[CentOS] CentOs 4.X and APF firewall issues
hkclark at gmail.com
hkclark at gmail.com
Sun Sep 24 23:43:56 UTC 2006
On 9/21/06, Steph <stephanie.royle at lunarpages.com> wrote:
> Hi,
>
> We have 7 Dell 2850 servers with dual xeon 3 gig processors running the APF
> firewall version 0.9.6 http://rfxnetworks.com/apf.php
>
> They run fine for a day or two, then suddenly lock out all incoming
> connections, other than the backend IP, sometimes restarting the firewall
> resolves this, but occasionally we may have to leave it 10 mins or so before
> restarting where it will actually allow connections again.
>
Hi Stephanie,
I have had problems with apf, as noted in this thread about 5 months ago:
http://lists.centos.org/pipermail/centos/2006-May/064517.html
However, it would just lock out seemingly random connections for a
fairly short period, vs. the 10 min you are seeing. I emailed
rfxnetworks, but never heard back. :-( So, although I have
recommended APF numerous times on this list, I would now recommend
people probably consider another alternative. I am currently "rolling
my own" iptables config... if people have a frontend package similar
to apf (but without these various "lock out" concerns), I would love
to hear any recommendations.
One thing I did to find useful in troubleshooting the apf issues I had
was to use tcpdump. I used a command such as:
nohup tcpdump -p -i any -s 0 -w out_file.enc 'tcp[tcpflags] & tcp-syn
!= 0 and (port 80 or port 443)' &
I was seeing multiple TCP SYN packets come in from the same client
(with the same src/dest port numbers) and no response from my CentOS
box. You can view the out_file.enc in something like Ethereal (now
Wireshark). Because it only captures the SYN packets, you can leave
this running without worrying about filling up your hard drive.
Also, I should probably mentioned that I was working with a CentOS 3 box.
Let me know if you learn anything else.
Regards,
Kennedy
More information about the CentOS
mailing list