LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-17-2007, 07:26 AM   #1
TheRudy
Member
 
Registered: Jul 2004
Posts: 40

Rep: Reputation: 15
My APF is blocking users


Right, i tried to solve this on my own in last 2-3 days but its a real mistery to me!

The problem:
Problem is that for example you upload lots of files over FTP, let's say Joomla package, the uploading of files will stop after a while and freeze. During this freeze time, user is also unable to use mail, http,... services. In other words, he gets banned for some period of time.

I checked logs and everything that came to my mind and nothing! Nothing recorded about this nowhere! Just like nothing was happening.

How do i know its APF causing this problem? If i turn OFF APF firewall, there are absolutely NO problems at all.

Did i change something in APF config? No. Well dev mode is off and i added some ports that i need to be open. That's it.

Here's the config file, comments stripped.
Code:
#!/bin/sh
DEVEL_MODE="0"
INSTALL_PATH="/etc/apf"

IFACE_IN="eth0" 
IFACE_OUT="eth0"

IFACE_TRUSTED=""

SET_VNET="0"

SET_MONOKERN="1"

VF_LGATE=""

VF_ROUTE="1"

VF_CROND="1"

VF_UTIME="0" 

TCP_STOP="DROP"

UDP_STOP="DROP"

DSTOP="DROP"

PKT_SANITY="1"

PKT_SANITY_INV="0"

PKT_SANITY_FUDP="1"

PKT_SANITY_PZERO="1"

PKT_SANITY_STUFFED="0"

TOS_DEF_TOS="0"

TOS_DEF_RANGE="512:65535"

TOS_0=""

TOS_2=""

TOS_4=""

TOS_8=""

TOS_16=""

TCR_PASS="1"		TCR_PORTS="33434:33534"

ICMP_LIM="30/s"

RESV_DNS="1"

RESV_DNS_DROP="1"

BLK_P2P="1"
BLK_P2P_PORTS="1214,2323,4660_4678,6257,6699,6346,6347,6881_6889,6346,7778"

BLK_MCATNET="0"

BLK_PRVNET="0"

BLK_RESNET="0"

BLK_IDENT="0"

SYSCTL_CONNTRACK="34576"

SYSCTL_TCP="1"

SYSCTL_SYN="1"

SYSCTL_ROUTE="0"

SYSCTL_LOGMARTIANS="0"

SYSCTL_ECN="0"

SYSCTL_SYNCOOKIES="1"

SYSCTL_OVERFLOW="0"

CDPORTS="135_139,111,513,520,445,1433,1434,1234,1524,3127"

IG_TCP_CPORTS="21,22,25,53,80,443,110,143,2222,49152_65534"

IG_UDP_CPORTS="53"

IG_ICMP_TYPES="3,5,11,0,30,8"

EGF="1"

EG_TCP_CPORTS="21,22,25,53,80,443,43"

EG_UDP_CPORTS="21,53"

EG_ICMP_TYPES="all"

EG_TCP_UID=""

EG_UDP_UID=""

EG_DROP_CMD="eggdrop psybnc bitchx BitchX init udp.pl"

USE_DS="0"

DS_URL="feeds.dshield.org/top10-2.txt" 	     # block.txt url (no *://)
DS_URL_PROT="http"                           # protocol to use for wget

USE_RGT="0"

GA_URL="yourhost.com/glob_allow.rules"       # glob_allow.rules url (no *://)
GA_URL_PROT="http" 			     # protocol for use with wget

GD_URL="yourhost.com/glob_deny.rules"        # glob_deny.rules url (no *://)
GD_URL_PROT="http"			     # protocol for use with wget

USE_RD="1"

RD_URL_PROT="http"			     # protocol to use for wget
RD_URL="r-fx.ca/downloads/reserved.networks" # reserved.networks url

USE_AD="0"

LOG_DROP="0"

LOG_LEVEL="crit"

LOG_TARGET="LOG"

LOG_IA="1"

LOG_LGATE="0"

LOG_EXT="0"

LOG_RATE="30"

LOG_APF="/var/log/apf_log"

CNFINT="$INSTALL_PATH/internals/internals.conf"

. $CNFINT
Oh, i'm using debian.

Anyone knows what on earth is going on? I simply cannot find and solve what the problem is.
 
Old 01-17-2007, 12:13 PM   #2
osdeals
Member
 
Registered: Jul 2006
Distribution: RHEL, CentOS, PuppyLinux, SuSe, Ubuntu, Debian
Posts: 59

Rep: Reputation: 15
You might want to keep port 20 (FTP-DATA) open as well in APF. Passive mode transfers will try to use port 20.
 
Old 01-17-2007, 01:06 PM   #3
TheRudy
Member
 
Registered: Jul 2004
Posts: 40

Original Poster
Rep: Reputation: 15
Tried that, same thing..

Some guy just tried on fresh OS install with APF and he's getting the same problem with FTP.
 
Old 01-18-2007, 11:01 AM   #4
TheRudy
Member
 
Registered: Jul 2004
Posts: 40

Original Poster
Rep: Reputation: 15
Right, i gave up on APF..

Is there any other similar to APF firewall script that is easy to use?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking p2p to the users on my lan tomazN Linux - Networking 4 11-30-2005 06:28 AM
apf blocking ftp port 20 freebies Linux - Networking 1 05-08-2005 01:34 PM
APF blocking tracerts question htmlcoder Linux - Security 2 03-06-2005 09:36 AM
APF firewall binumvk Linux - Security 2 10-14-2004 05:12 AM
apf and nfs engnet Linux - Security 1 12-04-2003 12:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration