Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-09-2010, 12:34 AM   #1
LQ Newbie
Registered: Sep 2010
Posts: 4

Rep: Reputation: 0
huge problem with apf and csf on ubuntu 10.04

Hi List.
I have huge problem with above firewalls scripts and can't find solutions.
I use apf on few ubuntu 9.X servers with standard configuration. Port 80,25,110,587 is open. I also open all ports for my company's IP.
I did the same on ubuntu 10.04 but server is not accessible for anyone except me. I've checked conf.apf several time, I've also download conf.apf from ubuntu 9.X server and got the same situation.

After several days of trying I've decided to use another script - csf.
CSF seemed to work ok except one strange behavior. Every morning I can't access my server from dynamic IP at my home. Last login to pop3 at 23:30 with ip 95.49.X.X. Next day I have still the same IP but can't access any port. I've greped logs and iptable -L -v and found nothing.

Any hint? This is very annoying!
Old 09-10-2010, 05:22 AM   #2
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
It looks like both programs use iptables and running iptables -L, assuming you ran as sudo, should tell you if iptables is responsible for the problem. Have you tried running a traceroute to see where the connection stops? Are you going through any other switches or routers that could possibly be the problem?

What action do you take to rectify the situation? Does it require a reboot?

When you say "not accessible" what do you mean by this? Is it totally not accessible or just SSH? If it is just ssh, make sure you don't have a funky configuration like binding to the wrong IP address. If it is totally not accessible, you may have a DNS problem. Make sure that you are resolving to the correct IP address and try pinging the server. Note, iptables may block this and you may need to enable the ICMP traffic.

Are you running any other sort of security application like fail2ban, denyhosts, ossec, etc that could be temporarily or permanently locking you out inadvertently?

If you do an iptables flush (ipables -F) to temporarily clear all blocking, are you then able to connect? If you haven't tried this you may want to consider it. The ports in Linux will be closed unless an application opens them so the 'risk' associated with running iptables tables bypassed for a short period of time should be minimal. This would at least rule out whether or not the firewall is the problem.

Also try this: in the failed state, run a netstat and ps command and filter for the ports that should be open and the applications that should be listening and make sure that they are.

Last edited by Noway2; 09-10-2010 at 05:23 AM. Reason: Another question


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Huge problem with my computer not wanting to do live boots with ubuntu 9.10 noncomputergeek Linux - Laptop and Netbook 10 08-09-2010 09:14 PM
Problem with ip_recent iptable on CSF firewall centosfan Linux - Server 1 02-10-2010 07:29 AM
Huge Huge Problem With Forums!!! The_Insomniac Linux - General 1 06-07-2004 08:15 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:38 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration