Am am getting several "iptables: Invalid arguments" message. I traced this to these iptables calls from within /etc/apf/firewall. Each of these iptables calls gives "iptables: Invalid arguments":
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL NONE -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL FIN,URG,PSH -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL ALL -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL FIN -j IN_SANITY
Any thoughts? According to my ISP, I have these iptables modules:
iptable_filter
iptable_mangle
ipt_limit
ipt_multiport
ipt_tos
ipt_TOS
ipt_REJECT
ipt_TCPMSS
ipt_tcpmss
ipt_ttl
ipt_LOG
ipt_length
ip_conntrack
ip_conntrack_ftp
ip_conntrack_irc
ipt_conntrack
ipt_state
ipt_helper
iptable_nat
ip_nat_ftp
ip_nat_irc
On a RHE 5.1 + cPanel server I got this error usually from apache logs and from php -v output:
[root@server.roo393.com:~]php -v shmget() failed: Invalid argument Failed to start up concurrent users module! PHP 5.2.5 (cli) (built: May 1 2008 22:00:18) Copyright (c) 1997-2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies [root@server.roo393.com:~]
Tried recompiling latest php 5.2.x and it is always happening while using Zend Optimizer. As you should know, optimizer is need for most web apps today... so it's a must.
Is it me or that anyone else experiencing the VZ master node not properly configured for those front-end firewall programs?
I recently purchased couple Linux VPSs (OpenVZ) from different vendors and both seems not having iptables properly configured. One of them finally got resolved, but took like a week for them to figure out what's wrong with it.
I'm currently still stuck with second VPS not protected.
I have not check into which iptables modules APF or CSF requires, but VPS vendors/resellers should expect their clients would be using those and properly configure their VZ master prior to deployments.
I'm begin to wonder people that purchases VPS slices, are they using any decent firewall front-end or not.
It always seems that ip_conntrack is missing. When exists, everything works.
after turning on the iptables firewall i can't receive emails anymore on a dedicated centos 5.3 server with postfix and dovecot.
with iptables firewall turned off everythin works fine.
following is the /etc/sysconfig/iptables # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT # -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
# ************ tried doing this first ************
I've got problems with my APF firewall. Here is are the errors I get :
[root@ks123456 ~]# apf -r apf(6493): {glob} flushing & zeroing chain policies apf(6493): {glob} firewall offline apf(6530): {glob} activating firewall Opening /proc/modules: No such file or directory apf(6570): {glob} unable to load iptables module (ip_tables), aborting. apf(6530): {glob} firewall initalized apf(6530): {glob} fast load snapshot saved
The /var/log/apf_log file is full of these errors.
I've been told that it was a compatibility issue with the server's kernel. So I upgraded the kernel to the last version, but the problem still remains and I get the same errors...
I have two similar VPS plans with identical software setups. I installed APF Firewall on VPS A, modified the conf.apf file to change the interfaces to venet0 and set monokern to 1 and then opened all the ingress ports required. Started the firewall with 'service apf start' and everything went fine, and everything is working fine with no errors.
I did the same on VPS B but when I start apf I get the following error that reoccurs during the startup sequence:
iptables: No chain/target/match by that name
While the firewall does seem to be running (by checking iptables -L) I am unable to download files on the VPS, via wget or yum ...
I temporarily enabled and activated Plesk firewall module (which I wish I didn't the first time) and for some reason it seems to have overwritten the default iptables configuration that was set, leaving my ftp unable to be logged into. I tried to disable the firewall module and reboot the server. It didn't work.
I also noticed that it somehow seem to have changed my hostname to my previous server hostname as well
Is there any way to completely revert back to original iptables settings before enabling the Firewall module?
I'm in the process of installing PPA on infrastructure running Parallels Cloud Server. Each container has 2 interfaces, one public facing and a private interface for inter-server communication.
No problems installing PPA 11.5 (specifying IP's on commandline) or adding service nodes however, the firewall rules the documentation speaks of are nowhere to be seen? i.e.:
Important: After the installation, PPA creates the special firewall chain PPA-SN-Rules-INPUT used for communication with service nodes. Do not change it, otherwise, you will not be able to add service nodes to PPA.Click to expand...
Has this been dropped from PPA 11.5 ? (I recall seeing the firewall settings in 11.1) There is also no sign of the ppa.firewall tool that is also mentioned.
The only rule I see inserted is for Postgres on the management node, and 2 for pleskd on all of the nodes (open to world!).
I didn't want to say anything bad about this Host, because the staff is very friendly, but people need to be warned incase they didn't get what they ordered either.
I ordered a server with a hotswappable RAID, and got a the welcome letter a few days later. The welcome letter didn't have my root password or my IP address range. So, I emailed asking for that. Then I started wondering if they missed anything else because the welcome letter nor their client area lists the server specs. So I asked if they have my the correct hardware.
They said No, and will give me a monthly credit and the correct hardware for the inconvience. It was a new server and wasn't a big deal to me.
But then I wondered if they did the same to the server I ordered like 40 days ago. So I asked and they said they messed up my hardware on that order too. That server is already up and running with sites on it.
The host is AxisHost , I know many people here recommend them, thats why I chose them, but this seems like it may be happening a lot with them.
I am looking for webhosts providing free dedicated (not shared) SSL certificates alongwith dedicated IP.
Currently I found only dotable.com and other companies in the UK2 group providing such a package. Is there any other good webhost providing free SSL certificates.
My budget is maximum $10 per month.
Only CPanel hosts are preferred and access to WHM would be a definite plus though not mandatory.
I have a chrooted ftp user that I use on my server. I would like to run a cron job using this user that backs up my mySQL databases. When I execute the job, it complains about date and mysqldump not existing. I was able to fix the date problem simply by copying it from the actual /bin to the chrooted /bin. However, I can't simply copy mysqldump because it depends on several libraries. Anybody know how I can give this chrooted user access to commands that aren't in his chroot?
I've had this virtual server with Godaddy forever. I have about 52 websites on it. I was adding another and I walked through the registration process and forgot to click the save button. I then proceeded to the domain area of Godaddy to update the IP address. Now I can't add domains, delete dns settings, or update DNS settings without getting these kinds of messages:
Your URL: /dns/sync.do
Error details:
CommandFailedException: Unable to parse DNS configuration file at c.g.t.f.systems.dns.LinuxDnsSubsystem.updateConfigFile:1165 at c.g.t.f.systems.dns.LinuxDnsSubsystem.synchronizeDomains:958 at c.g.t.w.actions.dns.ActionDnsSync.process:39 at c.g.t.w.actions.AbstractSpringAction.execute:118 ... at c.g.t.w.filters.AuthorizedResourceFilter.doFilter:38 ... at c.g.t.w.filters.RequestPopulationFilter.doFilter:117 ...
Cause: SAXParseException: Premature end of file. ... at c.g.t.f.systems.dns.LinuxDnsSubsystem.updateConfigFile:982 at c.g.t.f.systems.dns.LinuxDnsSubsystem.synchronizeDomains:958 at c.g.t.w.actions.dns.ActionDnsSync.process:39 at c.g.t.w.actions.AbstractSpringAction.execute:118 ... at c.g.t.w.filters.AuthorizedResourceFilter.doFilter:38 ... at c.g.t.w.filters.RequestPopulationFilter.doFilter:117 ...
So! Godaddy has now had me upgrade my disk space to another 10gig, I've tunneled in with ssh and ran memhog to increase memory because they are suggesting that I'm too low on RAM and want me to purchase another server, I can't just ugrade. I've updated all the packages in my simple control panel. I finally got an email from them after begging for help, because $75 an hour is just too much for me!
This is what I got:
Dear Sir/Madam,
Thank you for contacting Server Support.
If this issue started after the modifications to the DNS of a domain, then it is likely that the DNS file or configuration has become corrupted. You can attempt to manually update or recreate the DNS file via SSH. Unfortunately, we are unable to provide assistance with the configuration of the server or modification of files. While you do have a lot of domain names added to the server, a backup of the content and reprovision of the server will reset the server to the default settings. However, this will remove all content and require that you re-add all domains and content once again.
I have backed up all my sites and databases, but to start all over again is a horrific thought. I can't imagine the nightmare.
Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.
I've found a dedicated server at a great price and plan to stick with it, my first ( already have 2 vps accounts ). I don't have the money for a hardware firewall. However, I do have a chance to renew a Kerio WinRoute Firewall license from way back.
Does anyone think this would be better than the default windows 2003 firewall?
My server is fedora core 4 in whm : Invalid Hostname. (This account is currently not available.). Hostnames must be fully qualified domain names and not contain any spaces or tabs.
I always got a Invalid Credentials error when I tried to login to admin panel Is there any way to I can fix it or how can I change litespeed username/password via ssh
[Wed May 14 18:15:17 2008] [error] [client 66.228.119.67] Invalid URI in request entersomenicedatastringshereidontthinkthisislongenoughsoiwilladdmoreheherr669760763646r
i am getting error when i trying to send mail out to external email address like gmail, hotmail, msn, yahoo
The error says 550 invalid recipent : user@domain.com
so to make sure that the mail server is working i tried sending mail to local address which is local@nameoftheserver.com it works but when i try to send mail to external address it get error listed above.
so i added my email sales@domainname.com to gmail to test whether the mail server is working correctly from gmail i can send email from sales@domainname.com and recieve both but when i try that from my server it doesnot work
my server is offshore and i am using enom mail server to send email?