Firewall

General Interworx Control Panel Info General Inquries
1

I know with some CP’s like ISPConfig they come with their own firewall app and so you are not supost to enable the os Firewall or IPTables. I want to enable a firewall but I want to make sure I am not going to break anything with Interworx first. Are there any ports required by Interworx that I need to keep open? Also note I am doing the DNS replication that you guys showed me in the other thread and I dont know what port you guys are useing for that.

2

PowWeb, InterWorx ships with the APF firewall software and is configurable through InterWorx (fully supported etc) so I dont know why you would be looking at your own firewall?

Interworx itself runs on port 2080 and 2443.

DNS Replication works on on API system, so I would expect that to be running on por 2443 aswell.

3

That is why I was asking. So I should keep IPTables turned off?

4

What about a Host Intrusion Detection System?

5

Host Intrusion isn’t a firewall is it? So it should be fine.

6

Just tring to make sure they did not have their own in place

7

As EverythingWeb said we do come with APF (which is built on top of iptables), but you are still free to use your own if you really want to. Just make sure all of the standard ports are open including 2443 which InterWorx runs on and which needs to be open for contacting the licensing server.

8

What is it that you realy wan’t do about protection??
I get the idea you don’t even know what you are talking about.

APF included in Interworx (your firewall) is using IP Tables on your server, so when your disable your IP Tables, your APF Firewall won’t work!!

9

Install and use BFD (from the same creators as APF- so it ties in nicely) and that will detect and block Brute Force attempts. :slight_smile:

10

You are right, I have placed a HowTo for this before in a other topic: http://www.interworx.com/forums/showthread.php?t=1642

Here is a simple HowTo for BFD.

HowTO:

Install BFD (Brute Force Detection)
Login in SHH as root.

cd /root/downloads

wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz

tar -xvzf bfd-current.tar.gz

cd bfd-0.9

./install.sh

After installing BFD change next:

nano /usr/local/bfd/conf.bfd

Scroll down:
ALERT_USR=“0”
Change to:
ALERT_USR=“1”

Search for:
EMAIL_USR=“root”
Change to:
EMAIL_USR=“your@email.nl”

Save file :
ctrl+x “yes” [ENTER]

Start BFD:

/usr/local/sbin/bfd -s