Hi Andrew,

It's strange, the settings were fine I took out antidos and also the block list.

Eventually I went down to a prior version and it's been fine since then, I never did get to the bottom of why the latest release doesn't work.

Thanks for your reply

Stephanie

_____

From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Andrew Cotter Sent: 21 September 2006 18:45 To: CentOS mailing list Subject: RE: [CentOS] CentOs 4.X and APF firewall issues

I had this sort of thing happen almost two years ago on a 2650 with apf (prior version). We do have it runnning on a few Dell boxes (750, 1850, and 2650) with out an issues today and on version back. I doubt it would be kernel related. What are the settings in your conf.apf?

Anything in the logs? Some cron job firing off when it happens? Do you have something feeding it a block list of sorts?

What is the USE_AD= setting set at?

Have you asked Ryan @ rfxnetworks? I believe that is his name anyway.

Andrew

-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org]On Behalf Of Steph Sent: Thursday, September 21, 2006 1:04 PM To: centos@centos.org Subject: [CentOS] CentOs 4.X and APF firewall issues

-->

Hi,

We have 7 Dell 2850 servers with dual xeon 3 gig processors running the APF firewall version 0.9.6 http://rfxnetworks.com/apf.php

They run fine for a day or two, then suddenly lock out all incoming connections, other than the backend IP, sometimes restarting the firewall resolves this, but occasionally we may have to leave it 10 mins or so before restarting where it will actually allow connections again.

Has anyone had this issue themselves, or does anyone successfully running Cent0s 4.X with the 2.6.9-42.0.2.ELsmp kernel have a sample /etc/apf/config.apf I could take a look at?

Thanks in advance

Stephanie Royle.

Hi Kennedy,

I'm glad you included the info on the high syn packets as I noticed this coincided with the lockups. I have replaced the apf with an earlier version and it's running perfectly now, so all I can think is that perhaps there was something in this last release that wasn't quite 100%.

The forum at RFX is not online anymore and I guess maybe an email would result in no reply. I really like the APF and I'm pleased we can continue to use it, if I have a little more time I'll maybe look a little more deeply into the newer version but for now I'm happy to have a working version.

Thanks for your reply.

Stephanie.

-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of hkclark@gmail.com Sent: 25 September 2006 00:44 To: CentOS mailing list Subject: Re: [CentOS] CentOs 4.X and APF firewall issues

On 9/21/06, Steph stephanie.royle@lunarpages.com wrote:

Hi,

We have 7 Dell 2850 servers with dual xeon 3 gig processors running the

APF

firewall version 0.9.6 http://rfxnetworks.com/apf.php

They run fine for a day or two, then suddenly lock out all incoming connections, other than the backend IP, sometimes restarting the firewall resolves this, but occasionally we may have to leave it 10 mins or so

before

restarting where it will actually allow connections again.

Hi Stephanie,

I have had problems with apf, as noted in this thread about 5 months ago: http://lists.centos.org/pipermail/centos/2006-May/064517.html

However, it would just lock out seemingly random connections for a fairly short period, vs. the 10 min you are seeing. I emailed rfxnetworks, but never heard back. :-( So, although I have recommended APF numerous times on this list, I would now recommend people probably consider another alternative. I am currently "rolling my own" iptables config... if people have a frontend package similar to apf (but without these various "lock out" concerns), I would love to hear any recommendations.

One thing I did to find useful in troubleshooting the apf issues I had was to use tcpdump. I used a command such as:

nohup tcpdump -p -i any -s 0 -w out_file.enc 'tcp[tcpflags] & tcp-syn != 0 and (port 80 or port 443)' &

I was seeing multiple TCP SYN packets come in from the same client (with the same src/dest port numbers) and no response from my CentOS box. You can view the out_file.enc in something like Ethereal (now Wireshark). Because it only captures the SYN packets, you can leave this running without worrying about filling up your hard drive.

Also, I should probably mentioned that I was working with a CentOS 3 box.

Let me know if you learn anything else.

Regards, Kennedy _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos

I took it down one to APF 0.9.5 It's been running on all the 4.X servers for 5 days now without issue. :)

Regards

Stephanie.

-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of hkclark@gmail.com Sent: 25 September 2006 18:16 To: CentOS mailing list Subject: Re: [CentOS] CentOs 4.X and APF firewall issues

Great. Let me know if you find anything else at. What version are you finding works for you?

Regards, Kennedy _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos

No, You only need setup the correct objectClasses related to posixAccounts. Set the attributes for these objectClasses and setup pam to handle ldap. This could be done using authconfig ou manually changing /etc/ldap.conf and /etc/pam.d/system-auth. Remember to install the correct packages with this funcionalities, such as nss_ldap.

On 9/27/06, Jose Perales @ Grid System jose.perales@gridsystems.com.ve wrote:

Hi I setup a ldap server with samba in centos 4.3 and I test it with windows client (Win Xp) and the user that I created in the directory can logon in windows, so in Centos 4,4 the user can not logon, My question: I need to create the user in the ldap directory in the centos 4.4 computer too?

Regards

Jose Perales

Grid Systems

---

CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos