Results 1 to 4 of 4
  1. #1
    Join Date
    Apr 2006
    Posts
    503

    Another good firewall ? (already tried APF)

    Im using APF and CSF in some cpanel and ensim server, however.. in RHEL 3 & 4 servers APF is causing lot of troubles with proftpd connections... and now with SSL certificated sites... My question is..

    Do you know another good firewall for plain redhat servers ?

    Thanks.

  2. #2
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    To resolve the issue with APF and proftpd connections, you can try the same fix that works with CSF. Simply open up that gigantic hole in the firewall.
    Unfortunately, this is a problem with software not following standards rules (ie: restricting connections to a certain port).

    Alternatively, you can use SFTP (ftp over ssh2) which should solve that issue as well.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,290
    Are you using apf in a monolithic mode? If so there is your problem. In a real world situation with conntrack_ftp the system should open the ports for ftp as needed.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  4. #4
    Join Date
    Apr 2006
    Posts
    503
    In APF I already opened the TOS range for 45000:50000 for example (having 5000 ports only for ftp daemon), then also opened those in the ingress rules.. and still having the same issue... This problem happens even if I use proftp in the standart port or in a different one.

    Also.. I dont have monolitic mode on, SET_MONOKERN="0" .

    Anyway, do you know another good firewall for Ensim and Plain RedHat servers ?

    Thank you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •