Results 1 to 12 of 12
  1. #1
    Join Date
    Nov 2006
    Location
    England, UK
    Posts
    21

    which firewall for plesk vps? apf help?

    Hi,

    Which firewall do you guys/gals recommend for a linux rhel4 plesk vps.

    The reason i am asking is because i have been trying to get apf running, but its not quite there.

    When its enabled, i lose the ability to open the server , domain sections in the plesk control panel.
    The default web page comes up ok, and i am able to ssh in.

    I already have the various recommended ports set up in the apf.conf file.

    # Common ingress (inbound) TCP ports
    IG_TCP_CPORTS="20,21,25,53,80,110,143,443,465,993,995,8443"

    # Common ingress (inbound) UDP ports
    IG_UDP_CPORTS="37,53,873"

    # Egress filtering [0 = Disabled / 1 = Enabled]
    EGF="1"
    EG_TCP_CPORTS="20,21,25,53,37,43,80,113,443,465,873"
    EG_UDP_CPORTS="53,873"
    # Common egress (outbound) TCP ports
    #EG_TCP_CPORTS="21,25,80,443,43"
    # Common egress (outbound) UDP ports
    EG_UDP_CPORTS="53,873"

    The only message i get when starting apf is:

    [root@***** apf]# ./apf -r
    iptables: No chain/target/match by that name
    iptables: No chain/target/match by that name
    iptables: No chain/target/match by that name
    iptables: No chain/target/match by that name
    [root@***** apf]#


    Any help would be appreciated, especially from anyone who has setup a firewall within their plesk vps.

    Thanks,

    Av

  2. #2
    Join Date
    Sep 2006
    Location
    Sheffield, UK
    Posts
    119
    iirc there have been a couple of threads on various forums about this, and none of them managed to get APF working on a VPS. It was something to do with the kernal not being compatible, and not being able to edit it because it's a VPS. I've since removed it from mine as well, and just use the IP Tables to manage the firewall.

  3. #3
    Quote Originally Posted by jaiweb
    Hi,

    Which firewall do you guys/gals recommend for a linux rhel4 plesk vps.

    The reason i am asking is because i have been trying to get apf running, but its not quite there.

    When its enabled, i lose the ability to open the server , domain sections in the plesk control panel.
    The default web page comes up ok, and i am able to ssh in.

    I already have the various recommended ports set up in the apf.conf file.

    # Common ingress (inbound) TCP ports
    IG_TCP_CPORTS="20,21,25,53,80,110,143,443,465,993,995,8443"

    # Common ingress (inbound) UDP ports
    IG_UDP_CPORTS="37,53,873"

    # Egress filtering [0 = Disabled / 1 = Enabled]
    EGF="1"
    EG_TCP_CPORTS="20,21,25,53,37,43,80,113,443,465,873"
    EG_UDP_CPORTS="53,873"
    # Common egress (outbound) TCP ports
    #EG_TCP_CPORTS="21,25,80,443,43"
    # Common egress (outbound) UDP ports
    EG_UDP_CPORTS="53,873"

    The only message i get when starting apf is:

    [root@***** apf]# ./apf -r
    iptables: No chain/target/match by that name
    iptables: No chain/target/match by that name
    iptables: No chain/target/match by that name
    iptables: No chain/target/match by that name
    [root@***** apf]#


    Any help would be appreciated, especially from anyone who has setup a firewall within their plesk vps.

    Thanks,

    Av
    The best selection would be APF, and working vps with a APF Firewall is certainly possible.

  4. #4
    Join Date
    Dec 2005
    Location
    Internet
    Posts
    1,337
    couldn't say that this will help, can you please restart the iptables service and try the same again?

  5. #5
    Join Date
    Nov 2006
    Location
    England, UK
    Posts
    21
    I guess no one that has apf running within plesk vps has replied yet...

    Matt, with the iptables option, i presume you put each entry into the plesk control panel in the firewall, iptables section ( when i find it again ? )
    What about BFD, will that work ok without apf? I'll see what i can find in the faq/notes. I also came across many forums talking about apf, but nothing really specific with plesk vps?

    Hosting advisor, thanks for your input, that apf will work with vps....

    linuxcares... i restarted the iptables, i did /sbin/service iptables restart.

    upon restarting apf, still get

    iptables: No chain/target/match by that name
    iptables: No chain/target/match by that name
    iptables: No chain/target/match by that name
    iptables: No chain/target/match by that name

    As it appears 4 times, must be 4 items that it can't match???

