Posted by nurahost, 12-15-2013, 01:06 AM I just installed CSF firewall for my VPS. When I enable CSF my all of domains are not working. When I stop CSF all website working again. Please give me a solution for this issue.
Posted by Server Management, 12-15-2013, 01:09 AM Which ports are open in the firewall?
Posted by Johnny Cache, 12-15-2013, 01:12 AM Would help to know whether the appropriate kernel modules are loaded on the VPS as well. # ./etc/csf/csftest.pl
Posted by nixtree, 12-15-2013, 01:43 AM When you say websites are not working, are they showing "time out" error? If so, port 80 is supposed to be closed. But that is rather strange, because CSF default installation keeps it open ( until you customize TCP_IN parameters ). As stated, check the modules are loaded fine. If that is fine, it must be your configuration error. Provide us the error message you get so that someone here can provide you some useful advice.
Posted by nurahost, 12-15-2013, 01:55 AM Fallowing ports are open 20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096 20,21,22,25,37,43,53,80,110,113,443,587,873,2086,2087,2089,2703
Posted by nurahost, 12-15-2013, 01:58 AM Last edited by nurahost; 12-15-2013 at 02:02 AM.
Posted by nixtree, 12-15-2013, 02:34 AM Are you using a VPS backed with OpenVZ technology? If so, ask your provider to load all iptables kernel modules to get CSF working fine on your VPS. That will fix the above errors ( make sure to disable testing mode of CSF as well ) and restart CSF; see how it goes.
Posted by nurahost, 12-15-2013, 02:49 AM Yes its OpenVZ . I'm the owner of main node. Please tell me how to load IPtables kernel modules .
Posted by nixtree, 12-15-2013, 02:54 AM Try this - http://piyecarane.wordpress.com/2009...nvz-container/
Posted by nurahost, 12-15-2013, 03:16 AM Do I need to replace the existing one with fallowing code or do I need to Edit IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ip_tables ipt_conntrack ip_conntrack_ftp ipt_LOG ipt_owner"
Posted by nixtree, 12-15-2013, 03:26 AM You can follow the exact instructions and that will let you to load all necessary modules to "all" VMs.
Posted by nurahost, 12-15-2013, 03:36 AM Hey now everything is ok. Now my firewall is up and running. Actually you are a server wizard. A very talented guy. I saw you gave so many answers for lots of threads. Thank you very much for you support.
Posted by nixtree, 12-15-2013, 04:30 AM Glad to hear everything is working now and thank you very much for your kind words