Results 1 to 17 of 17
  1. #1
    Join Date
    Jul 2006
    Posts
    1,080

    APF Firewall problems on my VPS

    Hi guys

    Ive recently installed APF following a guide

    But i cannot start the firewall i get this:


    root@jupiter [~/apf-0.9.6-1]# /usr/local/sbin/apf -s
    eth0: error fetching interface information: Device not found
    eth0: error fetching interface information: Device not found
    eth0: error fetching interface information: Device not found
    Development mode enabled!; firewall will flush every 5 minutes.
    Unable to load iptables module (ip_tables), aborting.

    anyone know why i get this?

    Thanks for any help in advance

  2. #2
    Join Date
    Jul 2006
    Posts
    1,080
    Found the problem

    But i dont know how to unistall the Virtuozzo Power Panels Firewall

  3. #3
    Join Date
    Feb 2006
    Posts
    665
    http://www.futurehosting.com
    Managed, Unmanaged VPS, Dedicated Servers, CDN
    Available locations: Australia, Amsterdam, Detroit, London, Santa Clara, Miami

  4. #4
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,710
    You need to configure APF for your VPS.

    Attached is a /etc/apf/conf.apf that I use.

    Once you have implemented it and started APF with success (all services still function), you can run the following commands to disable devel mode:

    Code:
    sed -i -e 's/^DEVEL.*/DEVEL_MODE=\"0\"/1' /etc/apf/conf.apf
    apf -r
    Attached Files Attached Files
    MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
    The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business

  5. #5
    Join Date
    Dec 2004
    Location
    Butler,TN
    Posts
    2,416
    Hi!
    If none of this helps...I would ask your host what iptables have been enabled...while it is true most have *some* modules enabled...not all are enabled by default...they have to be enabled either globally or a per-vps basis.

    Bryon
    Bryon L Harvey
    Soil Relocation Engineer

  6. #6
    Join Date
    Jul 2006
    Posts
    1,080
    Apparently other VPS's are already running APF

    I did basic configuring of the firewall tryed to start it and it failed

  7. #7
    Join Date
    Dec 2004
    Location
    Butler,TN
    Posts
    2,416
    Hi!
    Have you done the goold ole:

    cat /proc/user_beancounters to see if you are hitting the wall on some resources..and that is why it is failing?

    Ah! I know! It has a log file...look at the log file and see why it won't start.

    I've never played with apf on a vps. Blah. I need a break. I'll take a stab at it.

    Bryon
    Bryon L Harvey
    Soil Relocation Engineer

  8. #8
    Join Date
    Jul 2006
    Posts
    1,080
    If anyone could provide how to unistall and an updated install it would be much appreciated

    I think the old install i followed mighta been wrong also i dunno

  9. #9
    Join Date
    Dec 2004
    Location
    Butler,TN
    Posts
    2,416
    Hi!
    Uninstalling it is quite easy...I'll find the instructions in a sec.

    Now...the mere presence of a control panel may cause problems as well. If you have Cpanel..there are cpanel-specific instructions available on webhostgear.com.

    Ok...my experience just now did not go well. In fact..I learned that HSP complete already had a "security" module running...which was using ip tables..hence...the apf install did not go well. Sadly...I'm downloading a manual to see what this module does...if I want to keep it..or get rid of it. removing apf is simple:


    chkconfig --del apf
    rm /etc/init.d/apf /etc/cron.d/fw
    rm -rf /etc/apf


    I think you have power panel..which is similar...I would look for a "security" module..much like the one I have. Blah...I'm getting rid of mr. security module anyways.
    Last edited by bryonhost1; 09-23-2006 at 05:45 PM.
    Bryon L Harvey
    Soil Relocation Engineer

  10. #10
    Join Date
    Dec 2004
    Location
    Butler,TN
    Posts
    2,416
    Hi!
    COrrection to my post..there is no security module...I'm not sure what I was looking at..and..even odder..I can't find it now. Nevertheless..the problem at hand is this: Iptables is getting rules from somewhere...and these rules are interfering with apf's operation. In fact..my screen looked exactly like yours...so I'm willing to bet your problem is almost the same.

    I will look at the manual...perhaps iptables module needs to be removed altogether...I just don't know. As I said...this is one facet I had not felt moved to investigate. However...I'm willing to bet if I disabled iptables or removed it altogether...apf would work fine.

    Bryon
    Bryon L Harvey
    Soil Relocation Engineer

  11. #11
    Join Date
    Dec 2004
    Location
    Butler,TN
    Posts
    2,416
    Hi!
    How is it going with your situation? I found the "security" module after all...it waqsn't in services...but in "Applications"...and I tried stopping iptables..and starting apf...that didn't work. I have uninstalled "security" module...and will reboot the vps right now. I will then see if apf can start correctly. Woo!

    >>Well...that didn't work either. I'm turning iptables back on and going ta bed. zzzz.

    It should also be pointed out that a vps that comes with HSP complete brings more to the table than the plain-jane virtuozzo or openvz install.
    A mail server is ready to go...which I do not think is available with a normal virtuozzo install..but I could be wrong.

    Bryon
    Last edited by bryonhost1; 09-23-2006 at 11:47 PM.
    Bryon L Harvey
    Soil Relocation Engineer

  12. #12
    Join Date
    Jul 2006
    Posts
    1,080
    Cant remove APF to try again


    root@jupiter [~]# chkconfig --del apf
    root@jupiter [~]# rm /etc/init.d/apf /etc/cron.d/fw
    rm: remove regular file `/etc/init.d/apf'?
    rm: cannot lstat `/etc/cron.d/fw': No such file or directory

  13. #13
    Join Date
    Dec 2004
    Location
    Butler,TN
    Posts
    2,416
    Hi!
    Oh..that's fine...mine said that too. It's gone...the system is just telling you it can't remove a file or directory that does not exist.

    I went ahead and put my "security" module back as well..to manage iptables. It seems to work fine...so I'm going to stop here...I need to get back to other things.
    If you really want to continue...I would recommend putting in a ticket with your host..and explain exactly what you want to do...and they may be able to provide a workaround.

    Bryon
    Bryon L Harvey
    Soil Relocation Engineer

  14. #14
    Well back to your original problem, you had the interface wrong. It needed to be venet0 instead of eth0.

    Best of luck,
    Alex

  15. #15
    Join Date
    Jul 2006
    Posts
    1,080
    Ok guys ive made the changes to venet0

    now ive got this:
    Note: These ports are not auto-configured; they are simply presented for infor mation purposes. You must manually configure all port options.
    root@jupiter2 [/etc/apf]# f-0.9.6-1]#
    root@jupiter2 [/etc/apf]# f-0.9.6-1]# cd /etc/apf
    root@jupiter2 [/etc/apf]# pico -w conf.apf
    root@jupiter2 [/etc/apf]# service apf start
    Starting APFevelopment mode enabled!; firewall will flush every 5 minutes.
    Unable to load iptables module (ip_tables), aborting.

    Still got development mode on as im still testing

  16. #16
    Join Date
    May 2006
    Location
    Shanghai,China
    Posts
    247
    Is Virtuozoo's Linux VPS support iptables well ?
    My Personal Sites:Oh !!!MIYU-GのDAYs
    http://www.1221.in
    MY LIFE IS COOL,SO IS MY VPS I WILL TELL YOU MORE ABOUT VPS

  17. #17
    Join Date
    Dec 2004
    Location
    Butler,TN
    Posts
    2,416
    Hi!
    Yes..this is virtuozzo he has here. A host has many options to enable the defaults or all the modules globally...or on a per-vps basis. I *think* the default loads all the modules on the hardware node....I can't say for sure about virtuozzo.

    In case you are curious, the list looks like this:

    ip_conntrack
    ip_conntrack_ftp
    ip_conntrack_irc
    ipt_LOG
    ipt-conntrack
    ipt_helper
    ipt_state
    iptable_nat
    ip_nat_ftp
    ip_nat_irc
    ipt_TOS

    per the openvz manual. It depends on the kernel...more are added from time to time that may not be in the manual.


    Bryon
    Last edited by bryonhost1; 09-25-2006 at 04:05 AM.
    Bryon L Harvey
    Soil Relocation Engineer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •