How I Got Back Into my Centos Server After Messing up my IPTables and SSH Port

May 24, 2014 at 5:12 am

lockWhat I did seems to be a fairly common mistake, but I still feel pretty stupid. I changed my SSH port from the standard 22 to 1000. This would’ve been fine, if I didn’t forget to run this afterwards:

iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 1000 -j ACCEPT

The net effect was that when I tried to log back in, the port was not open. Luckily, there are two ways that you can get out in a scenario like this.

The first method didn’t work for me, because I couldn’t FTP into the server as root. If I could, I would have put a file in /etc/cron.d with these contents:

* * * * * root /sbin/service iptables stop

Unfortunately, I couldn’t use this method. Luckily I had cpanel and whm installed, and this offers a second way to get out of a locked server if the problem is iptable / port related. You can simply:

  1. Go to your WHM url (usually, www.yoursite.com/whm)
  2. Log in
  3. Modify the url by appending: /scripts2/doautofixer?autofix=iptablesflush (i.e. something like this: www.yoursite.com/scripts2/doautofixer?autofix=iptablesflush)

You should see a message saying the iptables were flushed:

autofixer