Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Can't get APF Firewall to work on certain servers?

Discussion in 'General Discussion' started by noimad1, Dec 10, 2005.

  1. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    166
    I know this really isn't a cpanel issue, but I can never get any support or replies from the rfnetworks guys.

    For some reason i can not get the apf firewall to work on any servers that are hosted at a particular datacenter. We use three different datacenters, and it will only not work at the servers from one.

    Every time I try to run it, the entire server is locked out. You can't ping, http, ssh, anything until the firewall resets (with the dev mode set to 1).

    Has anyone else had experiences like this?

    The datacenter offers a firewall, but they charge $99 per month per server, which is ridiculous. I am wondering if they have set something that won't let you run your own firewall?

    Well I appreciate any help that can be given.

    Regards,
    Damion
     
  2. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    460
    Likes Received:
    3
    Trophy Points:
    318
    Location:
    Vancouver, Canada
    APF is not a full-blown firewall in itself -- it is a nice interface that configures IPtables. I suggest you check if IPTables is installed and running:
    Code:
    service iptables status
    If IPTables is running, you should see a list of chanes scrolling by.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    166


    I do understand that, but it just wouldn't work. I contacted the datacenter and they had me set the config for apf like this:

    # Untrusted Network interface; all traffic on defined #interface will be subject to all firewall rules. This #should be your internet exposed interface. Only one #interface is accepted for this value.
    IF="eth1"

    # Trusted Network interface(s); all traffic on defined #interface(s) will by-pass ALL firewall rules (white space #or comma seperated list; e.g: TIF="eth1 eth2").
    TIF="eth0"

    I didn't realize they had the server setup that way, so now i feel kind of dumb for not checking that.

    Anyway, I was able to get it to work once I set the eth1 and eth0....
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice