permission denied on outgoing traffic (incoming is allowed and works perfectly as people can comment/spam like crazy on my blog).

Does anyone know what I could try to further troubleshoot this? It seems very strange that the traffic is still blocked even though the firewall is completely (?) shut down using "iptables stop".

Solution

  • Of all things, I eventually found out that the problem was caused by selinux which was set to "enforced". I changed it using 

    # nano -w etc/sysconfig/selinux

    And changing the line "SELINUX=enforcing" to "SELINUX=permissive" and reboot my server. Now everything is working as it's supposed to.