Quick Deployment: DA K.I.S.S. Firewall, DA DDoS Deflate, DA BFD, CSF+LFD Installer

[verruckt]

Littleoak

Is it Monday yet?

Looking to get my server setup tonight if possible. Thnx.

 

[littleoak]

Yes, all of the downloads should be available. Which one are you unable to download?

 

[blackmetal]

i install kiss my firewall on openvz vps but when i want start kiss my firewall 2.2 it says :

eth0: error fetching interface information: Device not found
Could not determine MAIN_IP. Firewall script aborted!

what should i do for sovle it?

 

[littleoak]

Yes, as it says in the first post you must use the ./installvps.sh script if you're on a VPS. You can fix this by:

/usr/local/sbin/kiss stop
rm -f /usr/local/sbin/kiss
wget -q -O /usr/local/sbin/kiss http://www.oakdns.net/downloads/kiss-DA-VPS
chmod 0700 /usr/local/sbin/kiss
/usr/local/sbin/kiss start

 

[sky]

Hello

I have tryd this, and i get this error :

Creating cron to start KISS with server reboot...
Nobaloney Internet Services DA-KISS Firewall has been installed.
Starting DA-KISS Firewall
Could not determine MAIN_IP. Firewall script aborted!

Im not on a vps, its a normal dedicated server.
How can i change the MAIn_IP problem ?

Thx,
Sky

 

[sky]

I changed the line 69 with the principal IP from the server, but i still get errors :

Opening /proc/modules: No such file or directory
Since the ip_tables, xt_state, and/or xt_multiport modules do not exist, KISS can not function. Firewall script aborted!

I'll wait a bit for kiss

 

[dlong500]

I changed the line 69 with the principal IP from the server, but i still get errors :

Opening /proc/modules: No such file or directory
Since the ip_tables, xt_state, and/or xt_multiport modules do not exist, KISS can not function. Firewall script aborted!

I'll wait a bit for kiss

It looks like you don't have iptables installed (or some part of it has become corrupted), which is of course required because KISS is only a frontend to iptables. What OS do you have and how did you install it?

 

[sky]

I dont have iptables i think then.

Os : fedora 6, maybe 7.

Ill try to install iptables and retry..

Thx,
Sky

 

[dlong500]

possible bug in your csf.conf file

littleoak, I was going through the settings in the csf.conf file after installing it using your Quick Deployment CSF script and noticed the following:

# Enable IP range blocking using the Spamhaus DROP List at
# http://www.spamhaus.org/drop/index.lasso
# To enable this feature, set the following to the interval in seconds that you
# want the block list updated. The list is reasonably static during the length
# of a day, so it would be appropriate to only update once every 24 hours, so
# a value of "86400" is recommended
LF_SPAMHAUS = "1"

Shouldn't LF_SPAMHAUS be set to 86400 as the comments indicate? It looks like now it would be set to check for updates to the Spamhaus DROP list every second!

 

[nobaloney]

sky,

Search for those missing modules:

# locate ip_tables
# locate xt_state
# locate xt_multiport

And post what you get.

Jeff

 

[littleoak]

littleoak, I was going through the settings in the csf.conf file after installing it using your Quick Deployment CSF script and noticed the following:

The CSF script is out of date. I will have an updated version in a month or so when I have more time to work with it.

 

[donkeyKICK]

Anyone have a solution to the MAIN_IP problem? I too am getting that error.

 

[chasjs]

KISS seems to be blocking FTP connections. Whenever I start KISS I cannot connect via FTP. This is true for both passive and active ftp. We can log in but we cannot get a directory listing. I am sure this is the port issue with FTP...Yes we have all the standard FTP ports open.

We had no problem running kiss under FC 4 but have been unable to run it since we upgraded to FC 8.
Would there be some corrupted or missing module that would cause this?

Please help.

 

[littleoak]

There may be. However, I am not familiar enough with the KISS script to say for sure. I'll let Jeff chime in.

In the mean time I recommend you use the APF firewall.

 

[chasjs]

As a follow up... I ran

modprobe ip_conntrack_ftp and then started KISS and FTP is working.

How can I get it so ip_conntrack_ftp is loaded automatically?

Thanks,

Chuck

 

[nobaloney]

Kiss should check that and report an error and not run if it's missing. From where did you get the version of kiss that didn't do that? My recollection is that once you run modprobe once you don't have to do it again; I may be wrong.

If I'm wrong, then install it in the rc.local file immediately before you run kiss.

(You do have kiss run at startup from that file, don't you?)

Jeff

 

[chasjs]

Kiss should check that and report an error and not run if it's missing. From where did you get the version of kiss that didn't do that? My recollection is that once you run modprobe once you don't have to do it again; I may be wrong.

If I'm wrong, then install it in the rc.local file immediately before you run kiss.

(You do have kiss run at startup from that file, don't you?)

Jeff

I loaded Kiss from the instructions at the beginning of this thread. I downloaded it several months ago after we did a server upgrade. Kiss is set to run at startup. I received no error when starting KISS.

I got the clue from searching through some of the posts here about ip_conntrack_ftp and passive ftp. When I did a google search I found someone who said they had to run modprobe on their server to get their shorewall firewall to work. I suspect that Fedora Core 8 is not loading that module by default and FC 4 was that is why the problem did not occur before the server upgrade.

 

[smtalk]

CSF plugin for DA has been released: http://www.directadmin.com/forum/showthread.php?t=29807

 

[littleoak]

Our installation script has been removed since there is now official support.

 

[nobaloney]

Our installation script has been removed since there is now official support.

Am I confused? A plugin is not quite the same as official support.

Jeff