User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > APF issue


APF issue




Posted by Formas, 04-03-2009, 02:44 PM
Hi, well, I am usiong APF + BFD in my server. It seems to be working fine. But I have a problem with one client that have dinamyc IP in your connection. This client is blocked ever when he gets new IP. But this is not blocked in deny_hosts.rules. I dont know where this client is blocked. But I know that is in APF because always when client claim I add your actual IP in allow_hosts.rules and restarted apf and he can access the server again. But in each 2 hours he get new IP and blocked again.
Posted by PCS-Chris, 04-03-2009, 03:18 PM
Might just be blocked in IPTables by another service. Next time he is banned look for his entry in itpables iptables -L | grep xx.xx.xx.xx
Posted by Technix, 04-03-2009, 08:19 PM
on the next blockage check the IP in /var/log/messages as well #grep xx.xx.xx.xx /var/log/messages
Posted by Formas, 04-08-2009, 08:34 AM
Well, again my client had your IP blocked. I search client ip in deny_hosts.rules, but have not listed. so i tried #iptables -L | grep IP without any result. so I ran #grep xx.xx.xx.xx /var/log/messages and I could see RABHIT messages: === root@server01 [/etc/apf]# grep XXX.31.45.171 /var/log/messages Apr 8 07:49:01 server01 kernel: ** RABHIT ** IN=eth1 OUT= MAC=00:30:48:94:ce:6d:00:1f:27:40:4c:00:08:00 SRC=XXX.31.45.171 DST=67.XXX.180.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=2237 PROTO=TCP SPT=113 DPT=30621 WINDOW=0 RES=0x00 ACK RST FIN URGP=0 Apr 8 08:06:48 server01 kernel: ** RABHIT ** IN=eth1 OUT= MAC=00:30:48:94:ce:6d:00:1f:27:40:4c:00:08:00 SRC=XXX.31.45.171 DST=67.XXX.180.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=2494 PROTO=TCP SPT=113 DPT=42968 WINDOW=0 RES=0x00 ACK RST FIN URGP=0 root@server01 [/etc/apf]# === So I disable all RAB (Reactive Address Blocking) in conf.apf. Guys, do you know more about RABHIT messa above??? APF with all RAB disable is safe?? Regards
Posted by Technix, 04-12-2009, 05:50 PM
add the IP address in iptables to allow connections and enable RAB in APF. #iptables -A INPUT -s XXX.31.45.0/16 -j ACCEPT #iptables -A INPUT -s XXX.31.45.0/24 -j ACCEPT #iptables -A INPUT -s XXX.31.45.0/32 -j ACCEPT add same rules in OUTPUT chain and then save the rules. #iptables-save then enable RAB in APF and restart it. #service apf restart It should help.
Posted by krishna0312, 04-20-2009, 06:38 PM
Hello, You can try to add the IP range in allow list, try it.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
how to remove LKM trojan? (Views: 626)
Looking for a large data transfer... (Views: 678)
Yahoo Mail (Views: 716)
QC Xeon X3220 vs QC Xeon 5320 - which is better? Dell upgraded mine to 5320 (Views: 767)
Peer1 NYC Connectivity (Views: 653)

Language:

Our Services

Client Menu

Legal

+1 512-782-9732

Find any answers
you need...



  • PCI Secure
  • Verefied by VISA
  • MasterCard SecureCode

    • Terms of Service | Privacy Policy | FAQs | Affiliates | Email
    Copyright © 2015 BraginHos / CHS Gateway inc. - All Rights Reserved.
    Our address: CHS GATEWAY INC c/o Regus Offices, 2598 E. Sunrise Blvd Ste 2104, Fort Lauderdale, Florida 33304, contact phone number: (+1) 512-782-9732, email: support@chsgatewayinc.com