The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't get APF Firewall to work on certain servers?

Discussion in 'General Discussion' started by noimad1, Dec 10, 2005.

  1. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    I know this really isn't a cpanel issue, but I can never get any support or replies from the rfnetworks guys.

    For some reason i can not get the apf firewall to work on any servers that are hosted at a particular datacenter. We use three different datacenters, and it will only not work at the servers from one.

    Every time I try to run it, the entire server is locked out. You can't ping, http, ssh, anything until the firewall resets (with the dev mode set to 1).

    Has anyone else had experiences like this?

    The datacenter offers a firewall, but they charge $99 per month per server, which is ridiculous. I am wondering if they have set something that won't let you run your own firewall?

    Well I appreciate any help that can be given.

    Regards,
    Damion
     
  2. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    451
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Vancouver, Canada
    APF is not a full-blown firewall in itself -- it is a nice interface that configures IPtables. I suggest you check if IPTables is installed and running:
    Code:
    service iptables status
    If IPTables is running, you should see a list of chanes scrolling by.
     
  3. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16


    I do understand that, but it just wouldn't work. I contacted the datacenter and they had me set the config for apf like this:

    # Untrusted Network interface; all traffic on defined #interface will be subject to all firewall rules. This #should be your internet exposed interface. Only one #interface is accepted for this value.
    IF="eth1"

    # Trusted Network interface(s); all traffic on defined #interface(s) will by-pass ALL firewall rules (white space #or comma seperated list; e.g: TIF="eth1 eth2").
    TIF="eth0"

    I didn't realize they had the server setup that way, so now i feel kind of dumb for not checking that.

    Anyway, I was able to get it to work once I set the eth1 and eth0....
     
Loading...

Share This Page