DA, CSF & Xen

open4biz

Verified User
Joined
Mar 22, 2009
Messages
120
Hi All,

I am running CentOS 5.5 x86_64 (latest kernel) on a Xen based Cloud VPS from Enzu.com. The control panel is DirectAdmin v1.38.4.

There seems to be a problem with CSF v5.32, as the server keeps becoming unreachable when it is running. In my hosts console, if I see a port scan block come across, I cannot reach the host via DirectAdmin (2222), SSH (custom port) or http (80).

It even hangs in testing mode.

I have followed the advice here: http://forum.configserver.com/viewtopic.php?f=6&t=212

I added all the modules to my iptables config.

(Although I did not do anything with the information on numiptent, as that seemed specific to Virtuozzo).

Here is the result from csftest.pl:

[root /]# /etc/csf/csftest .pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK

RESULT: csf should function on this server


So everything looks like it *should* be working, but it's not. Any ideas how to get my server, and DirectAdmin, working with CSF / LFD?

Are there any dependencies I should be aware of? Perhaps there's a log I somewhere I could check, to see what's going wrong?

I've read some places that I might need to recompile my kernel with something (although I have no idea how to do that).

Thank you very much, in advance, for any help!

Ansel
 
Last edited:
I think you're more likely to find support in the firewall vendor's forum, or from your hosting company.

Jeff
 
No one's writing me back there. :(

Usually the DA forum provides the best anaswer, anyway. :)

Thanks,

Ansel
 
Hi Arieh,

I checked the logs after recreating the situation and there were no good indicators as to what the problem is (or are). They show me restarting CSF and then stopping it after I can't reach the server through the normal routes.

Thank you for your reply. :)

Ansel
 
Okay, my host figured out what the problem was. Here's their fix:

"We remapped the iptables interface to /usr/sbin as the sym link was broken."

I hope this helps someone else.

Regards,

Ansel
 
Back
Top