Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 15th October 2012, 20:24
TheBronx TheBronx is offline
Junior Member
 
Join Date: Oct 2012
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
Default installing CSF. Considerations

Hi, my 3rd thread today hehe. Sorry, it is my 1st day with ISPConfig.
I've been using Kloxo before, and thus I'm used to CSF.

Is it possible to install CSF in a ISPConfig environment? Should I uninstall or deactivate other firewalls?

I want a firewall to block port scanning, max number of connections per IP, port flooding... And I want the firewall to send me emails when this happens.

Is it a good idea to install CSF? Can I do this with fail2ban?

Thanks!
Reply With Quote
Sponsored Links
  #2  
Old 16th October 2012, 05:31
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 155
Thanks: 28
Thanked 22 Times in 16 Posts
Cool

Kloxo is only a Rubbish when it is compared with ISPConfig3!

CSF works very well with ISPConfig3. Make sure your do not enable the default firewall Bastille of ispconfig3. Bastille is a legacy software.
Reply With Quote
  #3  
Old 16th October 2012, 10:34
TheBronx TheBronx is offline
Junior Member
 
Join Date: Oct 2012
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
Default

So first I have to disable bastille:
Code:
update-rc.d -f bastille-firewall remove
And reboot.

Do I have to change fail2ban configuration? For example:
Configure fail2ban to use route instead of iptables to block connections
Do I have to disable it too?

That's it? I'm using ubuntu 10.04 and the latest ISPConfig 3.

---------------------------------------------------------
About kloxo, what I hate about it is that you only can use Centos 5 32 bits as OS. It is a good OS, but it is outdated (python for example).
Kloxo has problems with php too...

But I liked kloxo, and now that I see ISPConfig... domains and subdomains are much easier in kloxo. Sorry Oh, and when you add a new site the "autosubdomain www.", is it a joke? It doesn't configure any autosubdomain, I had to add it via htaccess. It is still soon, only 2 days with ISPConfig, but I've seen things that kloxo does better.
In kloxo I've never added an A record for subdomains (I mean not manually). I've never added DNS zones, just the first one.
Reply With Quote
  #4  
Old 16th October 2012, 10:51
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,381
Thanks: 833
Thanked 5,482 Times in 4,316 Posts
Default

You can use any firewall with ispconfig, just delete the firewall record or dont create it if you havent done yet in ispconfig. Dont mess with the instakl scripts int /etc/init.d, thats all handled by ispconfig.

Quote:
But I liked kloxo, and now that I see ISPConfig... domains and subdomains are much easier in kloxo. Sorry Oh, and when you add a new site the "autosubdomain www.", is it a joke? It doesn't configure any autosubdomain, I had to add it via htaccess. It is still soon, only 2 days with ISPConfig, but I've seen things that kloxo does better.
In kloxo I've never added an A record for subdomains (I mean not manually). I've never added DNS zones, just the first one.
Auto subdomain works fine, take a look at the vhost and you will see that a alias for www.domain.tld gets added.

ISPConfig is made for larger installations with splitted service and multiple server setups as used by internet service providers and it is made to be very flexible and does not assume that you have to run all services on one server like kloxo or that each mail domain must have a website and vice versa. You can use ispconfig on small servers of course, but its not specially designed for that. So if you like kloxo so much, please do us a favor and uninstall ispconfig and install kloxo again if it fits your needs better.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 16th October 2012, 11:57
TheBronx TheBronx is offline
Junior Member
 
Join Date: Oct 2012
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Quote:
So if you like kloxo so much, please do us a favor and uninstall ispconfig and install kloxo again if it fits your needs better.
I said "I've seen things that kloxo does better".
Come on... I didn't want to offend. I'm here because I prefer ISPConfig. But it is my second day with ISPConfig, I've been years using kloxo and it is hard to change.
Sorry if I have said something offending, was not my intention.

And don't tell me "uninstall ispconfig and install kloxo" because kloxo doesn't work in ubuntu!!! hehehe

Quote:
delete the firewall record or dont create it
Where? Under System -> Firewall -> Basic? I only have one firewall record there.

Autosubdomain, here is an example: www.foro.universojuegos.es (not working).
What am I doing wrong?
Reply With Quote
  #6  
Old 16th October 2012, 12:05
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,381
Thanks: 833
Thanked 5,482 Times in 4,316 Posts
Default

Quote:
Sorry if I have said something offending, was not my intention.
Ok I did not wanted to sound that harsh. I'am aware that its not easy to switch a softare that you are used to as every software has its own philosophy.

Quote:
Where? Under System -> Firewall -> Basic? I only have one firewall record there.
Yes. There is one record for each server in your cluster. If you delete that record, the firewall gets deactivated.

Quote:
Autosubdomain, here is an example: www.foro.universojuegos.es (not working).
You havent created a dns A-Record or Cname record for www.foro.universojuegos.es on the dns server that is authoritive for the zone universojuegos.es . When a domain or subdomain does not exist in dns, then you can not access it with a browser.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 16th October 2012, 12:36
TheBronx TheBronx is offline
Junior Member
 
Join Date: Oct 2012
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
Default

I added that firewall record manually, after installation it was empty. It is a record opening ports. If I delete it, bastille-firewall won't start and cause problems with CSF?
It sounds a bit weird, I was hoping to find a checkbox under System -> System -> Server services like "firewall" hehe.

The autosubdomain:
I added a website: http://i.imgur.com/Y9ZJ4.png
The website works without problems after I've added an A record in the parent domain DNS zone (http://i.imgur.com/77L2p.png).
Try it yourself, foro.universojuegos.es works.
That's why the autosubdomain is confusing me. I'm doing something wrong of course, but I don't know what.
If I have to add a DNS record for www.foro then what does "autosubdomain" mean?
Reply With Quote
  #8  
Old 16th October 2012, 12:52
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,381
Thanks: 833
Thanked 5,482 Times in 4,316 Posts
Default

Quote:
I added that firewall record manually, after installation it was empty. It is a record opening ports. If I delete it, bastille-firewall won't start and cause problems with CSF?
The record is your firewall, if you add it, a firewall gets added and enabled, if you delete it, the firewall gets removed and disabled.

Quote:
If I have to add a DNS record for www.foro then what does "autosubdomain" mean?
Auto subdomain means that a alias is added automatically to the vhost, the laisa is relative to the domain name that you have entered in the domain field.

So if your domain name is "foro.universojuegos.es", then auto subdomain adds a automatic alias for "www.foro.universojuegos.es" in the apache vhost. But in your case the domain "foro.universojuegos.es" is already a subdomain so you most likely dont want to use a fourth level domain www.foro.universojuegos.es, so you set ato subfomain to none in this case. If you want to really use www.foro.universojuegos.es for this site, then you have to add a dns a-record for it as every domain name that you want to use in the internet ahs to exist in dns, othewise your browser can not rsolve the name and will not find yur site.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 16th October 2012, 13:04
TheBronx TheBronx is offline
Junior Member
 
Join Date: Oct 2012
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Ok, its clear now.
I never use www.foro.universojuegos.es but it seems some of my visitors do.

Wait! how about fail2ban? No changes needed?

Thank you till, we will probably see again in my 4th thread hehehe.
Have a nice day!
Reply With Quote
  #10  
Old 16th October 2012, 13:10
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,381
Thanks: 833
Thanked 5,482 Times in 4,316 Posts
 
Default

Quote:
Wait! how about fail2ban? No changes needed?
No. fail2ban checks the logs for failed logins, this depends not on domain names or ip addresses of websites.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
TheBronx (16th October 2012)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Installing Ispconfig rtrynor Installation/Configuration 9 1st February 2011 17:02
Problem sending mail when not installing amavisd-new juan_g Installation/Configuration 4 11th October 2010 23:01
Mail Server Setup With Exim, MySQL, Cyrus-Imapd, Horde Webmail On Centos 5.1 - works? gsp HOWTO-Related Questions 124 21st April 2010 20:53
Problems with installation on openSUSE 10.2 douglaslopezt Installation/Configuration 3 24th August 2007 22:04
error while installing..... securitywonks Installation/Configuration 1 23rd December 2005 12:07


All times are GMT +2. The time now is 20:40.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.