Portal Home > Knowledgebase > Articles Database > APF Firewall Problem!


APF Firewall Problem!




Posted by EU_CASSIUS, 12-21-2008, 09:09 PM
APF Firewall Problem! Hello, I install and configure apf firewall on my VPS and i have a problem. The port 80 is open, my website it`s up and working but i can`t download anything. Logs: [root@HERA ~]# wget ***/test.zip --02:03:49-- ***/test.zip Resolving ***... 67.148.95.11 Connecting to ***|67.148.95.11|:80... He`s stack and not working. Why? It is any person who can help and tell me what`s the problem. Thank you!

Posted by woods01, 12-21-2008, 10:40 PM
Did you try just disabling the firewall to see if you can download the file? Can you perhaps post a link of a software download where you don't block out the url so we know the site your trying to d/l from isn't down? __________________ James Paul Woods Operations Manager HostKitty Internet Services

Posted by EU_CASSIUS, 12-21-2008, 10:49 PM
I disableing the apf firewall and i can download. When the firewall is on i can`t download but i don`t know why because i setup the 80 port open, when the firewall is off i can download. :| Thank you!

Posted by ISPserver, 12-21-2008, 11:32 PM
You cant download only locale? and from browser you site work? __________________MiniVDS.com - Extremely low costs at small VPS (Linux and FreeBSD)ISPsystem - Offers a flexible and affordable hosting solution

Posted by Steven, 12-22-2008, 01:42 AM
Is port 80 open in both the EGRESS rules and the INGRESS rules? __________________Steven CiaburriSystem Administration ExtraordinaireCompetent Linux Server Management from Rack911

Posted by EU_CASSIUS, 12-22-2008, 08:41 AM
I setup port 80 open only to INGRESS rules. EGRESS rules is disable.

Posted by Saul V, 12-22-2008, 09:04 AM
Quote: Originally Posted by EU_CASSIUS I setup port 80 open only to INGRESS rules. EGRESS rules is disable. Add port 80 into EG_TCP_CPORTS and restart apf, which will fix your wget download issue.

Posted by woods01, 12-22-2008, 02:41 PM
should try csf EU_CASSIUS, may I suggest CSF (ConfigServer Firewall?) It offers a nice user interface through webmin or cpanel. Heres a link http://www.configserver.com/cp/csf.html When we install configserver firewall the software comes opening the default ports used so that you don't install a firewall and lock yourself out or run into problems you are having. Take a look at it, it's free. __________________ James Paul Woods Operations Manager HostKitty Internet Services

Posted by Host3000, 12-22-2008, 04:15 PM
If you just want some easy handling for IPtables, CSF is a bit of a large package. APF works fine and if you don't need more than that, why use a truckload full of tricks. __________________SuperRacks Ltd European HostingWe serve you with custom servicesVisit our website or ask for a custom quoteQuality linux and Windows hosting, servers and collocation

Posted by whmcsguru, 12-23-2008, 12:25 AM
CSF isn't a "large package", and does much more than APF could. I'd definitely recommend CSF over APF and counterparts any day of the week. __________________Linux Tech Networks: Reliable Server Administration and Monitoring since 2002VBulletin Development: VBulletin customizations, development, hosting and leased licenses

Posted by Host3000, 12-23-2008, 04:44 AM
Quote: Originally Posted by linux-tech and does much more than APF could. You just confirmed my remark. __________________SuperRacks Ltd European HostingWe serve you with custom servicesVisit our website or ask for a custom quoteQuality linux and Windows hosting, servers and collocation

Posted by whmcsguru, 12-23-2008, 04:52 AM
Quote: Originally Posted by Host3000 You just confirmed my remark. Let me put it another way then: If you want a product that is constantly ignored and abandoned by the author, go with APF. If you want something that is updated and provides PROPER protection with an easily configured setup, go with CSF. Ryan has had multiple times where he's just abandoned the project for months on end, despite users claiming the product doesn't work. Sure, it's free, but as a developer, you're responsible for maintaining the application and keeping it up to date. APF was great, up until about 2, 3 years ago when CSF started showing up. Now, it's obsolete. Any more, you don't need just an iptables interface, you need something that works, something for EVERYTHING, and you don't need to be configuring 20 different files to do it. You want something that works out of the box (on everything BUT a VPS)? Go with CSF __________________Linux Tech Networks: Reliable Server Administration and Monitoring since 2002VBulletin Development: VBulletin customizations, development, hosting and leased licenses



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
solidrack resellers? (Views: 560)