stackoom
  简体   繁体   中英

What is blocking the IP address of my iPhone as soon as I access my WordPress instance?

 原文  2023-01-05 21:06:25       iphone/ wordpress/ archlinux/ linode/ ufw

Question

I have an Arch Linux Linode, it runs WordPress, using the Linux Server IO Swag container . It works. I installed UFW and Tailscale, all SSH traffic is over the Tai.net, port 80 and 443 are open:

Status: active

To                         Action      From
--                         ------      ----
Anywhere on tailscale0     ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
Anywhere (v6) on tailscale0 ALLOW       Anywhere (v6)

Everything works well, until I access the WordPress instance on my iPhone (Firefox for iOS), at that point the IP I use to access the system from the iPhone gets blocked for some time. Let me demonstrate:

I scan the ports

nmap -p 443,80 anacreon.domain.nl
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-05 21:50 CET
Nmap scan report for anacreon.domain.nl (139.144.66.219)
Host is up (0.034s latency).
Other addresses for anacreon.domain.nl (not scanned): 2a01:7e01::f03c:93ff:fea2:10ab

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds

Now, let me connect with my iPhone (to another domain pointing to the same box, routed to WP), and see what we get within 2 sec or so:

nmap -p 443,80 anacreon.domain.nl
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-05 21:51 CET
Nmap scan report for anacreon.domain.nl (139.144.66.219)
Host is up (0.034s latency).
Other addresses for anacreon.domain.nl (not scanned): 2a01:7e01::f03c:93ff:fea2:10ab

PORT    STATE  SERVICE
80/tcp  closed http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds

Now, if I switch on my Mullvad VPN on my iPhone I can find the WP instance and click about 1 link on it before it's blocked again. If I switch on my Mullvad VPN on my laptop can access the system, let me demonstrate, I execute these commands withing 3 sec or so:

[freek@freex ~]$ nmap -p 443,80 anacreon.domain.nl
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-05 21:54 CET
Nmap scan report for anacreon.domain.nl (139.144.66.219)
Host is up (0.033s latency).
Other addresses for anacreon.domain.nl (not scanned): 2a01:7e01::f03c:93ff:fea2:10ab

PORT    STATE  SERVICE
80/tcp  closed http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds

[freek@freex ~]$ wg-quick up mullvad-se3
wg-quick must be run as root. Please enter the password for freek to continue: 
[#] ip link add mullvad-se3 type wireguard
[#] wg setconf mullvad-se3 /dev/fd/63
[#] ip -4 address add 10.66.88.174/32 dev mullvad-se3
[#] ip -6 address add fc00:bbbb:bbbb:bb01::3:58ad/128 dev mullvad-se3
[#] ip link set mtu 1420 up dev mullvad-se3
[#] resolvconf -a mullvad-se3 -m 0 -x
[#] wg set mullvad-se3 fwmark 51820
[#] ip -6 route add ::/0 dev mullvad-se3 table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] nft -f /dev/fd/63
[#] ip -4 route add 0.0.0.0/0 dev mullvad-se3 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] nft -f /dev/fd/63

[freek@freex ~]$ nmap -p 443,80 anacreon.domain.nl
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-05 21:54 CET
Nmap scan report for anacreon.domain.nl (139.144.66.219)
Host is up (0.050s latency).
Other addresses for anacreon.domain.nl (not scanned): 2a01:7e01::f03c:93ff:fea2:10ab

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds

Indeed now I can access and use the site from my laptop normally. And, in about 10-20 minutes the ports open for my private IP address again.

I'm really baffled, I didn't install any firewall other than UFW and it shouldn't even block anything. I did not install fail2ban or any such service.

What could this be? Why does my iPhone trigger it (with normal use even)?

Any suggestions on how to further investigate?

Oh, when I disable UFW it still happens, here I keep port scanning while I access the WP instance:

nmap -p 443,80 anacreon.domain.nl
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-05 22:03 CET
Nmap scan report for anacreon.domain.nl (139.144.66.219)
Host is up (0.036s latency).
Other addresses for anacreon.domain.nl (not scanned): 2a01:7e01::f03c:93ff:fea2:10ab

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds
[freek@freex ~]$ nmap -p 443,80 anacreon.domain.nl
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-05 22:03 CET
Nmap scan report for anacreon.domain.nl (139.144.66.219)
Host is up (0.16s latency).
Other addresses for anacreon.domain.nl (not scanned): 2a01:7e01::f03c:93ff:fea2:10ab

PORT    STATE    SERVICE
80/tcp  closed   http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 4.50 seconds

[freek@freex ~]$ nmap -p 443,80 anacreon.domain.nl
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-05 22:03 CET
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds

[freek@freex ~]$ nmap -p 443,80 anacreon.domain.nl
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-05 22:03 CET
Nmap scan report for anacreon.domain.nl (139.144.66.219)
Host is up (0.27s latency).
Other addresses for anacreon.domain.nl (not scanned): 2a01:7e01::f03c:93ff:fea2:10ab

PORT    STATE  SERVICE
80/tcp  closed http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 2.27 seconds

Notice that for a time it indicates the port is filtered...

Perhaps I should also mention that I have nginx basic auth enabled in front of the WP instance.

As said, I'm confused. I would really like to learn to determine what goes wrong here.

1 answers

solution1
 0  2023-01-06 21:49:06

Ok, I found it, the Swag container has fail2ban activated... It seems that is does not play nice with the Nginx basic auth: https://docs.linuxserver.io/images/docker-swag#using-fail2ban

I guess this is the flip side of complex infra as code, 15 years ago there never was some service I didn't know I was running;)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I know the IP address of my iPhone simulator? geo location and blocking access to my app on iPhone What is the iPhone simulator IP address? iPhone - My new view is blocking my toolbar Could I connect to my iphone using 3g ip? UIControl blocking all my views on iPhone What can I do with my old iPhone Get IP Address of Device connected to my iPhone's Personal Hotspot using Swift Will my view be released too soon if I do this My xcode app is not installed on my iPhone, what can i do?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM