4

I'm setting up ufw for the first time. Using Ubuntu 10.04 LTS on an OpenVZ VPN and have the following rules:

sudo ufw allow 22/tcp
sudo ufw allow 25/tcp
sudo ufw allow 53
sudo ufw allow 80
sudo ufw allow 443
sudo ufw default deny

SSH and everything else works fine, and I can access static content on nginx. However when I visit a PHP page, it takes ages before giving a 504 Gateway Time-out page. I'm using php5-fpm

I've tried a number of rules including the following:

allow from 127.0.0.1 to 127.0.0.1 port 9000
allow from 127.0.0.1 port 9000 to 127.0.0.1 port 9000
allow 9000
allow from 127.0.0.1 to 127.0.0.1

But none of them fix the problem. As soon as I turn off the firewall, everything works fine. Php5-fpm is definitely running and using port 9000.

Any help appreciated, thanks! I'll post back if I work it out.

Additional config: http://pastebin.com/3e6rHRti

John
  • 141
  • 1
  • 4

1 Answers1

5

Right.. I think that a lot of the confusion is because of UFW, so I'll make the recommendation that you stop using it, and spend some time learning how iptables itself works. It's much more common to use iptables directly, instead of a wrapper around it.

In the meantime.

try: 

allow from 127.0.0.0/8
allow in on lo0
allow out on lo0
Tom O'Connor
  • 27,480
  • 10
  • 73
  • 148
  • I can't vote up as under 15 reputation, but thanks for your help. This did not work, the problem seems to be OpenVZ related issues with iptables. I solved the problem by learning all about iptables and not using ufw. OpenVZ is very picky about what iptables commands can be used. – John Jan 21 '11 at 14:29