Hi, I installed ispconfig 3 in a multi site environment. Everything - expect mail - is on the main server. On a second server the mail service is enabled. I used the debian 6 multisite tutorial - but am using debian 8. Now I recognised, that on the mailserver the bastille firewall seems not to be installed. I don't find the /etc/Bastille folder and no init-script in /etc/init.d Is there any way to post install the firewall? Or is it not necessary to have a firewall on a mail only server? Kind regards!!!
Did you answer 'y' during ispconfig installation to configure the firewall? You might run through a Perfect Server tutorial for debian 8 and make sure you have all the right packages installed. IIRC, the preference is to just 'apt-get install ufw' and use ufw firewall now, not the old bastille firewall script.
Hi Jesse, thanx for your reply. Thought, that I checked the conf FW on install ... Anything to keep in mind after post installing ufw?
Hi, I now installed ufw. But it seems, that ispconfig can still not use it. I tried to do an update install and recognised, that I can't reconfigure firewall!!! <code> Reconfigure Services? (yes,no) [yes]: Configuring Postfix Configuring Jailkit Configuring Dovecot Configuring Spamassassin Configuring Amavisd Configuring Getmail Configuring Database Updating ISPConfig Reconfigure Crontab? (yes,no) [yes]: </code> So it seems that I missed something during installation. How can I reinstall the firewall service on a running system? Is it possible?
Take a look in the /usr/local/ispconfig/server/plugins-enabled/ folder to see if there is a symlink to the firewall plugin in /usr/local/ispconfig/server/plugins-available/ folder.
Hi Till, it wasn't! Now I set a soft link in plugins-enabled to the firewal-plugin. But this seems not to change anything. I again tried to reconfigure the services using php -q update.php - but the service can't be reconfigured. The server is a mail only server which I installed in expert mode. I rechecked if the bastille folders / files are added to the mail server - but they aren't.
The service dont has to be reconfigured as there is no configuration needed for UFW. You just have t install the ufw package of the OS and the firewall plugin has to be enabled. If you added the firewall record while the firewall plugin was not there, delete it in ispconfig and add it again.
Great - it works now!!! I needed to enable the ufw manually using "ufw enable". Afterwards I removed and recreated the firewall entry in ispconfig. Thanx!!! For others as reference: If the firewall service is not activated on one of your machines do the following: 1. Install ufw firewall 2. enable ufw firewall (ufw enable) 3. link /usr/local/ispconfig/server/plugins-available/firewall_plugin.inc.php to /usr/local/ispconfig/server/plugins-enabled/ cd /usr/local/ispconfig/server/plugins-enabled/ ln -s /usr/local/ispconfig/server/plugins-available/firewall_plugin.inc.php ./firewall_plugin.inc.php 4. create firewall record for server in ispconifg (or remove and create a new one if already existing) 5. check on "new" server if everything is fine: ufw status
