Results 1 to 17 of 17
Thread: APF Firewall problems on my VPS
-
09-23-2006, 03:02 PM #1Web Hosting Master
- Join Date
- Jul 2006
- Posts
- 1,080
APF Firewall problems on my VPS
Hi guys
Ive recently installed APF following a guide
But i cannot start the firewall i get this:
root@jupiter [~/apf-0.9.6-1]# /usr/local/sbin/apf -s
eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found
Development mode enabled!; firewall will flush every 5 minutes.
Unable to load iptables module (ip_tables), aborting.
anyone know why i get this?
Thanks for any help in advance
-
09-23-2006, 03:47 PM #2Web Hosting Master
- Join Date
- Jul 2006
- Posts
- 1,080
Found the problem
But i dont know how to unistall the Virtuozzo Power Panels Firewall
-
09-23-2006, 03:47 PM #3Web Hosting Master
- Join Date
- Feb 2006
- Posts
- 665
http://www.futurehosting.com
Managed, Unmanaged VPS, Dedicated Servers, CDN
Available locations: Australia, Amsterdam, Detroit, London, Santa Clara, Miami
-
09-23-2006, 03:48 PM #4Eternal Member
- Join Date
- Dec 2004
- Location
- New York, NY
- Posts
- 10,710
You need to configure APF for your VPS.
Attached is a /etc/apf/conf.apf that I use.
Once you have implemented it and started APF with success (all services still function), you can run the following commands to disable devel mode:
Code:sed -i -e 's/^DEVEL.*/DEVEL_MODE=\"0\"/1' /etc/apf/conf.apf apf -r
MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business
-
09-23-2006, 04:09 PM #5Web Hosting Master
- Join Date
- Dec 2004
- Location
- Butler,TN
- Posts
- 2,416
Hi!
If none of this helps...I would ask your host what iptables have been enabled...while it is true most have *some* modules enabled...not all are enabled by default...they have to be enabled either globally or a per-vps basis.
BryonBryon L Harvey
Soil Relocation Engineer
-
09-23-2006, 04:13 PM #6Web Hosting Master
- Join Date
- Jul 2006
- Posts
- 1,080
Apparently other VPS's are already running APF
I did basic configuring of the firewall tryed to start it and it failed
-
09-23-2006, 04:17 PM #7Web Hosting Master
- Join Date
- Dec 2004
- Location
- Butler,TN
- Posts
- 2,416
Hi!
Have you done the goold ole:
cat /proc/user_beancounters to see if you are hitting the wall on some resources..and that is why it is failing?
Ah! I know! It has a log file...look at the log file and see why it won't start.
I've never played with apf on a vps. Blah. I need a break. I'll take a stab at it.
BryonBryon L Harvey
Soil Relocation Engineer
-
09-23-2006, 04:45 PM #8Web Hosting Master
- Join Date
- Jul 2006
- Posts
- 1,080
If anyone could provide how to unistall and an updated install it would be much appreciated
I think the old install i followed mighta been wrong also i dunno
-
09-23-2006, 05:36 PM #9Web Hosting Master
- Join Date
- Dec 2004
- Location
- Butler,TN
- Posts
- 2,416
Hi!
Uninstalling it is quite easy...I'll find the instructions in a sec.
Now...the mere presence of a control panel may cause problems as well. If you have Cpanel..there are cpanel-specific instructions available on webhostgear.com.
Ok...my experience just now did not go well. In fact..I learned that HSP complete already had a "security" module running...which was using ip tables..hence...the apf install did not go well. Sadly...I'm downloading a manual to see what this module does...if I want to keep it..or get rid of it. removing apf is simple:
chkconfig --del apf
rm /etc/init.d/apf /etc/cron.d/fw
rm -rf /etc/apf
I think you have power panel..which is similar...I would look for a "security" module..much like the one I have. Blah...I'm getting rid of mr. security module anyways.Last edited by bryonhost1; 09-23-2006 at 05:45 PM.
Bryon L Harvey
Soil Relocation Engineer
-
09-23-2006, 06:09 PM #10Web Hosting Master
- Join Date
- Dec 2004
- Location
- Butler,TN
- Posts
- 2,416
Hi!
COrrection to my post..there is no security module...I'm not sure what I was looking at..and..even odder..I can't find it now. Nevertheless..the problem at hand is this: Iptables is getting rules from somewhere...and these rules are interfering with apf's operation. In fact..my screen looked exactly like yours...so I'm willing to bet your problem is almost the same.
