HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials - Problem with bastille firewall on OVH RPS servers

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)

- Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)

- - Problem with bastille firewall on OVH RPS servers (http://www.howtoforge.com/forums/showthread.php?t=46305)

Problem with bastille firewall on OVH RPS servers

Hi all,

I cannot use Bastille firewall on OVH RPS servers. After enabling firewall rule server becomes unavailable. After manual reboot is server reachable again but in aproximately 20 minutes later server becomes unavailable again even if I delete all firewal rules. I suppose that some cron job try switch on firewall.

Has anybody same experiences or solution?

Thanks for any suggestion

SupuS

Quote:

I suppose that some cron job try switch on firewall.

There is no such cronjob in ISPConfig 3. But maybe some other cronjob on your server does this. You can e.g. try to disable the firewall with e.g. update-rc.d on Debian and Ubuntu.

Quote:

Originally Posted by till (Post 229989)

There is no such cronjob in ISPConfig 3. But maybe some other cronjob on your server does this. You can e.g. try to disable the firewall with e.g. update-rc.d on Debian and Ubuntu.

Hi till

server works well until I insert new firewall rule. After reboot it freeze if I start or restart bastille or wait for 20 minutes.

Last line in the syslog is:

Code:

/USR/SBIN/CRON[13513]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log

I tested firewall in ISPConfig 3 installed in virtualbox and it was without problem. Maybe is there some problem with kernel from OVH?

SupuS

I dont think that its a kernel problem. Most likely the ethernet card has a different name (not eth...). Please post the output of:

ifconfig

Quote:

Originally Posted by till (Post 229998)

I dont think that its a kernel problem. Most likely the ethernet card has a different name (not eth...). Please post the output of:

ifconfig

Code:

# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:23:54:1b:47:1a  

          inet addr:xxx.23.20.97  Bcast:xxx.23.20.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:1238054 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1776408 errors:0 dropped:0 overruns:0 carrier:1

          collisions:0 txqueuelen:1000 

          RX bytes:582459034 (582.4 MB)  TX bytes:1876881032 (1.8 GB)



eth0:0    Link encap:Ethernet  HWaddr 00:23:54:1b:47:1a  

          inet addr:yyy.98.138.163  Bcast:yyy.255.255.255  Mask:255.255.255.255

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1



lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:7249 errors:0 dropped:0 overruns:0 frame:0

          TX packets:7249 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:662492 (662.4 KB)  TX bytes:662492 (662.4 KB)

I use yyy.98.138.163 .. it is IP FailOver .. can be transfered to other server

Ok. Thats fine, so its not a problem with the name of the network card interface.

Which Linux distribution is this?

Quote:

Originally Posted by till (Post 230000)

Ok. Thats fine, so its not a problem with the name of the network card interface.

Which Linux distribution is this?

It is Ubuntu 9.04 but I tested also Debian Lenny with ISPConfig 3 preinstalled by OVH and there was the same problem.

Then there must be some kind of incompatibility with the bastille firewall. Please disable the start of the firewall at boot by running:

update-rc.d -f bastille-firewall remove

and then remove the firewall record in ispconfig or set it to inactive.

Quote:

Originally Posted by till (Post 230003)

I disable start of bastille for now and I wrote to OVH technicians about this problem .. maybe they will find where is the problem.

Thanks for reply till

One idea reagarding this issue came to my mind. Arent the OVH servers using a harddisk that is attached from a storage area network instead of a local harddisk? In that case, you might have to open a port in the firewall to enable access to then SAN as well.