Results 1 to 11 of 11

Thread: apf issue

  1. #1
    Join Date
    Nov 2006
    Posts
    74

    apf issue

    service apf restart

    Stopping APF: [ OK ]
    Starting APF:Unable to load iptables module (ipt_state), aborting.
    [ OK ]

    How do I fix this?

    rpm -qa | grep iptables
    iptables-1.2.11-3.1.RHEL4

  2. #2
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    Hi,

    What is the kernel running in the server? I guess you are running a 2.6.17 kernel. Then do this.

    ---
    Edit file
    Code:
    pico -w /etc/apf/internals/functions.apf


    Search for line
    Code:
    ml ipt_state 1


    Change it to
    Code:
    ml xt_state
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  3. #3
    Join Date
    Nov 2006
    Posts
    74
    2.6.18 #1 SMP

    I did as you said, same problem

    service apf restart
    Stopping APF: [ OK ]
    Starting APF:Unable to load iptables module (ipt_multiport), aborting.
    [ OK ]

  4. #4
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,080
    Try turning monolithic mode on in the conf.apf, depending on how it was compile the modules may be statically compiled in.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  5. #5
    Join Date
    Nov 2006
    Posts
    74
    That worked eth00 thanks.

  6. #6
    Join Date
    Oct 2003
    Location
    Hanoi
    Posts
    4,306
    turning monolithic mode on might bring trouble with passive ftp mode. You should leave it off. And replace

    ml ipt_multiport 1

    by

    ml xt_multiport

  7. #7
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    Quote Originally Posted by Zion Ahead
    2.6.18 #1 SMP

    I did as you said, same problem

    service apf restart
    Stopping APF: [ OK ]
    Starting APF:Unable to load iptables module (ipt_multiport), aborting.
    [ OK ]
    Yep, I too suggest you to turn off monolithic mode. Earlier your error message was with loading ipt_state, and thats why I asked you to change ipt_state, to xt_state.
    Now the error is with multiport module and you can fix this with changing the ipt_multiport to xt_multiport in the /etc/apf/internals/functions.apf file.
    I hope this will help.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  8. #8
    Join Date
    Nov 2006
    Posts
    74
    Quote Originally Posted by gate2vn
    turning monolithic mode on might bring trouble with passive ftp mode. You should leave it off. And replace

    ml ipt_multiport 1

    by

    ml xt_multiport
    ml ipt_multiport 1 was not found in conf.apf

    Where is this?

  9. #9
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    It is inside
    /etc/apf/internals/functions.apf
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  10. #10
    Join Date
    Nov 2006
    Posts
    74
    Thank you. Maybe you can help on this related problem as well. Anytime I do anything that involves dns, the process is several minutes slow including account creation, delete, edit dns, etc

    In dns cluster I see this:

    HTTP/1.0 900 NET OR SSL ERROR ./cgi/clusterstatus.cgi 27007: open_tcp_connection: failed `xxx.xxx.96.4', 2087 (Connection timed out)


    Not sure why. How would I correct that? I have APF / BFD installed on that server its trying to connect to

    Please help me out.

    Logs show this:

    error_loginternal error) Unable to add the zone new.com on the remote server [xxx.xxx.69.9] (Connection Timed Out)


    I don't understand. APF settings below:

    # Common ingress (inbound) TCP ports
    IG_TCP_CPORTS="20,21,25,26,53,80,110,143,443,465,993,995,2083,2087,2096,10000,35000_35999"

    # Common ingress (inbound) UDP ports
    IG_UDP_CPORTS="20,21,53,1040"

    # Common ICMP (inbound) types
    # 'internals/icmp.types' for type definition; 'all' is wildcard for any
    IG_ICMP_TYPES="3,5,11,0,30,8"


    # Egress filtering [0 = Disabled / 1 = Enabled]
    EGF="0"

    # Common egress (outbound) TCP ports
    EG_TCP_CPORTS="20,21,22,25,26,37,43,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2089,2095,2096,10000,35000_35999"

    # Common egress (outbound) UDP ports
    EG_UDP_CPORTS="20,21,37,53,123,1040"

    # Common ICMP egress (outbound) types
    # 'internals/icmp.types' for type definition; 'all' is wildcard for any
    EG_ICMP_TYPES="all"

  11. #11
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    It works when apf is turned off? Have you enabled Egress filtering?
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •