APF not functioning

General Interworx Control Panel Info General Inquries
1

[LEFT]I have installed interworx, and I’m in the panel just fine… however, this is because there is no firewall currently operating, and iptables has an open rules list.

In attempting to start APF, interworx does not start it (although it says it starts successfully).

I tried it from ssh, and found that it was having an issue with the configuraiton, specifically at CNF_FUNC="$FWPATH/internals/functions.apf", this was being interpreted as /internals/functions.apf, so for whatever reason the $FWPATH variable is getting destroyed before that.

There are quite a few spots where this occurs.

When I attempt to fix this by just simply setting a global path variable, I get a whole junkload of errors, and the firewall blocks all access (literally).

Any ideas?[/LEFT]

2

Config file of Apf is in /etc/apf/conf.apf

Take a look in it

Also try :
service apf start

And see the result

Pascal

3

[quote=pascal;11589]Config file of Apf is in /etc/apf/conf.apf

Take a look in it

Also try :
service apf start

And see the result

Pascal[/quote]

I’ve configured APF before so I know that, and I’ve tried starting it on its own and going through the configuration file for the errors…

I’ve even restored it to the RPM defaults (which are included with the iworx rpm, they looked identical).

So… flat apf, straight from iworx, still not starting :open_mouth:

4

A few questions:

1.) Are you on a VPS?
2.) Do you get any error messages on the console when restarting APF? Be sure to put APF in debug mode when you do restart.
3.) Do you have SELinux disabled?

Socheat

5

[quote=IWorx-Socheat;11591]A few questions:

1.) Are you on a VPS?
2.) Do you get any error messages on the console when restarting APF? Be sure to put APF in debug mode when you do restart.
3.) Do you have SELinux disabled?

Socheat[/quote]

  1. No
  2. Yea, I stated them above.
  3. Not sure, but no? I havent disabled it, and I wasnt aware I even had it installed. So, unless it requires me to explicitly enable it, I haven’t touched it.
6

After giving static paths to the errored line (makign it /etc/apf/internals/functions.apf) i get:

/etc/apf/internals/functions.apf: line 27: $IPTLOG: ambiguous redirect
/etc/apf/internals/functions.apf: line 27: $IPTLOG: ambiguous redirect
/etc/apf/internals/functions.apf: line 27: $IPTLOG: ambiguous redirect
/usr/local/sbin/apf: line 65: /vnet/vnetgen: No such file or directory
/usr/local/sbin/apf: line 67: /firewall: No such file or directory
/etc/apf/internals/functions.apf: line 27: $IPTLOG: ambiguous redirect

7

Open a ticket, you’ve got me really curious now. :slight_smile: We’ll need your root login information.

Socheat

8

Created. :slight_smile: I’ve also left the config files alone, however, you might be wary of starting APF successfully… I’ve done it twice now and I’ve had to VPN in and fix it. I may be going to sleep soon :slight_smile:

9

This issue was resolved. The problem was that OffbeatAdam had his public interface on eth1, and APF, by default, only allows traffic on one interface. There’s a trusted interface directive, TIF="", a few lines down that needed to be set to eth1. I force re-installed the InterWorx APF RPM, set TIF=“eth1”, and then APF started up without problems.

Socheat