Will Bastille Work With The APF Firewall
Apr 25, 2008Will bastille work if my server already has the APF firewall?
View 0 Replies
ADVERTISEMENT
Bastille Firewall Causing Mysql Connection Errors
Jan 27, 2008The main function of my dedicated server is the vBulletin forum that we run.
Ever since I had bastille firewall installed and configured on my server we have been getting regular vBulletin errors.
Everything runs pretty smoothly most of the time, we can carry lots of connections without any issues, server has plenty of free RAM and CPU is never overloaded even during peak hours. I have been told bastille firewall (iptables) is configured correctly, all ports that need to be open are open.
But about twice per day we have a MySQL "disconnect" that lasts about 30-60 seconds per incident. For example we will start getting the following message via e-mail, and it will amount to 20-30 e-mails like this during the 30-60 second incident. After that, the e-mails and problems will go away, until next time.
vBulletin Database Error!
mysql_connect(): Can't connect to MySQL server on 'sql.datacolony.com' (4)
/hsphere/local/home/site/site.com/forum/includes/class_core.php on line 274
MySQL Error :
Error Number :
Date : Saturday, January 26th 2008 @ 07:53:05 PM
Script : [url]
Referrer : [url]
IP Address : 92.3.190.54
Username :
Classname : vb_database
The server is running CentOS 4.6, PHP 4.4.7, MySQL 5.0.45. The vBulletin software has been patched to the latest version. The vBulletin people are not sure why this could be happening.
Well we never believed that the firewall was causing the issue BUT it only started happening on the day the new firewall was installed. So we tried stopping the firewall for a full week and the MySQL database errors stopped happening, completely. So I'm convinced the problem is the firewall blocking MySQL connections but I can't figure out why?
There are no entries in the MySQL .err logs pertaining to this. Can't figure this out, any help or ideas is appreciated since the people who installed the firewall are not sure either.
Configuring Passive FTP To Work With Firewall
Mar 23, 2009I'm running a Win2003 dedicated server with IIS and Plesk v9. While trying to configure my FTP ports I found out that my host has a basic (free) hardware firewall on my main/shared IP with ports 2000-2015 reserved for passive FTP connections. I asked them if they could change the ports to match the default ones but to customize hardware firewall settings I'm require to upgrade to a paid solution.
I again tried to approach the problem by trying to get IIS to conform to the host's ports. However after some research I found that the default MSFTP range is 1025-5000 while custom values have to be between 5001-65535. My host recommends I upgrade to a personal hardware firewall or make do with a software firewall. Other than dropping the firewall is there nothing I can do here?
I've thought of serving FTP on a dedicated IP (which would be exempted from the hardware firewall) but when I tried to set it up I got a directory permission error during connection attempts. I may be mistaken but this appears to be an an issue with Plesk not liking to serve a website's HTTP and FTP on separate IPs. Is solving this problem my best bet?
Do You Recommend A Software Firewall When Behind A Hardware Firewall
Dec 17, 2008Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.
Firewall - Kerio Or Windows Firewall
Jun 13, 2008I've found a dedicated server at a great price and plan to stick with it, my first ( already have 2 vps accounts ). I don't have the money for a hardware firewall. However, I do have a chance to renew a Kerio WinRoute Firewall license from way back.
Does anyone think this would be better than the default windows 2003 firewall?
APF Firewall Help
Sep 30, 2006after install apf firewall whole server blocked to everyone.. i can't get ping back as well. Any idea?
View 2 Replies View RelatedFirewall + NAT
Oct 24, 2009I'm planning to place some firewalls in my network, but I'm afraid of something.
I have never used cisco pix, checkpoints and others.. We currently use custom made linux solutions for that
When we use these ready-to-go boxes, do we need to NAT the internal server IPs?
Is it possible to use these ready-to-go solutions with REAL IPs in the servers?
Does cPanel work well with NATed internal IPs? Or shall I have some trouble?
Do you think it's safer to with NATed, or it will be better to use real ips instead?
Best Firewall
Apr 8, 2009I was wondering what everyone thinks the best Firewall software is for a dedicated server?
View 7 Replies View RelatedFTP Ban And Firewall
Jun 3, 2009Im using the latest cPanel release. Using Pure-FTPD as the ftp server. I have CSF Firewall installed and configured and have also got [url]installed. on the dos deflate software ive set the ban limit to 250 connections.