I will look at the manual...perhaps iptables module needs to be removed altogether...I just don't know. As I said...this is one facet I had not felt moved to investigate. However...I'm willing to bet if I disabled iptables or removed it altogether...apf would work fine.
BryonBryon L Harvey
Soil Relocation Engineer
-
09-23-2006, 11:38 PM #11Web Hosting Master
- Join Date
- Dec 2004
- Location
- Butler,TN
- Posts
- 2,416
Hi!
How is it going with your situation? I found the "security" module after all...it waqsn't in services...but in "Applications"...and I tried stopping iptables..and starting apf...that didn't work. I have uninstalled "security" module...and will reboot the vps right now. I will then see if apf can start correctly. Woo!
>>Well...that didn't work either. I'm turning iptables back on and going ta bed. zzzz.
It should also be pointed out that a vps that comes with HSP complete brings more to the table than the plain-jane virtuozzo or openvz install.
A mail server is ready to go...which I do not think is available with a normal virtuozzo install..but I could be wrong.
BryonLast edited by bryonhost1; 09-23-2006 at 11:47 PM.
Bryon L Harvey
Soil Relocation Engineer
-
09-24-2006, 02:38 AM #12Web Hosting Master
- Join Date
- Jul 2006
- Posts
- 1,080
Cant remove APF to try again
root@jupiter [~]# chkconfig --del apf
root@jupiter [~]# rm /etc/init.d/apf /etc/cron.d/fw
rm: remove regular file `/etc/init.d/apf'?
rm: cannot lstat `/etc/cron.d/fw': No such file or directory
-
09-24-2006, 08:53 AM #13Web Hosting Master
- Join Date
- Dec 2004
- Location
- Butler,TN
- Posts
- 2,416
Hi!
Oh..that's fine...mine said that too. It's gone...the system is just telling you it can't remove a file or directory that does not exist.
I went ahead and put my "security" module back as well..to manage iptables. It seems to work fine...so I'm going to stop here...I need to get back to other things.
If you really want to continue...I would recommend putting in a ticket with your host..and explain exactly what you want to do...and they may be able to provide a workaround.
BryonBryon L Harvey
Soil Relocation Engineer
-
09-24-2006, 11:44 AM #14Retired Moderator
- Join Date
- Apr 2005
- Posts
- 3,499
Well back to your original problem, you had the interface wrong. It needed to be venet0 instead of eth0.
Best of luck,
Alex
-
09-24-2006, 04:24 PM #15Web Hosting Master
- Join Date
- Jul 2006
- Posts
- 1,080
Ok guys ive made the changes to venet0
now ive got this:
Note: These ports are not auto-configured; they are simply presented for infor mation purposes. You must manually configure all port options.
root@jupiter2 [/etc/apf]# f-0.9.6-1]#
root@jupiter2 [/etc/apf]# f-0.9.6-1]# cd /etc/apf
root@jupiter2 [/etc/apf]# pico -w conf.apf
root@jupiter2 [/etc/apf]# service apf start
Starting APFevelopment mode enabled!; firewall will flush every 5 minutes.
Unable to load iptables module (ip_tables), aborting.
Still got development mode on as im still testing
-
09-25-2006, 12:26 AM #16Junior Guru
- Join Date
- May 2006
- Location
- Shanghai,China
- Posts
- 247
Is Virtuozoo's Linux VPS support iptables well ?
My Personal Sites:Oh !!!MIYU-GのDAYs
http://www.1221.in
MY LIFE IS COOL,SO IS MY VPS I WILL TELL YOU MORE ABOUT VPS
-
09-25-2006, 03:59 AM #17Web Hosting Master
- Join Date
- Dec 2004
- Location
- Butler,TN
- Posts
- 2,416
Hi!
Yes..this is virtuozzo he has here. A host has many options to enable the defaults or all the modules globally...or on a per-vps basis. I *think* the default loads all the modules on the hardware node....I can't say for sure about virtuozzo.
In case you are curious, the list looks like this:
ip_conntrack
ip_conntrack_ftp
ip_conntrack_irc
ipt_LOG
ipt-conntrack
ipt_helper
ipt_state
iptable_nat
ip_nat_ftp
ip_nat_irc
ipt_TOS
per the openvz manual. It depends on the kernel...more are added from time to time that may not be in the manual.
BryonLast edited by bryonhost1; 09-25-2006 at 04:05 AM.
Bryon L Harvey
Soil Relocation Engineer