    Maybe i'll start another thread, what firewall with plesk vps?

    Regards,
    Av

  6. #6
    Join Date
    Oct 2003
    Location
    Chicago, IL
    Posts
    654
    What VPS software is your host using? If it is Virtuozzo, ask your host to make sure that all of the needed iptables modules are enabled for your VPS.
    Zac Cogswell
    WiredTree Fully Managed VPS and Dedicated Hosting | Average Helpdesk Response <15 Minutes, 24x7 Instant Phone Support
    Follow us on Twitter: @WiredTree | Like us on Facebook: facebook.com/WiredTree
    zac @ wiredtree.com | toll-free: 1.866.523.8733 local: +1.312.447.0510

  7. #7
    Join Date
    Sep 2006
    Location
    Sheffield, UK
    Posts
    119
    Quote Originally Posted by jaiweb
    I guess no one that has apf running within plesk vps has replied yet...

    Matt, with the iptables option, i presume you put each entry into the plesk control panel in the firewall, iptables section ( when i find it again ? )
    What about BFD, will that work ok without apf? I'll see what i can find in the faq/notes. I also came across many forums talking about apf, but nothing really specific with plesk vps?
    Jaiweb, I was manually blocking all TCP/UDP traffic for the specific IP address by using:

    iptables -A INPUT -p udp -s <IP ADDRESS> -j DROP

    and then doing the same for TCP.

    I've got BFD working by changing the executed command in the config to add the IP Address of the offending attacker to the hosts.deny file, which stops the attack immidiately.

    /usr/local/bfd/conf.bfd
    Code:
    BCMD="echo ALL:$ATT_HOST >> /etc/hosts.deny"

  8. #8
    Join Date
    Nov 2006
    Location
    England, UK
    Posts
    21
    Hi Matt,

    Thanks for that.

    So I have to decide which IP's to block, and then add them individually?

    When SSH was on the standard port, there was a lot of login attempts from a few IP's, so i guess i just block them individually.

    However this could get quite tedious, if there were many many ip addresses.

    Thanks for that entry for the bfd? I'll try that straight away.

    Regards,

    Av

  9. #9
    Join Date
    Sep 2006
    Location
    Sheffield, UK
    Posts
    119
    I still get quite a lot of BF attampts, but BFD is running ever 4 minutes, so they get caught quite quickly.

    BFD checks the secure log, and looks for a certain number of failed attampts in a certain time span, and automatically adds the offending IP address to the hosts.deny file.

    There is a line in conf.bfd which sets which command is run. By default it's the APF command, but you can change this to the hosts.deny one.

    Code:
    [[email protected] ioncube]# vim /usr/local/bfd/conf.bfd
    Required Line in conf file:
    Code:
    # Pass $ATT_HOST to firewall or other application/facility (tcpwrappers)
    # i.e: BCMD="echo ALL:$ATT_HOST >> /etc/hosts.deny"
    BCMD="echo ALL:$ATT_HOST >> /etc/hosts.deny"
    Just make sure this reflects the above, and it will be done automatically for you.

    Hope this helps.

    Matt

  10. #10
    Join Date
    Jun 2006
    Location
    Colorado
    Posts
    54
    I followed this how-to: http://www.webhostgear.com/61.html

    and with these suggestions

    To get APF working in your VPS please switch SET_MONOKERN option from "0" to "1" and change IFACE_IN and IFACE_OUT from "eth0" to "venet0". After that you should be able to start APF.
    from my host http://www.knownhost.com

  11. #11
    Join Date
    Nov 2006
    Location
    England, UK
    Posts
    21
    hi,

    thanks for your suggestion.

    I have followed the suggestion on webhostgear and a couple of other guides too.

    As i mentioned i get:
    iptables: No chain/target/match by that name ..........4X when i start it.

    I already have the ethernet interface set correctly, otherwise it would throw up an error about unknown interface at an earlier stage.

    Checked monokern already set to 1.

    It might just be a plesk / virtuozzo limitation?

    I would like to hear from anyone who has a plesk linux vps setup with apf, working fine?

    Regards,
    Av

  12. #12
    Join Date
    Jun 2006
    Location
    Colorado
    Posts
    54
    Quote Originally Posted by jaiweb
    hi,

    It might just be a plesk / virtuozzo limitation?

    I would like to hear from anyone who has a plesk linux vps setup with apf, working fine?

    Regards,
    Av
    I'm running plesk / vituozzo, and it is working fine

    Did you see this?
    http://www.faqs.org/docs/iptables/commonproblems.html

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •