The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

APF - Problem

Discussion in 'General Discussion' started by damoura, Jul 30, 2005.

  1. damoura

    damoura Member

    Joined:
    Feb 10, 2004
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I install the APF in my server, my os is FC 3 and 2 NIC´s, 1hen I start the APF he block all ports, including the that I liberated in the file of configuration !
     
  2. bijo

    bijo Well-Known Member

    Joined:
    Aug 21, 2004
    Messages:
    475
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    Hello,

    Check your apf conf file and enable the following ports in your config file
    ------------------------------------------------------------------------------------------------------------
    IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306,10000,35000_35999,36810"

    IG_UDP_CPORTS="20,21,53,1040,36810"

    Then restart Afp.

    It will help you to solve this issue. But you need ssh access on your server to do that. You can contact your noc to flush out your iptables rules

    Let me know the status ;)
     
  3. Blue|Fusion

    Blue|Fusion Well-Known Member

    Joined:
    Sep 12, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Cleveland, Ohio
    First off, ensure that DEVM is set to 1, so that after 5 minutes, the rules are automatically flushed by a cronjob if the settings are unsuccessful. when you get it working properly, then switch disable DEVM.

    Next step is to ensure you have the correct ethernet device selected. To find out which ethernet device is in use by your server which you're accessing it through, look through the output of ifconfig. You want to find the IPs used by your server for domains. For example, the domain mydomain.com uses IP address 12.34.56.78 on that server, so you want to find 12.34.56.78 in ifconfig or any IPs you have in that range. You will then see either eth0, eth1, or one of them with a colon and a number after it (i.e. eth0:4). The colon and the number after it represents a virtual ethernet device, which is how you have it listen on multiple IPs without requiring multiple NICs. So, drop the colon and the number, whichever ethenet device it is and set the variable, IF to that (by default it is set to eth0).

    Once that is set properly, save the config file and then try service apf restart.

    You can also prevent yourself from being locked out by putting the IP of your home or work PC into /etc/apf/allow_hosts.rules.
     
  4. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lewisville, Tx
    One common problem that can cause that is that you have dual nics. I know a lot of the new TP servers have eth0 setup for the NAS network and the public is actually eth1.
     
  5. KaseyJohns

    KaseyJohns Registered

    Joined:
    Feb 7, 2002
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    dual NICs

    I don't think APF supports dual NICs. I ran into this with the PNet at EV1... you either have to mark the second NIC as "trusted" using TIF="" (which has the side effect of allowing in ALL traffic), or it will be completely blocked by APF. Nothing you change in the configuration will apply to anything but the interface listed in the IF="" config line, and you can only specify one there.

    I've seen talk of work being done to make APF support multiple interfaces, but have not seen anything concrete on that.
     
  6. damoura

    damoura Member

    Joined:
    Feb 10, 2004
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    I have 2 NIC´s face to the internet in this machine (eth0 and eth1) and diferents IP´s, when i insert eth1 in the parameter TIF=" " and restart the APF, apf it liberates all ports and that did not I liberate in the file conf.apf
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You need to discuss this over on the rfxnetworks forums as this has nothing to do with cPanel.
     
  8. damoura

    damoura Member

    Joined:
    Feb 10, 2004
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Sorry.....
     
Loading...

Share This Page