View Full Version : APF not functioning
OffbeatAdam
02-19-2007, 07:47 AM
I have installed interworx, and I'm in the panel just fine... however, this is because there is no firewall currently operating, and iptables has an open rules list.
In attempting to start APF, interworx does not start it (although it says it starts successfully).
I tried it from ssh, and found that it was having an issue with the configuraiton, specifically at CNF_FUNC="$FWPATH/internals/functions.apf", this was being interpreted as /internals/functions.apf, so for whatever reason the $FWPATH variable is getting destroyed before that.
There are quite a few spots where this occurs.
When I attempt to fix this by just simply setting a global path variable, I get a whole junkload of errors, and the firewall blocks all access (literally).
Any ideas?
pascal
02-19-2007, 07:53 AM
Config file of Apf is in /etc/apf/conf.apf
Take a look in it
Also try :
service apf start
And see the result
Pascal
OffbeatAdam
02-19-2007, 07:55 AM
Config file of Apf is in /etc/apf/conf.apf
Take a look in it
Also try :
service apf start
And see the result
Pascal
I've configured APF before so I know that, and I've tried starting it on its own and going through the configuration file for the errors...
I've even restored it to the RPM defaults (which are included with the iworx rpm, they looked identical).
So... flat apf, straight from iworx, still not starting :O
IWorx-Socheat
02-19-2007, 07:59 AM
A few questions:
1.) Are you on a VPS?
2.) Do you get any error messages on the console when restarting APF? Be sure to put APF in debug mode when you do restart.
3.) Do you have SELinux disabled?
Socheat
OffbeatAdam
02-19-2007, 08:04 AM
A few questions:
1.) Are you on a VPS?
2.) Do you get any error messages on the console when restarting APF? Be sure to put APF in debug mode when you do restart.
3.) Do you have SELinux disabled?
Socheat
1) No
2) Yea, I stated them above.
3) Not sure, but no? I havent disabled it, and I wasnt aware I even had it installed. So, unless it requires me to explicitly enable it, I haven't touched it.
OffbeatAdam
02-19-2007, 08:05 AM
After giving static paths to the errored line (makign it /etc/apf/internals/functions.apf) i get:
/etc/apf/internals/functions.apf: line 27: $IPTLOG: ambiguous redirect
/etc/apf/internals/functions.apf: line 27: $IPTLOG: ambiguous redirect
/etc/apf/internals/functions.apf: line 27: $IPTLOG: ambiguous redirect
/usr/local/sbin/apf: line 65: /vnet/vnetgen: No such file or directory
/usr/local/sbin/apf: line 67: /firewall: No such file or directory
/etc/apf/internals/functions.apf: line 27: $IPTLOG: ambiguous redirect
IWorx-Socheat
02-19-2007, 08:26 AM
Open a ticket, you've got me really curious now. :) We'll need your root login information.
Socheat
OffbeatAdam
02-19-2007, 08:30 AM
Created. :) I've also left the config files alone, however, you might be wary of starting APF successfully.. I've done it twice now and I've had to VPN in and fix it. I may be going to sleep soon :)
IWorx-Socheat
02-19-2007, 09:06 AM
This issue was resolved. The problem was that OffbeatAdam had his public interface on eth1, and APF, by default, only allows traffic on one interface. There's a trusted interface directive, TIF="", a few lines down that needed to be set to eth1. I force re-installed the InterWorx APF RPM, set TIF="eth1", and then APF started up without problems.
Socheat
vBulletin® v3.7.2, Copyright ©2000-2008, Jelsoft Enterprises Ltd.