APF Firewall :: Eth1 Instead Of Eth0

Dec 23, 2007

If i have 2 NIC on my server 1 for private and 1 for public

if the public is eth1 than in the config of APF

IFACE_IN="eth1"
IFACE_OUT="eth1"

I should set it to eth1 instead of eth0

is that correct?

thanks

View 4 Replies


ADVERTISEMENT

Firewall Blocks Server (or Eth0) Itself

Jun 1, 2007

I just uninstall apf and install csf firewall on 4 servers

There is a problem after that. 2 of the server actually was OFFLINE by 12 midnight sharp yesterday night. This is the second time (second day) it happens.
I went into the datacenter and

#ping yahoo.com
*Host not found*

#service csf stop
#ping yahoo.com
*Responding*

So how is this related to eth0 making my server offline by itself? Was it Iptable problem or Csf problem? or Kernel problem?

View 7 Replies View Related

Eth1 For Local IP

May 1, 2009

I have problem on eth1 for local IP. Eth0 is public IP behind Firewall, and eth1 is local IP for backup and for database. Every time eth1 is on, eth0 cannot be reached by ssh and http, although still can be pinged. Eth1 is also IPMI BMC port, and automatically got IP from DHCP LAN for web-based IPMI access, and the IPMI cannot be turned off. Motherboard is Tyan B7002.

View 2 Replies View Related

Using Eth1 For Internal Communication

Mar 15, 2007

In a linux webserver how can you setup two servers to communicate via eth1 rather than eth0. We wish to use eth1 for internal communication between our public webserver and our database server. So that we do not incurr charges on the public switch.

How can we do this?

View 1 Replies View Related

SIOCGMIIPHY On 'eth1' Failed: Resource Temporarily Unavailable

Nov 30, 2008

One particular server I have out of a few (same data center / network) is acting up network wise. The server load is minimal, so its not that. The NOC confirmed no network issues either, which makes sense since its one server out of about 4 that have this issue. All have the same exact specs, o/s, Cpanel, etc.

root@server [/etc]# mii-tool
eth0: negotiated 100baseTx-FD, link ok
SIOCGMIIPHY on 'eth1' failed: Resource temporarily unavailable

Tracert/ping from dnsstuff.com to the server IP is normal. A couple other servers I lease (100% identical configuration) work just fine.Kernel
Linux 2.6.9-78.0.1.ELsmp #1 SMPFirewall
Quote:

TCP IN
20,21,25,26,53,80,110,143,443,465,953,993,995,2077,2078,2083,2087,2095,2096,3306
TCP OUT
20,21,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703,3306
UDP IN
20,21,53,953
UDP OUT
20,21,53,113,123,873,953,6277Confirmed, resolvers in resolv.conf are correct.
ICMP IN = 1

root@server [~]# traceroute dnsstuff.com
traceroute to dnsstuff.com (75.125.82.162), 30 hops max, 38 byte packets
1 xxxxxx (xxxxxx) 0.757 ms 0.507 ms 0.503 ms
2 ge2-11.coreswa.cf.teamnet.net (xxx.xxx.6.57) 0.325 ms 0.321 ms 0.290 ms
3 ge0-1.border2.cf.teamnet.net (xxx.xxx.1.130) 0.270 ms 0.359 ms 0.312 ms
4 border1.p6-3.teamtech-8.ext1.dal.pnap.net (216.52.189.157) 18.190 ms 18.059 ms 18.896 ms
5 core3.tge5-2-bbnet2.ext1.dal.pnap.net (216.52.191.98) 108.819 ms 18.796 ms 18.916 ms
6 207.88.185.73.ptr.us.xo.net (207.88.185.73) 18.548 ms 18.495 ms 18.464 ms
7 65.106.4.233.ptr.us.xo.net (65.106.4.233) 18.553 ms 18.215 ms 18.349 ms
8 * * *
9 * po-1.r02.dllstx09.us.bb.gin.ntt.net (129.250.2.154) 18.361 ms 19.005 ms
10 xe-4-4.r03.dllstx09.us.ce.gin.ntt.net (157.238.225.6) 18.750 ms 18.473 ms 18.342 ms
11 et1-1.ibr01.hstntx2.theplanet.com (70.87.253.50) 26.666 ms 24.172 ms 23.806 ms
12 po1.car03.hstntx2.theplanet.com (74.55.252.74) 24.387 ms 24.525 ms 24.244 ms
13 * * *
14 * * *
15 * * *
16 * * *
17 * *
Quote:

root@server [/etc]# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr |more
36 127.0.0.1
26 198.53.156.181
17
14 200.91.165.130
12 200.91.165.129
10 76.255.78.120
10 204.253.133.10
7 190.68.25.222
7 139.18.199.2

root@server [/etc]# ethtool eth0
Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: d
Wake-on: d
Link detected: yes

root@server [/etc]# sysreport
Traceback (most recent call last):
File "/usr/sbin/sysreport", line 31, in ?
import sos.policyredhat
ImportError: No module named sos.policyredhat

root@server [/etc]# cat modprobe.conf
alias eth0 bnx2
alias eth1 bnx2
alias scsi_hostadapter mptbase
alias scsi_hostadapter1 mptscsi
alias scsi_hostadapter2 mptfc
alias scsi_hostadapter3 mptspi
alias scsi_hostadapter4 mptsas
alias scsi_hostadapter5 mptscsih
alias usb-controller ehci-hcd
alias usb-controller1 uhci-hcd

root@server [/etc]# modinfo bnx2
filename: /lib/modules/2.6.9-78.0.1.ELsmp/kernel/drivers/net/bnx2.ko
author: Michael Chan <mchan@broadcom.com>
description: Broadcom NetXtreme II BCM5706/5708 Driver
license: GPL
version: 1.6.9 478DCC31494367381918DC4
parm: disable_msiisable Message Signaled Interrupt (MSI)
vermagic: 2.6.9-78.0.1.ELsmp SMP 686 REGPARM 4KSTACKS gcc-3.4
depends:
alias: pci:v000014E4d0000164Asv0000103Csd00003101bc*sc*i*
alias: pci:v000014E4d0000164Asv0000103Csd00003106bc*sc*i*
alias: pci:v000014E4d0000164Asv*sd*bc*sc*i*
alias: pci:v000014E4d0000164Csv*sd*bc*sc*i*
alias: pci:v000014E4d000016AAsv0000103Csd00003102bc*sc*i*
alias: pci:v000014E4d000016AAsv*sd*bc*sc*i*
alias: pci:v000014E4d000016ACsv*sd*bc*sc*i*
alias: pci:v000014E4d00001639sv*sd*bc*sc*i*
alias: pci:v000014E4d0000163Asv*sd*bc*sc*i*

Server Specs
Dual Core Dual Xeon 2.8Ghz / 4GB Memory
Centos 4.7 / Cpanel 11
Half C Class on the Server

View 2 Replies View Related

Trafic -in- On Eth0, Normal Or Not ?

Jul 1, 2009

I'm not sure if the trafic showed by munin graphics is normal or not because it seems it jumps to 2mbps in the morning and after few hours drops down to .5mbps

I don't host any storage websites, which should have lots of uploads, just normal websites, maybe a total of 10000 unique visitors/day on all accounts (I estimate this as I don't know how to find out exactly the number of visitors on all websites hosted on this server - 182 accounts)

My question is how can I see what exactly is making that trafic, maybe using a netstat command to see what processes are using the bandwidth.

View 11 Replies View Related

Change Eth0 Speed

Aug 13, 2008

How can change "eth0" speed to 100mbps and full duplex?

View 8 Replies View Related

Munin Stopped Reporting Eth0 After Reboot

Apr 30, 2008

I rebooted my server and now munin is not showing any eth0 traffic. All other graphs are fine. I can see there is a ton of apache accesses so there is definitely eth0 traffic. Munin logs report no errors. I restarted munin and munin-node. I even did 'yum remove munin munin-node' and reinstalled again but it still doesn't work for eth0.

View 4 Replies View Related

/etc/sysconfig/network-scripts/ifcfg-eth0 Of One Of Your Nodes

Dec 3, 2008

I am having network issues, local servers in the /24 are unable to connect to VPS's.

If I make the /etc/sysconfig/network-scripts/ifcfg-eth0 too especific by adding a netmask then Nodes with assigned IPs on a different /28 will stop working/ping.

Right now it works, but it doesn't allow local servers to connect to VPS's (a problem) as one of those nodes is a VPS backup center.

