Can't get the firewall started

NodeWorx General Discussion
1

Not sure what I’m doing or how to get the firewall started in Nodeworx.
Checking status I get…

unable to load iptables module (ip_tables), aborting.

And errors if I try to start apf in shell…

eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found
/etc/apf/firewall: line 1: /sbin/lsmod: No such file or directory
Unable to load iptables module (ip_tables), aborting.

Help is appreciated.

2

You wouldn’t happen to be on a VPS would you? If so, APF and Virtuozzo takes some additional work to get working together nicely. Here’s a couple articles from the SWSoft knowledgebase:

http://kb.swsoft.com/article_130_875_en.html
http://kb.swsoft.com/article_117_746_en.html

Hope that helps,
Socheat

3

Yes, it’s a vz vps. The articles look like server-wide installs for all virtual machines in Virtuozzo. Your info is what I needed in any case. Thanks!

4

Maybe this will help other tenderfoots like me.

Initially the OS had to be enabled for iptables. Once the host did that I turned on the firewall in Virtuozzo and used the ‘advanced’ setting. Then I got out of Virtuozzo. I don’t like it there.

I’m not always sure when it matters, but it’s good practice to try ssh any time your gut feels funny about changing something in APF.

At first APF wouldn’t start from the command line. But after getting re-acquainted with a few files, it was relatively painless getting it to start. Initially it aborted with errors about locating iptables but these errors eventually went away.

I’ve configured iptables a couple times before on a Virtuozzo VPS and each time it was this link I refer to: http://www.theserverpages.com/20102/11/

The APF front end in NodeWorx is equivalent to editing
/etc/apf/conf.apf

The Trusted/Blocked access controls in Nodeworx are equivalent to editing
/etc/apf/allow_hosts.rules
and
/etc/apf/deny_hosts.rules

Keep Debug mode off in case you block yourself (eg port 22). When the firewall is working the way you want is the time to turn debug mode off.

Debug Mode in Nodeworx is equivalent to DEVM=“1” (on) or DEVM=“0” (off) in the file
/etc/apf/conf.apf

Restart apf at the command line and enable it in Nodeworx. For me it turned from pink to green first time. Five minutes later it shut off. Which is good because debug mode is on. DEVM is a 5 minute cron that will flush the tables which disables the firewall.

In Nodeworx add your server’s IP to Trusted and go from there. Click the help link (?) for info on these settings in /etc/apf/conf.apf –

Maximize Reliability = DEF_TOS: 4 (default)
Maximize Throughput = DEF_TOS: 8
Minimize Delay = DEF_TOS: 16

As far as these three options go I’m not qualified to say about advantages of one choice over the other. Anybody feel free to jump in here.