Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th October 2011, 17:07
themark themark is offline
Member
 
Join Date: May 2011
Posts: 98
Thanks: 3
Thanked 3 Times in 3 Posts
Default Problem on Bastille firewall with CentOS 6.0 and ispconfig 3.0.3.3

Hi there,

today we have a strange problem with bastille firewall onto CentOs 6.0 with ispconfig 3.0.3.3

Firewall look not working, and if we try to change some setting on the firewall setting page from the ispconfig control panel we receive the following errors:

"""""""""
/sbin/bastille-ipchains: line 228: /sbin/ipchains: No such file or directory
/sbin/bastille-ipchains: line 230: /sbin/ipchains: No such file or directory
/sbin/bastille-ipchains: line 232: /sbin/ipchains: No such file or directory
[...many more...]
/sbin/bastille-ipchains: line 600: /sbin/ipchains: No such file or directory
/sbin/bastille-ipchains: line 600: /sbin/ipchains: No such file or directory
/sbin/bastille-ipchains: line 600: /sbin/ipchains: No such file or directory
/sbin/bastille-ipchains: line 600: /sbin/ipchains: No such file or directory
finished.
"""""""""

We have followed your perfect server installation, but we think that ipchains it's pretty old...so it's normal that on the CentOs 6.0 isn't installed...

Someone has some hint on how we can solve?
Thank you.
Reply With Quote
Sponsored Links
  #2  
Old 17th October 2011, 20:18
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,651 Times in 4,461 Posts
Default

The firwall tries to use ipchains as fallback only if iptables is not installed on your server. Please post the output of:

which iptables
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 18th October 2011, 11:04
themark themark is offline
Member
 
Join Date: May 2011
Posts: 98
Thanks: 3
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by till View Post
The firwall tries to use ipchains as fallback only if iptables is not installed on your server. Please post the output of:

which iptables
on this server iptables is installed:

[~]# rpm -qa |grep iptables
iptables-1.4.7-3.el6.x86_64
iptables-devel-1.4.7-3.el6.x86_64
iptables-ipv6-1.4.7-3.el6.x86_64

[~]# which iptables
/sbin/iptables
Reply With Quote
  #4  
Old 18th October 2011, 11:11
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,651 Times in 4,461 Posts
Default

Ok, that good. Please post the output of:

iptables -L

and where exactly did you see the errors that you posted above?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 18th October 2011, 11:29
themark themark is offline
Member
 
Join Date: May 2011
Posts: 98
Thanks: 3
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by till View Post
Ok, that good. Please post the output of:

iptables -L

and where exactly did you see the errors that you posted above?
I love comunicate good news

The output is:

"""""""""""""""""""""""""""""""""""""""""""""""""" """""""""""""""""""""""""""""""""""""""""""""""""" """
[~]# /sbin/iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain PUB_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request

Chain PUB_OUT (0 references)
target prot opt source destination
REJECT icmp -- anywhere anywhere icmp destination-unreachable reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere icmp time-exceeded reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere

Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
"""""""""""""""""""""""""""""""""""""""""""""""""" """""""""""""""""""""""""""""""""""""""""""""""""" """

The errors that we have reported before, was just after a modify of some firwall rules, for example:

- login into the control panel admin;
- add a port on the firewall;
- save;
- run manually the script /usr/local/ispconfig/server/server.sh;
- the output of the script it's what we have reported before;

Thank you
Reply With Quote
  #6  
Old 19th October 2011, 13:57
themark themark is offline
Member
 
Join Date: May 2011
Posts: 98
Thanks: 3
Thanked 3 Times in 3 Posts
 
Default

ok solved.

The problem was that the startup script of bastille made a check of the kernel installed (with uname...etcetc).

Control that the kernel is newer than 2.3...but the awk syntax used it's ok onlt for all kernel from 2.3 to 2.9

If you have (like me) a kernel newer than 2.9 (like the brand new 3.0 kernel...) the startup script not start netfilter....

Change on /etc/rc.d/init.d/bastille-firewall on row (85 or 86...)
the if statement.

[FROM] if [ -n "$(uname -r | awk -F. ' $1 == 2 && $2 > 2 {print}')" ]; then
[TO] if [ -n "$(uname -r | awk -F. ' $1 == 3 {print}')" ]; then

next i had to save the configuration on sysconfig/iptables (on centos) with the command:

/sbin/service iptables save

just before the last case statement on this same script..

Hope it usefull..
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SquirrelMail login not working glenneh Installation/Configuration 13 9th April 2011 21:01
Problem installing ISPConfig 2 on Centos altaibskt Installation/Configuration 5 26th July 2009 12:31
some problem after installing perfect server setup for centos 5.3 and ispconfig 3 cobro Installation/Configuration 12 16th July 2009 22:45
The Perfect Server CENTOS 5.3 - ISPConfig 2 - Email Problem aaurel1an Installation/Configuration 1 2nd July 2009 15:28
Centos 5 ISPConfig Installation Problem Akie Installation/Configuration 11 11th July 2008 12:48


All times are GMT +2. The time now is 02:33.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.