But what my problem is that while downloading on ftp clients with internet that can download very fast that it will ban them. Ive kinda realised that it is to do with the DDos software but im unsure what i should do. Increase the limit of connections but that would mean that more minor Ddos attacks might get through so that would affect more clients. Or leave the limit at 250 and let clients get blocked for 20 minutes.
Or alternatively is there a way i can stop people getting banned via FTP completly. As i dont see that option on the Ddos or csf.
Firewall + RDP
Jan 14, 2009I´m running the remote desktop service and configuring a remote dedicated server right now.
So, I need to install a firewall in this machine, but I don´t want to be disconnected after the installation.
So, can anyone tell me of a firewall that don´t stop the connection of RDP just after installation and works with Windows 2003 Server?
Firewall OS
May 9, 2008secure a LAN network with 200 computers, a specific hardware solution (like CISCO PIX or so) might not be available.
Though, I'm considering a Firewall OS based Solution like pfSense, m0n0wall, eBox, Endian Firewall, SmoothWall, etc.
There are so many options and I have no experience with none of this. My Requirements are:
Web based configuration
Clean Interface with graphic statistics
Pretty Secure
Good hardware support
Free usage
Simple configuration
Support for high bandwidth usage
I think OpenBSD is pretty secure, is there any OpenBSD Firewall OS solution with this requirements?
What Better Firewall To Vps?
Mar 23, 2008What better firewall to vps?
In my vps not use csf or iptables
Virtuozzo has bug that.
APF Vs CSF Firewall ...
Mar 30, 2008What do you think of this two firewall? which one is better overall?
View 14 Replies View RelatedBetter Firewall :: CSF Vs. APF And BFD
Jul 8, 2008I am looking to setup a Firewall etc... on a VPS and would like to know what is the better one and easy to use etc...
CSF or APF and BFD ?
Firewall - 300 USD Max
Feb 6, 2008know of any hardware firewall (or suggest) which is under 300 USD and can protect around 5 servers with a total bandwidth capacity of 100 (+/-) Mbps. I am really no security expert
Of course, it should have web based management, online documentation (not really needed) and something special for prevent DoS attacks automatically (really fed up of them).
If possible if you can link me directly to an online store that can ship it Internationally / Europe?
CSF Firewall
Apr 26, 2008I was having attacks so I installed CSF firewall which did a great job. However on a few of my sites, specifically proxy ones, every second or third page you visit will be a 403 Forbidden error. After about 20-30 seconds, you can refresh and it goes away. I suspect CSF is causing this, because it just started to happen after I installed it. Is it thinking there are too many connections or too much bandwidth and its blocking me or other users just using the proxy? Is there a way to make it slightly more tolerant?
View 3 Replies View RelatedFirewall
Mar 2, 2007I am a non technical type that is trying to start a web based business. I am thnking a dedicated server will be the best option for me but as I looked at the quotes from several different web hosts I noticed that the firewall services that they provide are very expensive. 100$ a month - 150$ a month.
Are there other firewall options that can be installed on the server that we as administrators can install and use?
Firewall Log
Jun 10, 2007I have had a fair few hack attempts from ip numbers that are on the same
provider ;telewest' that i am on - is there anyway of getting this takne further other than contacting isp?
Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0
Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0
Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0
Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0
Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0
Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0
Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0
Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0
Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0
Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0
Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0
Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0
Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0
Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0
Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0
Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0
Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0
Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0
Jun 9 22:03:51 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0
Jun 9 22:03:51 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628
Best Firewall W/o Lan
Feb 10, 2007Lately one of my servers have been getting syn floods and ddos attacks (repeatedly for the last 2 weeks). The attacks are not as bad as they were the last 2 weeks, but my software firewall (iptables and csf) is not doing the job anymore. It can't handle such large attacks.
I picked up a netgear firewall, but it has dhcp and lan, which made it have no use to me. All my servers are on static ips, so I would be unable to use a lan.
Is there a firewall available which would allow me to setup something like this (Server 1 is the one getting attacked):
Internet ---> Firewall ---> 48 Port Switch ---> Server 1, Server 2, and so on
or
Internet ---> 48 Port Switch ---> Firewall ---> Server 1
Other servers come off the Switch
I saw the Cisco Pix on ebay, but am not sure of all the features it holds. I basically need a firewall without any lan capaibilites, no routing, just a plain firewall that will protect from DDoS and Syn Floods (if possible, also email me the logs). Also needs to push up to 20Mbps (100Mbps would be best though).
I looked into m0n0wall and pfsense, but their software didn't make any sense to me. I tried setting it up on a PIII 700Mhz with 768MB Ram but never got the webConfig to work.
Price is not a huge issue, I just need these attacks to end. any suggestions on software firewalls let me know.
Firewall
Oct 22, 2007Which is the best firewall in linux unix servers..................
View 4 Replies View RelatedFirewall & VPN
Mar 7, 2007I have a client who requires a firewall with VPN support. He will be utilizing around 10mbit of traffic at most. What would be a suggested firewall to go with that would properly handle vpn?
View 10 Replies View RelatedWww Not Work
May 30, 2009im using centOS 5 with webmin in my vps.
im installing webmin and do this: [Apache Webserver] / select [Default Server]
and my website work fine ,
but when i check my web site for example
[url]not working!
[url]Work fine!
how i can solve problem
work with www and without www.
CGI, SSI Won't Work
May 29, 2009I'm having exec cgi issues,
CentOS 5.3 x86_64, Linux, Apache/2.0.63,
cPanel 11.24.4-R36167 - WHM 11.24.2 - X 3.9
Error is,
[an error occurred while processing this directive]
If I "uncheck" IncludesNOEXEC in Apache Global Configuration the error disappears, but the SSI doesn't work. If I check it the error is there, but the SSI works.
Here's what I have done so far,
Through WHM,
Main >> Service Configuration >> Apache Configuration,
Pre Main Include, Pre VirtualHost Include, Post VirtualHost Include,
I added,
Options +Includes
AddType text/html .htm
AddType text/html .html
AddOutputFilter INCLUDES .htm
AddOutputFilter INCLUDES .html
Options +ExecCGI
AddHandler cgi-script .cgi .pl
I also added this to the httpd.conf
<Directory "/">
Options +ExecCGI FollowSymLinks Includes IncludesNOEXEC Indexes -MultiViews SymLinksIfOwnerMatch
AllowOverride All
</Directory>
Options +ExecCGI
AddHandler cgi-script .cgi .pl
Then I tried,
Options +ExecCGI
AddHandler cgi-script .cgi .pl
in the .htaccess file
How Does Ram Work
Jan 25, 2007I got a vps and I dont really understand how ram works but my sites arent really that big yet actually not at all at least teh ones on the vps. I am using directadmin as the panel.
I am using 279mb.
Getting GD To Work
Jan 2, 2007I installed GD via yum. Yet I cant get it to work I get all kinds of error's like libpng is missing then I got libXpm is missing, then freetype is missing yet all the libs exsist,
View 4 Replies View RelatedFTP Will Not Work
Aug 29, 2007After spending nearly 4 days trying to get ftp working on my server i still haven't achieved it. I got a server with a default install of plesk and cent os 4. I update to 8.2 and when i first go to try ftp it says "server closed connection" on my ftp client.
So then i tried updating 8.2 again and the installer failed. So i tried manually installing both proftpd and pureftpd via ssh and yum and it fails to install. I've also restarted the server a few times. I've tried logging in with every single username/domain/i.p. assigned to the server. and i've had no luck.
<? Does Not Work But <?php Is Ok
Apr 23, 2007I installed Lighttpd + PHP 5.2.1 with FastCGI
Any php page that starts with <?php is working fine..
but when the page starts with only <?, it does not work
SSH, How Does It Work
Mar 5, 2007how does SSH work and really what is it.
This is my knowledge, I may be wrong or right:
There are two ways of controlling your server, through control panel and through SSH, now SSH is where you type in codes to control your server.
Now from what I know you can't login to SSH alot due to security reasons.
I was wondering, if I have a forum can I login to SSH everyday to back up the database?
Firewall On The Hypervm
May 16, 2009I installed CSF on my hypervm node. Its installed and work correctly. But when i block a port, for example "80" i see "80" blocked to all vps too!
Where is issue and how can fix this problem?
Which Cisco Firewall?
Aug 21, 2007We are looking to replace our existing WatchGuard Firebox's with a hopefully more reliable firewall from Cisco's range although I'm a bit lost when it comes to the different ranges.
Could somebody suggest a firewall that is capable of:
1: Both NAT & Drop-in (bridge) mode
2: Pretty low bandwidth requirements, no more than 10mbit/s traffic
3: SNMP Monitoring
4: High availability pairing
Did You Try NetGear Firewall ?
Oct 18, 2009Anyone tried NetGear Firewall ?
i want a firewall for my server that protect from DoS Attacks and such security threats ..