Has anyone gotten apf to actually work? I need to know the correct modules to have enabled, currently i have the following:
ipt_REJECT ipt_state ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip_tables ipt_LOG ip_conntrack ip_conntrack_irc ip_conntrack_ftp
anyone have any ideas?
Full Version: Apf
QUOTE (Gary Simat)
Has anyone gotten apf to actually work? I need to know the correct modules to have enabled, currently i have the following:
ipt_REJECT ipt_state ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip_tables ipt_LOG ip_conntrack ip_conntrack_irc ip_conntrack_ftp
anyone have any ideas?
ipt_REJECT ipt_state ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip_tables ipt_LOG ip_conntrack ip_conntrack_irc ip_conntrack_ftp
anyone have any ideas?
I actually got this to work with the above modules just needed to restart the virtuozzo service.
Do you still get some errors when starting APF with the above options enabled though?
If you get errors, you need to make sure that you change the network devices from eth0 to venet0 and also enable MONOKERN
Turns out the error was that the required iptables modules were enabled for the vps but not setup for the hardware node. Now all is well. Many thanks.
I tried getting APF to work with Virtuozzo some time ago, by and large it worked but there were some strange side-effects, for example with apf installed but configured to NOT filter egress (outgoing) traffic it would still prevent any outgoing traffic.
Have you tried to ssh out from the hardware node with APF installed?
Have you tried to ssh out from the hardware node with APF installed?
I can't answer this as I only have a VPS end user account (posted here when I was having the issue to try and snag the ear of the person who had solved it on their server above.) All I can say is that when the hardware node wasn't configured properly I had the symptom you describe above on my vz account for a year - I got a few iptables errors and no mail would leave the server (connection errors), whois from the command line wouldn't work, cpanel wouldn't connect with the licensing server. Most things worked, but these few did not. When I saw that SWSoft says APF is supported on their site, I asked ev1 to revisit the issue last week -- once they reconfigured the hardware node with the required iptables modules and rebooted the hardware node, everything is now working with apf - zero errors, and I can ssh out from the vps account, no problem with cpanel licensing, command line whois works, etc. So at last I'm happy with APF on my VPS. It's running great! I'd give it another try if I were you.
I did and still have same issue.
No problem with modules, all required are there.
Don't get the point of restarting vz after apf. Apf is restarted regularly, for example whenever you add undesirables to /etc/apf/deny.apf so it would be unfeasable to reboot 20-30 VE's on a VPS.
But maybe I misunderstood something
No problem with modules, all required are there.
Don't get the point of restarting vz after apf. Apf is restarted regularly, for example whenever you add undesirables to /etc/apf/deny.apf so it would be unfeasable to reboot 20-30 VE's on a VPS.
But maybe I misunderstood something
I pushed swsoft a little and they have now made a FAQ entry for installing APF on Virtuozzo - on the hardware node as well as in VE's:
http://faq.swsoft.com/article_130_875_en.html
http://faq.swsoft.com/article_130_875_en.html
has anyone been able to get APF to work under FreeBsd?
FreeBSD in a VE or a standard FreeBSD server?
Both. Ive been getting comfortable with FreeBSD since it seem more secure than a LOT of linux distros out of the box. As a result, Ive also been looking at how the tools I use will work out under that OS for my clients
Ive been looking at going straigtht FreeBSD and using FreeBSD jail or trying to get the FreeBSD template working under Virtuozzo but want to makes sure I can get everything i need working before i go nuts trying to figure it all out
Ive been looking at going straigtht FreeBSD and using FreeBSD jail or trying to get the FreeBSD template working under Virtuozzo but want to makes sure I can get everything i need working before i go nuts trying to figure it all out
Actually AFAIK you can only have Linux VE's under Virtuozzo so I guess it's a moot point. Perhaps ask over in the FreeBSD forum.
Following the Swsoft FAQ entry made it quite easy for me to setup apf in a Linux VE. I've now got it working with BFD as good as on a standalone server.
Following the Swsoft FAQ entry made it quite easy for me to setup apf in a Linux VE. I've now got it working with BFD as good as on a standalone server.
Actually, with 2.5 you can have a FreeBSd VPS.
It may not matter since it's starting to look like APF wont work on FreeBSD without Linux emulation and its just not a good idea to run a firewall like that. So that ends that idea.
It may not matter since it's starting to look like APF wont work on FreeBSD without Linux emulation and its just not a good idea to run a firewall like that. So that ends that idea.
FreeBSD on Virtuozzo? Where have you got that from?
from swsoft http://www.swsoft.com/en/news/id,1503
New features of Virtuozzo include:
* Improved ‘smart migration’ of VEs (drag and drop) between physical servers with only a few seconds of planned system downtime. Large VEs can now be moved as quickly as small VEs.
* OS template support for Linux (Red Hat 7.1, 7.2, 7.3, SuSE, Debian), FreeBSD
* Performance enhancements: 64GB of memory and 16 CPUs per VE, new support for Intel Hyper-Threading Technology
* 2-level disk quotas – Can manage disk quotas for each VE and setup quotas per user inside a VE
* Improved journaling filesystem support (ext3 and ReiserFS) in addition to ext2
* VzAgent – open and well documented XML-based API
New features of Virtuozzo include:
* Improved ‘smart migration’ of VEs (drag and drop) between physical servers with only a few seconds of planned system downtime. Large VEs can now be moved as quickly as small VEs.
* OS template support for Linux (Red Hat 7.1, 7.2, 7.3, SuSE, Debian), FreeBSD
* Performance enhancements: 64GB of memory and 16 CPUs per VE, new support for Intel Hyper-Threading Technology
* 2-level disk quotas – Can manage disk quotas for each VE and setup quotas per user inside a VE
* Improved journaling filesystem support (ext3 and ReiserFS) in addition to ext2
* VzAgent – open and well documented XML-based API
That's an old press release from 2002. Try finding any newer information. There were no freebsd templates last I updated Virtuozzo and the only reference I can find at swsoft's forum is that freebsd support currently is frozen.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.