UFW Blocking opbeat

Question

I am using opbeat for error reporting on a Django app. My app is running on a server with Ubuntu 15.10 and is using UFW for firewall security.

Unfortunately, the firewall is also blocking opbeat from sending error reports from my server to their cloud. Opbeat's support told me what port their interface connects through and I allowed all incoming and outgoing traffic from that port.

In addition, I allowed traffic to and from their current IP address. Since they use AWS they have dynamic IPs, so this would have been a temporary solution. However, even with the current IP allowed, the firewall would still not allow error messages to go through.

Has anyone else used opbeat with ufw who may have a solution?

Thanks!

EDIT

Below is the output of sudo ufw status verbose as requested. I've truncated it to remove any IPs that don't have to do with opbeat. Also, supervisor/gunicorn runs my app on port 9000 and I have a varnish cache on port 8081 for the app. Those are non-standard so worth mentioning.

Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
80                         ALLOW IN    Anywhere
443                        ALLOW IN    Anywhere
80/tcp (Nginx HTTP)        ALLOW IN    Anywhere
443/tcp (Nginx HTTPS)      ALLOW IN    Anywhere
52.22.203.50               ALLOW IN    Anywhere
52.22.0.0/16               ALLOW IN    Anywhere
Anywhere                   ALLOW IN    52.22.0.0/16
54.165.0.0/16              ALLOW IN    Anywhere
Anywhere                   ALLOW IN    54.165.0.0/16
Anywhere                   ALLOW IN    54.165.156.121
54.165.156.121             ALLOW IN    Anywhere
52.4.105.210               ALLOW IN    Anywhere
Anywhere                   ALLOW IN    52.4.105.210
8081                       ALLOW IN    Anywhere
Anywhere                   ALLOW IN    52.4.0.0/16
52.4.0.0/16                ALLOW IN    Anywhere
Anywhere                   ALLOW IN    52.4.105.0/24
80 (v6)                    ALLOW IN    Anywhere (v6)
443 (v6)                   ALLOW IN    Anywhere (v6)
80/tcp (Nginx HTTP (v6))   ALLOW IN    Anywhere (v6)
443/tcp (Nginx HTTPS (v6)) ALLOW IN    Anywhere (v6)
8081 (v6)                  ALLOW IN    Anywhere (v6)
52.22.203.0/24             DENY OUT    Anywhere
443                        ALLOW OUT   Anywhere
80                         ALLOW OUT   Anywhere
445                        ALLOW OUT   Anywhere
8010                       ALLOW OUT   Anywhere
465                        ALLOW OUT   Anywhere
22                         ALLOW OUT   Anywhere
9000                       ALLOW OUT   Anywhere
8081                       ALLOW OUT   Anywhere
443 (v6)                   ALLOW OUT   Anywhere (v6)
80 (v6)                    ALLOW OUT   Anywhere (v6)
445 (v6)                   ALLOW OUT   Anywhere (v6)
8010 (v6)                  ALLOW OUT   Anywhere (v6)
465 (v6)                   ALLOW OUT   Anywhere (v6)
22 (v6)                    ALLOW OUT   Anywhere (v6)
9000 (v6)                  ALLOW OUT   Anywhere (v6)
8081 (v6)                  ALLOW OUT   Anywhere (v6)

Please edit your question with the output of `sudo ufw status verbose`. — EEAA, Jan 10 '17 at 17:18

score 1 · Answer 1 · answered Jan 10 '17 at 17:43

1

You have a deny out to 52.22 that might be blocking outbound traffic to opbeat. I would suggest removing that deny rule.

answered Jan 10 '17 at 17:43

2ps

1,076
8
11

Yep, removing those rules fixed it. Thanks! Can't believe I didn't catch that. – Brian Jan 10 '17 at 20:01

UFW Blocking opbeat

1 Answers1