CentOS - Sep 2006 - CentOs 4.X and APF firewall issues

Hi,

 

We have 7 Dell 2850 servers with dual xeon 3 gig processors running the APF
firewall version 0.9.6  http://rfxnetworks.com/apf.php

 

They run fine for a day or two, then suddenly lock out all incoming
connections, other than the backend IP, sometimes restarting the firewall
resolves this, but occasionally we may have to leave it 10 mins or so before
restarting where it will actually allow connections again.

 

Has anyone had this issue themselves, or does anyone successfully running
Cent0s 4.X with the 2.6.9-42.0.2.ELsmp kernel have a sample
/etc/apf/config.apf I could take a look at?

 

Thanks in advance

 

Stephanie Royle. 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20060921/4dc9b985/attachment-0002.html>

I had this sort of thing happen almost two years ago on a 2650 with apf
(prior version).  We do have it runnning on a few Dell boxes (750, 1850, and
2650) with out an issues today and on version back.  I doubt it would be
kernel related.  What are the settings in your conf.apf?

Anything in the logs?  Some cron job firing off when it happens? Do you have
something feeding it a block list of sorts?
 What is the USE_AD=   setting set at?

Have you asked Ryan @ rfxnetworks?  I believe that is his name anyway.

Andrew

  -----Original Message-----
  From: centos-bounces at centos.org [mailto:centos-bounces at centos.org]On
Behalf Of Steph
  Sent: Thursday, September 21, 2006 1:04 PM
  To: centos at centos.org
  Subject: [CentOS] CentOs 4.X and APF firewall issues


  -->
  Hi,



  We have 7 Dell 2850 servers with dual xeon 3 gig processors running the
APF firewall version 0.9.6  http://rfxnetworks.com/apf.php



  They run fine for a day or two, then suddenly lock out all incoming
connections, other than the backend IP, sometimes restarting the firewall
resolves this, but occasionally we may have to leave it 10 mins or so before
restarting where it will actually allow connections again.



  Has anyone had this issue themselves, or does anyone successfully running
Cent0s 4.X with the 2.6.9-42.0.2.ELsmp kernel have a sample
/etc/apf/config.apf I could take a look at?



  Thanks in advance



  Stephanie Royle.






-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20060921/45667e24/attachment-0002.html>

On 9/21/06, Steph <stephanie.royle at lunarpages.com>
wrote:
> Hi,
>
> We have 7 Dell 2850 servers with dual xeon 3 gig processors running the APF
> firewall version 0.9.6  http://rfxnetworks.com/apf.php
>
> They run fine for a day or two, then suddenly lock out all incoming
> connections, other than the backend IP, sometimes restarting the firewall
> resolves this, but occasionally we may have to leave it 10 mins or so
before
> restarting where it will actually allow connections again.
>
Hi Stephanie,

I have had problems with apf, as noted in this thread about 5 months ago:
http://lists.centos.org/pipermail/centos/2006-May/064517.html

However, it would just lock out seemingly random connections for a
fairly short period, vs. the 10 min you are seeing.  I emailed
rfxnetworks, but never heard back. :-(  So, although I have
recommended APF numerous times on this list, I would now recommend
people probably consider another alternative.  I am currently "rolling
my own" iptables config... if people have a frontend package similar
to apf (but without these various "lock out" concerns), I would love
to hear any recommendations.

One thing I did to find useful in troubleshooting the apf issues I had
was to use tcpdump.  I used a command such as:

nohup tcpdump -p -i any -s 0 -w out_file.enc 'tcp[tcpflags] & tcp-syn
!= 0 and (port 80 or port 443)' &

I was seeing multiple TCP SYN packets come in from the same client
(with the same src/dest port numbers) and no response from my CentOS
box.  You can view the out_file.enc in something like Ethereal (now
Wireshark).  Because it only captures the SYN packets, you can leave
this running without worrying about filling up your hard drive.

Also, I should probably mentioned that I was working with a CentOS 3 box.

Let me know if you learn anything else.

Regards,
Kennedy

Hi I setup a ldap server with samba in centos 4.3 and I test it with windows
client (Win Xp) and the user that I created in the directory can logon in
windows, so in Centos 4,4 the user can not logon, My question: I need to
create the user in the ldap directory in the centos 4.4 computer too?

 

Regards

 

 

Jose Perales

 

Grid Systems

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20060926/795d6200/attachment-0001.html>

No,
You only need setup the correct objectClasses related to posixAccounts.
Set the attributes for these objectClasses and setup pam to handle
ldap. This could be done using authconfig ou manually changing
/etc/ldap.conf and /etc/pam.d/system-auth.
Remember to install the correct packages with this funcionalities,
such as nss_ldap.

On 9/27/06, Jose Perales @ Grid System <jose.perales at
gridsystems.com.ve> wrote:
>
>
>
>
> Hi I setup a ldap server with samba in centos 4.3 and I test it with
windows
> client (Win Xp) and the user that I created in the directory can logon in
> windows, so in Centos 4,4 the user can not logon, My question: I need to
> create the user in the ldap directory in the centos 4.4 computer too?
>
>
>
> Regards
>
>
>
>
>
> Jose Perales
>
>
>
> Grid Systems
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
>

-- 
***
Cleber P. de Souza