View 6 Replies View Related

Wierdest Thing EVER Eth0 Drop W/ Plesk Usage

Jun 1, 2007

I just got my servers up, DNS servers what not and my main plesk server for shared/reseller hosting.

Now for the weirdest thing ever!

I started working on my plesk packages a few days ago, after I got plesk installed.

Systems stats as follows

Supermicro AS1021M-T2 barebone
[url]

Has 16GB of infeon DDR2-667 memory.
2 250GB hard drives in mirrored configuration with the Acera 9500 w/ 256MB of memory

Running Cent OS 4.4

For some reason, Everytime I go into Plesk, or any of the websites that are contained in Plesk, The nic card drops out, wont allow any activity to get through, both ways.

View 0 Replies View Related

APF + BFD :: Eth0: Error Fetching Interface Information: Device Not Found

Sep 8, 2008

i have a problem when i wget anyfile after i install

APF+BFD into my server

my server is VPS ..

my VPS details is

---------------------
Server Name: bOx
User Name: b0x
Operating System: CentOS 5
RAM: 512 MB Guaranteed 2 GB BurstedTotal
Disk Space: 10 GB
Bandwidth Quota: 500 GB
Quota Used: 0 GB
Control Panel Type: cPanel (license enabled)
Server IP Address: 72.152.456.37
---------------------

now my VPS when i restart my APF its show me this
eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found

and my SSH Froze in this ..

View 12 Replies View Related

Do You Recommend A Software Firewall When Behind A Hardware Firewall

Dec 17, 2008

Do you recommend a software firewall when behind a hardware firewall?

All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.

View 3 Replies View Related

Firewall - Kerio Or Windows Firewall

Jun 13, 2008

I've found a dedicated server at a great price and plan to stick with it, my first ( already have 2 vps accounts ). I don't have the money for a hardware firewall. However, I do have a chance to renew a Kerio WinRoute Firewall license from way back.

Does anyone think this would be better than the default windows 2003 firewall?

View 1 Replies View Related

APF Firewall Help

Sep 30, 2006

after install apf firewall whole server blocked to everyone.. i can't get ping back as well. Any idea?

View 2 Replies View Related

Firewall + NAT

Oct 24, 2009

I'm planning to place some firewalls in my network, but I'm afraid of something.

I have never used cisco pix, checkpoints and others.. We currently use custom made linux solutions for that

When we use these ready-to-go boxes, do we need to NAT the internal server IPs?

Is it possible to use these ready-to-go solutions with REAL IPs in the servers?

Does cPanel work well with NATed internal IPs? Or shall I have some trouble?

Do you think it's safer to with NATed, or it will be better to use real ips instead?

View 4 Replies View Related

Best Firewall

Apr 8, 2009

I was wondering what everyone thinks the best Firewall software is for a dedicated server?

View 7 Replies View Related

FTP Ban And Firewall

Jun 3, 2009

Im using the latest cPanel release. Using Pure-FTPD as the ftp server. I have CSF Firewall installed and configured and have also got [url]installed. on the dos deflate software ive set the ban limit to 250 connections.

But what my problem is that while downloading on ftp clients with internet that can download very fast that it will ban them. Ive kinda realised that it is to do with the DDos software but im unsure what i should do. Increase the limit of connections but that would mean that more minor Ddos attacks might get through so that would affect more clients. Or leave the limit at 250 and let clients get blocked for 20 minutes.

Or alternatively is there a way i can stop people getting banned via FTP completly. As i dont see that option on the Ddos or csf.

View 8 Replies View Related

Firewall + RDP

Jan 14, 2009

I´m running the remote desktop service and configuring a remote dedicated server right now.

So, I need to install a firewall in this machine, but I don´t want to be disconnected after the installation.

So, can anyone tell me of a firewall that don´t stop the connection of RDP just after installation and works with Windows 2003 Server?

View 4 Replies View Related

Firewall OS

May 9, 2008

secure a LAN network with 200 computers, a specific hardware solution (like CISCO PIX or so) might not be available.

Though, I'm considering a Firewall OS based Solution like pfSense, m0n0wall, eBox, Endian Firewall, SmoothWall, etc.

There are so many options and I have no experience with none of this. My Requirements are:

Web based configuration
Clean Interface with graphic statistics
Pretty Secure
Good hardware support
Free usage
Simple configuration
Support for high bandwidth usage

I think OpenBSD is pretty secure, is there any OpenBSD Firewall OS solution with this requirements?

