We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
DNS lookup doesn't work after update
DNS lookup doesn't work after update
Hi everybody! It is seems that after update of Vesta CP, DNS lookup doesn't work anymore. Probably Iptables blocks all DNS outer requests from system (CentOS 6). As result Wordpress can't update plugins, some tools doesn't work:
If I ping an IP - all is Ok:
This is certainly connected with rules in Iptables. If I switch Iptables off, everything works as supposed. Below is rules, which was qualified as "stateless" by some engineers at other forums:
As I newbie in Linux systems, could you please give me an advice - what command needed to unblock DNS requests. Many thanks in advance.
Additionally my /etc/resolv.conf has below content (I already tried different configs here and restarted server):
Code: Select all
/etc/sysconfig$ ping -c 1 api.wordpress.org
ping: unknown host api.wordpress.org
Code: Select all
/etc/sysconfig$ ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=60 time=0.272 ms
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.272/0.272/0.272/0.000 ms
Code: Select all
/etc/sysconfig$ iptables -L -n -v
Chain INPUT (policy DROP 9 packets, 1033 bytes)
pkts bytes target prot opt in out source destination
305 2334K ACCEPT all -- * * 212.******* 0.0.0.0/0
0 0 ACCEPT all -- * * 127.0.0.1 0.0.0.0/0
51 8156 ACCEPT tcp -- * * 87.****** 0.0.0.0/0 multiport dports 22,3978
188 13015 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587,2525
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 110,995
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 3306,5432
10 453 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8083
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 728 packets, 2833K bytes)
pkts bytes target prot opt in out source destination
Chain vesta (0 references)
pkts bytes target prot opt in out source destination
Additionally my /etc/resolv.conf has below content (I already tried different configs here and restarted server):
Code: Select all
# Generated by NetworkManager
search uaservers.net
options timeout:3 attempts:3
nameserver 8.8.8.8
DNS1=8.8.8.8
DNS2=8.8.4.4
Re: DNS lookup doesn't work after update
Sorry, this solution doesn't work. Moreover it is connected with WHOIS protocol (port 43), but I need resolve problem with DNS (port 53) . Now I looking for way how to permit outgoing DNS connections.
Re: DNS lookup doesn't work after update
It is seems that I found command for outer DNS requests
But it is erased each time as I restart iptables. Is there any possibility in VestaCP firewall rules add OUTGOING rules or prohibit erasing outgoing rules from iptables?
Code: Select all
iptables -I INPUT 3 --proto udp --sport 53 -j ACCEPT
Re: DNS lookup doesn't work after update
Same question is it posible to save rules permanently?
Re: DNS lookup doesn't work after update
Did you try iptables-save ?