#1  
Old 20th May 2010, 17:04
zogthegreat zogthegreat is offline
Member
 
Join Date: Jul 2008
Posts: 50
Thanks: 4
Thanked 1 Time in 1 Post
Default Cant start firewall

Hi everyone,

I just realized that my firewall is not running on ISPConfig 3. When I go into the control panel, I click on "System", and the I choose "Firewall", the only option I have aviable is "Add Firewall record". when I connect via a shell, and type "iptalbes -L -n, I get the following output:

root@server1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@server1 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Running /etc/init.d/iptables start does not work. Am I supposed to create my firewall rules myself, and if so, what ports should be open?

Thanks

zog

btw: My host system is CentOS 5.4
Reply With Quote
Sponsored Links
  #2  
Old 20th May 2010, 18:40
mhpcomputerservices mhpcomputerservices is offline
HowtoForge Supporter
 
Join Date: Dec 2006
Location: Walsall, England
Posts: 37
Thanks: 5
Thanked 2 Times in 2 Posts
Send a message via MSN to mhpcomputerservices Send a message via Skype™ to mhpcomputerservices
Default

Do you have bastille firewall installed, this is what ISPConfig 3 uses. (Someone correct me if i'm wrong please.)

EDIT
Also have you actually proceeded to 'add a new record' as you will get a list of default ports to add.
__________________
Regards
Marcus

*Computer Cables
*Running on Multiserver Setup (5 Servers) Debian 6.0 & ISPConfig 3.0.5.2
Reply With Quote
  #3  
Old 20th May 2010, 18:53
mhpcomputerservices mhpcomputerservices is offline
HowtoForge Supporter
 
Join Date: Dec 2006
Location: Walsall, England
Posts: 37
Thanks: 5
Thanked 2 Times in 2 Posts
Send a message via MSN to mhpcomputerservices Send a message via Skype™ to mhpcomputerservices
Default

I actually installed the firewall on my 2 servers today and it seems to be working fine.

After searching around, the procedure I followed was:

Code:
apt-get install psad -y
echo -e 'kern.info\t|/var/lib/psad/psadfifo' | sudo tee -a /etc/syslog.conf $ sudo
/etc/init.d/sysklogd restart
apt-get install bastille -y
/etc/init.d/bastille-firewall start
Add Firewall Record in ISPC3, then:

Code:
iptables -L
Note, it worked for me, but I'm no expert!
__________________
Regards
Marcus

*Computer Cables
*Running on Multiserver Setup (5 Servers) Debian 6.0 & ISPConfig 3.0.5.2
Reply With Quote
The Following User Says Thank You to mhpcomputerservices For This Useful Post:
zogthegreat (20th May 2010)
  #4  
Old 20th May 2010, 19:18
zogthegreat zogthegreat is offline
Member
 
Join Date: Jul 2008
Posts: 50
Thanks: 4
Thanked 1 Time in 1 Post
Default

Hi mhpcomputerservices,

Turns out I do have Bastille installed, seems I need to do a little more rtmf.

Do you know of any good links for managing Bastille?

I am going to read up on psad, then install as you suggested, however, doesn't fail2ban perform the same function?

Thanks

zog
Reply With Quote
  #5  
Old 20th May 2010, 19:41
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,472
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

To start the firewall, add a firewall record in ispconfig for the server that shall be protected by the firewall. There is no additiona configuration needed except of adding this firewall record in ispconfig.

If you use fail2ban on the same server, you should reconfigure it as described here so it does not collide with the bastille firewall.

http://www.faqforge.com/linux/contro...k-connections/
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
zogthegreat (21st May 2010)
  #6  
Old 21st May 2010, 17:08
zogthegreat zogthegreat is offline
Member
 
Join Date: Jul 2008
Posts: 50
Thanks: 4
Thanked 1 Time in 1 Post
 
Default

Hi till,

Thanks for the tip on fail2ban.

zog
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
monitrc configuration for Debian ISPConfig 3 server Hans Tips/Tricks/Mods 2 27th March 2011 23:22
Monit on Debian Hans Tips/Tricks/Mods 2 6th October 2008 13:53
packet loss Chad Server Operation 2 12th June 2008 14:13
Monit & Munin SamTzu HOWTO-Related Questions 1 4th May 2008 18:03
"Too many open files in system" problems Berry Installation/Configuration 3 10th November 2007 21:58


All times are GMT +2. The time now is 15:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.