View 11 Replies View Related

What Better Firewall To Vps?

Mar 23, 2008

What better firewall to vps?

In my vps not use csf or iptables

Virtuozzo has bug that.

View 7 Replies View Related

APF Vs CSF Firewall ...

Mar 30, 2008

What do you think of this two firewall? which one is better overall?

View 14 Replies View Related

Better Firewall :: CSF Vs. APF And BFD

Jul 8, 2008

I am looking to setup a Firewall etc... on a VPS and would like to know what is the better one and easy to use etc...

CSF or APF and BFD ?

View 6 Replies View Related

Firewall - 300 USD Max

Feb 6, 2008

know of any hardware firewall (or suggest) which is under 300 USD and can protect around 5 servers with a total bandwidth capacity of 100 (+/-) Mbps. I am really no security expert

Of course, it should have web based management, online documentation (not really needed) and something special for prevent DoS attacks automatically (really fed up of them).

If possible if you can link me directly to an online store that can ship it Internationally / Europe?

View 0 Replies View Related

CSF Firewall

Apr 26, 2008

I was having attacks so I installed CSF firewall which did a great job. However on a few of my sites, specifically proxy ones, every second or third page you visit will be a 403 Forbidden error. After about 20-30 seconds, you can refresh and it goes away. I suspect CSF is causing this, because it just started to happen after I installed it. Is it thinking there are too many connections or too much bandwidth and its blocking me or other users just using the proxy? Is there a way to make it slightly more tolerant?

View 3 Replies View Related

Firewall

Mar 2, 2007

I am a non technical type that is trying to start a web based business. I am thnking a dedicated server will be the best option for me but as I looked at the quotes from several different web hosts I noticed that the firewall services that they provide are very expensive. 100$ a month - 150$ a month.

Are there other firewall options that can be installed on the server that we as administrators can install and use?

View 11 Replies View Related

Firewall Log

Jun 10, 2007

I have had a fair few hack attempts from ip numbers that are on the same
provider ;telewest' that i am on - is there anyway of getting this takne further other than contacting isp?

Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0
Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0
Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0
Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0
Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0
Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0
Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0
Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0
Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0
Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0
Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0
Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0
Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0
Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0
Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0
Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0
Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0
Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0
Jun 9 22:03:51 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0
Jun 9 22:03:51 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628

View 11 Replies View Related

Best Firewall W/o Lan

Feb 10, 2007

Lately one of my servers have been getting syn floods and ddos attacks (repeatedly for the last 2 weeks). The attacks are not as bad as they were the last 2 weeks, but my software firewall (iptables and csf) is not doing the job anymore. It can't handle such large attacks.

I picked up a netgear firewall, but it has dhcp and lan, which made it have no use to me. All my servers are on static ips, so I would be unable to use a lan.

Is there a firewall available which would allow me to setup something like this (Server 1 is the one getting attacked):

Internet ---> Firewall ---> 48 Port Switch ---> Server 1, Server 2, and so on

or

Internet ---> 48 Port Switch ---> Firewall ---> Server 1
Other servers come off the Switch

I saw the Cisco Pix on ebay, but am not sure of all the features it holds. I basically need a firewall without any lan capaibilites, no routing, just a plain firewall that will protect from DDoS and Syn Floods (if possible, also email me the logs). Also needs to push up to 20Mbps (100Mbps would be best though).

I looked into m0n0wall and pfsense, but their software didn't make any sense to me. I tried setting it up on a PIII 700Mhz with 768MB Ram but never got the webConfig to work.

Price is not a huge issue, I just need these attacks to end. any suggestions on software firewalls let me know.

View 14 Replies View Related

Firewall

Oct 22, 2007

Which is the best firewall in linux unix servers..................

View 4 Replies View Related

Firewall & VPN

Mar 7, 2007

I have a client who requires a firewall with VPN support. He will be utilizing around 10mbit of traffic at most. What would be a suggested firewall to go with that would properly handle vpn?

View 10 Replies View Related

Firewall On The Hypervm

May 16, 2009

I installed CSF on my hypervm node. Its installed and work correctly. But when i block a port, for example "80" i see "80" blocked to all vps too!

Where is issue and how can fix this problem?

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved