How to fix googlebot Server Connectivity

alfish asked:

I get ‘Server Connectivity’ error at google webmaster tool. I suspect it is because of iptables rules that I’ve set to counter some DDoS attacks, thugh I’m not sure which rules could be relevant. This may also help to know that I use Varnish/nginx combo as webserver and a standard robots.txt.

Here are the iptables rules

Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports ssh

DROP       udp  --  anywhere             anywhere            udp dpt:fsp
DROP       tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
DROP       all  -f  anywhere             anywhere           
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP       udp  --  anywhere             anywhere            udp dpt:54243 
DROP       udp  --  anywhere             anywhere            udp dpt:53331
DROP       udp  --  anywhere             anywhere            udp dpt:19147
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:11211

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I appreciate your hints to resolve this.

My answer:


You’re really letting the whole world access your memcached?! And for that matter practically everything else, since you’re only dropping traffic on a few ports.

I would suggest you drop that entire configuration and generate a fresh one using a tool such as system-config-firewall-tui (CentOS 6) or shorewall (any distribution).


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.