On Mo, 2016-09-26 at 09:12 -0500, Lonnie Abelbeck wrote: > On Sep 26, 2016, at 8:27 AM, Armin Tüting <armin.tueting@tueting-onli > ne.com> wrote: > > > > > On Mo, 2016-09-26 at 07:56 -0500, Lonnie Abelbeck wrote: > > > > > > Armin, > > Lonnie, > > > > thanks for your quick turnaround! > > > > > > > > The only thing I can think of that would effect external > > > interface > > > routing is if the Network tab -> Failover Interface: was > > > enabled. I > > > presume yours is [ none ] ? > > Yes, it is! > > > > > > > > Do you have the "adaptive-ban" plugin enabled ? Possibly a SIP > > > misconfiguration is causing an upstream IP to be quickly banned ? > > Yes, I'll have that plugin enabled. No, as I'm having an issue > > coming > > from IFLAN - I'm afraid. > > > > > > > > I can't imagine the AIF function setup_kernel_settings() is > > > causing a > > > problem, I have four different flavors of AstLinux boxes on my > > > lab > > > bench with the configuration you are describing working great. > > Yes it does :) I've commented out this call from main_start and > > main_restart and everything is working - ping, ssh, etc. :) > > > > > > > > Any more clues on your configuration beyond the defaults would be > > > useful at this point, like and any user.conf entries, firewall > > > plugins enabled, etc. . > > user.conf does have the "normal" stuff from AstLinux.org! No > > additional FW rule! > > ssh-brute-force, sip-user-agent, ids-protection and adaptive-ban > > plugins are enabled! > > > > BTW - do I need to change the firewall.conf? Or are the settings > > being > > pulled in from 'rc.conf'? > > > > > > > > What is your hardware, if not listed here: Generic x86 Boards and > > > Appliances, what is your hardware and NIC's ? > > I'm using APU1C from PCengines in x64 mode! > > > > Regards, > > Armin. > > 1) When I spoke of "user.conf" I meant the file > /mnt/kd/rc.conf.d/user.conf which does not have anything enabled by > default. > > 2) If you are editing the AIF "/usr/sbin/arno-iptables-firewall" > script all bets are off, please > -- > rm /oldroot/mnt/asturw/usr/sbin/arno-iptables-firewall > -- > or > -- > rm -r /oldroot/mnt/asturw/usr/ > -- > to clean that up. > > 3) To test, disable the ssh-brute-force, ids-protection and adaptive- > ban plugins and restart the firewall to start at the base > configuration. > > > > > BTW - do I need to change the firewall.conf? Or are the settings > > being > > pulled in from 'rc.conf'? > > You never need to edit the /mnt/kd/arno-iptables- > firewall/firewall.conf file, use your /mnt/kd/rc.conf.d/user.conf > file in the rare case when you need to override any special > firewall.conf variable.
BTW - I've assigned a static RFC 1918 address (192.168.0.0/16) to EXTIF and INTIF. Could this be the root cause of my issue? > > Lonnie > > > > > ------------------------------------------------------------------- > ----------- > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to p > ay...@krisk.org. -- Armin Tüting --- PGP-KeyID: 0xD0F0E6C2 +49-6185-898685 --- eMail: armin.tuet...@tueting-online.com ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
