Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 9th July 2010, 18:03
Agent_M Agent_M is offline
Junior Member
 
Join Date: Jul 2010
Location: Perth, Australia
Posts: 29
Thanks: 5
Thanked 3 Times in 3 Posts
Default Bastille Firewall needs to be started after every reboot

Hi all,

First the setup:
ISPConfig 3.0.2.2 ( with BIND, not mydns )
Ubuntu 10.04 64bit
Server is a VM

Firewall settings in ISPConfig:

Open TCP ports - 20,21,22,25,53,80,110,143,443,3306,8080,10000
Open UDP Ports - 53,3306

For some reason everytime I reboot the server I need to run /etc/init.d/bastille-firewall restart ( or just "start" ).

Before I restart it and after I have rebooted, web and email don't work ( haven't checked dns ) but I can ssh into it, so I assume port 22 is open but no others?

Any ideas why this might be?
Reply With Quote
Sponsored Links
  #2  
Old 10th July 2010, 11:42
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

Please run
Code:
update-rc.d bastille-firewall defaults
Bastille should then be started automatically at boot time.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 10th July 2010, 12:14
Agent_M Agent_M is offline
Junior Member
 
Join Date: Jul 2010
Location: Perth, Australia
Posts: 29
Thanks: 5
Thanked 3 Times in 3 Posts
Default

Code:
System start/stop links for /etc/init.d/bastille-firewall already exist.
Thanks falko,

Got the above ^ output, and then rebooted, and same thing.

ran "/etc/init.d/bastille-firewall status"

Code:
root@server1:~# /etc/init.d/bastille-firewall status
Chain INPUT (policy DROP 52 packets, 3443 bytes)
 pkts bytes target     prot opt in     out     source               destination 
   63  4704 fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 22
  111  7545 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0   
  328 36351 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            119.252.x.x      icmp type 255
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            119.252.x.x      tcp dpt:22

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 426 packets, 47188 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain fail2ban-ssh (1 references)
 pkts bytes target     prot opt in     out     source               destination 
   63  4704 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0


Then ran "/etc/init.d/bastille-firewall start".

Code:
root@server1:~# /etc/init.d/bastille-firewall start
WARNING: All config files need .conf: /etc/modprobe.d/vmware-tools, it will be ignored in a future release.
WARNING: All config files need .conf: /etc/modprobe.d/vmware-tools, it will be ignored in a future release.
WARNING: All config files need .conf: /etc/modprobe.d/vmware-tools, it will be ignored in a future release.
WARNING: All config files need .conf: /etc/modprobe.d/vmware-tools, it will be ignored in a future release.
Setting up IP spoofing protection... done.
Allowing traffic from trusted interfaces... done.
Setting up chains for public/internal interface traffic... done.
Setting up general rules... done.
Setting up outbound rules... done.
touch: cannot touch `/var/lock/subsys/bastille-firewall': No such file or directory


then ran "/etc/init.d/bastille-firewall status" again

Code:
root@server1:~# /etc/init.d/bastille-firewall status
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 DROP       tcp  --  !lo    *       0.0.0.0/0            127.0.0.0/8 
  420 65669 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
   11   660 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0   
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0   
   11   576 PUB_IN     all  --  eth+   *       0.0.0.0/0            0.0.0.0/0   
    0     0 PUB_IN     all  --  ppp+   *       0.0.0.0/0            0.0.0.0/0   
    0     0 PUB_IN     all  --  slip+  *       0.0.0.0/0            0.0.0.0/0   
    0     0 PUB_IN     all  --  venet+ *       0.0.0.0/0            0.0.0.0/0   
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   

Chain OUTPUT (policy ACCEPT 284 packets, 44685 bytes)
 pkts bytes target     prot opt in     out     source               destination 
  179 55487 PUB_OUT    all  --  *      eth+    0.0.0.0/0            0.0.0.0/0   
    0     0 PUB_OUT    all  --  *      ppp+    0.0.0.0/0            0.0.0.0/0   
    0     0 PUB_OUT    all  --  *      slip+   0.0.0.0/0            0.0.0.0/0   
    0     0 PUB_OUT    all  --  *      venet+  0.0.0.0/0            0.0.0.0/0   

Chain INT_IN (0 references)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   

Chain INT_OUT (0 references)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   

Chain PAROLE (12 references)
 pkts bytes target     prot opt in     out     source               destination 
    8   384 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   

Chain PUB_IN (4 references)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8
    0     0 PAROLE     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:20
    0     0 PAROLE     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21
    0     0 PAROLE     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22
    2    96 PAROLE     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25
    0     0 PAROLE     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53
    1    48 PAROLE     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80
    5   240 PAROLE     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:110
    0     0 PAROLE     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:143
    0     0 PAROLE     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443
    0     0 PAROLE     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:3306
    0     0 PAROLE     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8080
    0     0 PAROLE     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:10000
    3   192 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:3306
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   

Chain PUB_OUT (4 references)
 pkts bytes target     prot opt in     out     source               destination 
  177 53827 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   

Chain fail2ban-ssh (0 references)
 pkts bytes target     prot opt in     out     source               destination 
  316 26852 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
__________________
If it ain't broke, then take it apart to see what makes it so bloody special!!!
Reply With Quote
  #4  
Old 11th July 2010, 11:42
Agent_M Agent_M is offline
Junior Member
 
Join Date: Jul 2010
Location: Perth, Australia
Posts: 29
Thanks: 5
Thanked 3 Times in 3 Posts
Default

Anyone got any other ideas?
__________________
If it ain't broke, then take it apart to see what makes it so bloody special!!!
Reply With Quote
  #5  
Old 11th July 2010, 22:30
Agent_M Agent_M is offline
Junior Member
 
Join Date: Jul 2010
Location: Perth, Australia
Posts: 29
Thanks: 5
Thanked 3 Times in 3 Posts
 
Default

Solved!!! ( with a red face )

My VPS hosting provider builds the VM automatically with nothing more than SSH and a basic firewall......I had forgotten about their basic firewall ( I know I know...I'll put the dunce hat on in a sec ).

To stop their firewall from starting on boot I ran:

Code:
update-rc.d -f name-of-basic-firewall remove
and voila, works perfectly.

Thanks for ya help anyway falco....I'll be off to the corner now lol

__________________
If it ain't broke, then take it apart to see what makes it so bloody special!!!
Reply With Quote
The Following User Says Thank You to Agent_M For This Useful Post:
falko (11th July 2010)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall fails to start after reboot wpwood3 Installation/Configuration 3 23rd August 2010 14:17
Problem with bastille firewall on OVH RPS servers SupuS Installation/Configuration 12 3rd June 2010 16:20
Bastille Firewall problems itsnedkeren General 7 2nd May 2010 22:55
squirrelmail and postfix witoszek General 12 1st December 2009 18:07
Email: Login Error furiano Installation/Configuration 6 28th January 2009 02:39


All times are GMT +2. The time now is 22:07.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.