Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Can't get APF Firewall and poptop pptpd work together :\

[yaiR]

When APF run's i keep on getting stuck in "Verifiyng Username and Password..." and then i get a ERROR 619.
(APF installed on the server that has pptpd)..

I opened ports 47 and 1723, but nothing seems to help, when i shutdown apf firewall pptpd works like a charm..
any idea's?

[crucialx]

Do you have port 47 open in both directions? If you do already, then you may want to use: netstat -napt to see which ports are being opened by pptpd.

[yaiR]

Quote:

Originally Posted by crucialx

Do you have port 47 open in both directions? If you do already, then you may want to use: netstat -napt to see which ports are being opened by pptpd.

nope, it dosn't use any other ports..

my server uses eth0 for incoming and outgoing WAN..
when i connect to the server throw pptpd (APF off) i get internal IP's 192.168.1.X, maybe it opens virtual network "lan" and i need somehow to configure it in APF Firewall?

[crucialx]

Hmmm, you may have to, not sure how pptpd works. If it creates a new network device (you can find out by using ifconfig) then you may need to add that device to the trusted devices in the APF config...

[yaiR]

Quote:

Originally Posted by crucialx

Hmmm, you may have to, not sure how pptpd works. If it creates a new network device (you can find out by using ifconfig) then you may need to add that device to the trusted devices in the APF config...

Code:

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:84.94.x.x  P-t-P:192.168.1.12  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1396  Metric:1
          RX packets:19 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:1560 (1.5 KiB)  TX bytes:104 (104.0 b)

when apf is down and i connect with pptpd.
(i edited 84.94.x.x)

when i try to put ppp0 in my conf.apf like:
IFACE_IN="eth0"
IFACE_OUT="eth0"

to:
IFACE_IN="eth0, ppp0"
IFACE_OUT="eth0, ppp0"

I get:

Code:

[root@server apf]# ./apf -r
ppp0: Unknown host
ifconfig: `--help' gives usage information.
ppp0: Unknown host
ifconfig: `--help' gives usage information.
ppp0: Unknown host
ifconfig: `--help' gives usage information.
ppp0: Unknown host
ifconfig: `--help' gives usage information.
ppp0: Unknown host
ifconfig: `--help' gives usage information.
could not verify that interface eth0, ppp0 is routed to a network, aborting.

I dont want to put the IP's 192.168.1.X in IFACE_TRUSTED becuase i need to make rules for them :\

when i disconnect from ppptpd ppp0 disappear from ifconfig..

so when i tr to put only ppp0 in IFACE_TRUSTED :
could not verify that interface ppp0 is routed to a network, aborting.

[yaiR]

up. . . :\