On Sep 26, 2016, at 8:27 AM, Armin Tüting <armin.tuet...@tueting-online.com> wrote:
> On Mo, 2016-09-26 at 07:56 -0500, Lonnie Abelbeck wrote: >> Armin, > Lonnie, > > thanks for your quick turnaround! > >> The only thing I can think of that would effect external interface >> routing is if the Network tab -> Failover Interface: was enabled. I >> presume yours is [ none ] ? > Yes, it is! > >> Do you have the "adaptive-ban" plugin enabled ? Possibly a SIP >> misconfiguration is causing an upstream IP to be quickly banned ? > Yes, I'll have that plugin enabled. No, as I'm having an issue coming > from IFLAN - I'm afraid. > >> I can't imagine the AIF function setup_kernel_settings() is causing a >> problem, I have four different flavors of AstLinux boxes on my lab >> bench with the configuration you are describing working great. > Yes it does :) I've commented out this call from main_start and > main_restart and everything is working - ping, ssh, etc. :) > >> Any more clues on your configuration beyond the defaults would be >> useful at this point, like and any user.conf entries, firewall >> plugins enabled, etc. . > user.conf does have the "normal" stuff from AstLinux.org! No > additional FW rule! > ssh-brute-force, sip-user-agent, ids-protection and adaptive-ban > plugins are enabled! > > BTW - do I need to change the firewall.conf? Or are the settings being > pulled in from 'rc.conf'? > >> What is your hardware, if not listed here: Generic x86 Boards and >> Appliances, what is your hardware and NIC's ? > I'm using APU1C from PCengines in x64 mode! > > Regards, > Armin. 1) When I spoke of "user.conf" I meant the file /mnt/kd/rc.conf.d/user.conf which does not have anything enabled by default. 2) If you are editing the AIF "/usr/sbin/arno-iptables-firewall" script all bets are off, please -- rm /oldroot/mnt/asturw/usr/sbin/arno-iptables-firewall -- or -- rm -r /oldroot/mnt/asturw/usr/ -- to clean that up. 3) To test, disable the ssh-brute-force, ids-protection and adaptive-ban plugins and restart the firewall to start at the base configuration. > BTW - do I need to change the firewall.conf? Or are the settings being > pulled in from 'rc.conf'? You never need to edit the /mnt/kd/arno-iptables-firewall/firewall.conf file, use your /mnt/kd/rc.conf.d/user.conf file in the rare case when you need to override any special firewall.conf variable. Lonnie ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
