The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

APF firewall and new IPs

Discussion in 'General Discussion' started by Kasper.S, Oct 14, 2004.

  1. Kasper.S

    Kasper.S Member

    Joined:
    Feb 19, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Finland
    Hello,

    I bought new IPs for ssl connections. I added the IPs from WHM. I restarted APF firewall but no mention in apf log about new ips. What i need to do that ips are covered by APF firewall running at the server?

    - Regards, Kasper.S
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Try running:

    /etc/apf/vnet/vnetgen
     
  3. Kasper.S

    Kasper.S Member

    Joined:
    Feb 19, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Finland
    Thanks for the answer! I tried but nothing happened. In /etc/apf/vnet/ there is files main.vnet and vnetgen.def (and vnetgen). Those are not modified anyhow so ips must be added to those files somehow?
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Might depend on which version of APF you are using. The latest one only requires a reload of APF to register new IP addresses in the firewall:

    apf -r

    You can then check whether it has picked up the new IP address with:

    iptables -L -n | grep 11.22.33.44

    Where 11.22.33.44 is your new IP address. If it gets some hits, it should be working OK.
     
  5. Kasper.S

    Kasper.S Member

    Joined:
    Feb 19, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Finland
    It seems that ips was there already. for example..

    iptables -L -n | grep 69.57.139.136
    tcp -- 69.57.139.136 0.0.0.0/0 tcp dpt:80
    tcp -- 0.0.0.0/0 69.57.139.136 tcp spt:80
    tcp -- 69.57.139.136 0.0.0.0/0 tcp dpt:25
    tcp -- 0.0.0.0/0 69.57.139.136 tcp spt:25
    tcp -- 69.57.139.136 0.0.0.0/0 tcp dpt:110
    tcp -- 0.0.0.0/0 69.57.139.136 tcp spt:110
    icmp -- 69.57.139.136 0.0.0.0/0
    icmp -- 0.0.0.0/0 69.57.139.136
    tcp -- 69.57.139.136 0.0.0.0/0
    tcp -- 0.0.0.0/0 69.57.139.136
    udp -- 69.57.139.136 0.0.0.0/0
    udp -- 0.0.0.0/0 69.57.139.136
    all -- 69.57.139.136 0.0.0.0/0
    all -- 0.0.0.0/0 69.57.139.136


    I though that those ips should found in listing when doing apf -st, only main + DNS ips was there.

    - Cheers, Kasper.S
     
  6. Kasper.S

    Kasper.S Member

    Joined:
    Feb 19, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Finland
    Virtual network wasn't enabled (EN_VNET="0") so now it is working.
     
Loading...

Share This Page