Portal Home > Knowledgebase > Articles Database > APF issue
APF issue
Posted by Formas, 04-03-2009, 02:44 PM |
Hi,
well, I am usiong APF + BFD in my server. It seems to be working fine. But I have a problem with one client that have dinamyc IP in your connection.
This client is blocked ever when he gets new IP. But this is not blocked in deny_hosts.rules. I dont know where this client is blocked.
But I know that is in APF because always when client claim I add your actual IP in allow_hosts.rules and restarted apf and he can access the server again.
But in each 2 hours he get new IP and blocked again.
|
Posted by PCS-Chris, 04-03-2009, 03:18 PM |
Might just be blocked in IPTables by another service.
Next time he is banned look for his entry in itpables
iptables -L | grep xx.xx.xx.xx
|
Posted by Technix, 04-03-2009, 08:19 PM |
on the next blockage check the IP in /var/log/messages as well
#grep xx.xx.xx.xx /var/log/messages
|
Posted by Formas, 04-08-2009, 08:34 AM |
Well,
again my client had your IP blocked. I search client ip in deny_hosts.rules, but have not listed.
so i tried #iptables -L | grep IP without any result.
so I ran #grep xx.xx.xx.xx /var/log/messages and I could see RABHIT messages:
===
root@server01 [/etc/apf]# grep XXX.31.45.171 /var/log/messages
Apr 8 07:49:01 server01 kernel: ** RABHIT ** IN=eth1 OUT= MAC=00:30:48:94:ce:6d:00:1f:27:40:4c:00:08:00 SRC=XXX.31.45.171 DST=67.XXX.180.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=2237 PROTO=TCP SPT=113 DPT=30621 WINDOW=0 RES=0x00 ACK RST FIN URGP=0
Apr 8 08:06:48 server01 kernel: ** RABHIT ** IN=eth1 OUT= MAC=00:30:48:94:ce:6d:00:1f:27:40:4c:00:08:00 SRC=XXX.31.45.171 DST=67.XXX.180.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=2494 PROTO=TCP SPT=113 DPT=42968 WINDOW=0 RES=0x00 ACK RST FIN URGP=0
root@server01 [/etc/apf]#
===
So I disable all RAB (Reactive Address Blocking) in conf.apf.
Guys, do you know more about RABHIT messa above??? APF with all RAB disable is safe??
Regards
|
Posted by Technix, 04-12-2009, 05:50 PM |
add the IP address in iptables to allow connections and enable RAB in APF.
#iptables -A INPUT -s XXX.31.45.0/16 -j ACCEPT
#iptables -A INPUT -s XXX.31.45.0/24 -j ACCEPT
#iptables -A INPUT -s XXX.31.45.0/32 -j ACCEPT
add same rules in OUTPUT chain and then save the rules.
#iptables-save
then enable RAB in APF and restart it.
#service apf restart
It should help.
|
Posted by krishna0312, 04-20-2009, 06:38 PM |
Hello,
You can try to add the IP range in allow list, try it.
|
Add to Favourites Print this Article
Also Read
Yahoo Mail (Views: 716)