Page 1 of 2
iptables "stoped" on vestacp panel
Posted: Fri Mar 24, 2017 1:39 am
by coreXL
Hello, something is not right in my vestacp, I installed and everything is working normally without any problem, since I am monitoring the server and I realized that the IPTables service is stopped in the panel of vestacp.
Check image:
Try running the command on my server:
Other command:
Then I do not understand why in the vestacp panel it comes out as if I was stopped.
Some help?
Thanks!
Re: iptables "stoped" on vestacp panel
Posted: Sun Mar 26, 2017 9:14 pm
by lunameticcia
Uhmmm... I've noticed a strange behaviour using vnc. Stopping the "already" stopped iptables from vesta, I can connect with a vnc client on port 5901. Restarting iptables, from vesta and linux service command their state seems "stopped", but I can't connect with vnc... Adding rule for port 5901, I can connect.
I think iptables are running but vesta doesn't detect this. Maybe I'm in error...
Excuse my poor english, greetings from Italy.
Re: iptables "stoped" on vestacp panel
Posted: Wed Mar 29, 2017 7:24 pm
by Mark O Polo
My iptables have always shown as "stopped" in the vesta server services. A quick check however with Nmap shows the firewall is active and appears to be working fine. Changes I make and save with the firewall options are correctly being implemented even though service is listed as "stopped". From what i can gather it is really running...
My install is on a Debian 8 config. Vesta Release 0.9.8-17
Probably needs to have a "bug" fix request made.
Re: iptables "stoped" on vestacp panel
Posted: Wed Apr 12, 2017 5:51 pm
by Mark O Polo
I need to clarify my last post, looking closer my iptables is running as the options listed are "configure, stop, or restart". This does imply it is running (otherwise the start option would theoretically be available).
However in my case the Uptime always stays at 0 minutes which gives the appearance of it not working/stopped.
Does anyone have any suggestions how to start the "Uptime ticker".
Deb 8
Release 0.9.8-17
I can start a new thread if that is more appropriate as well...
Re: iptables "stoped" on vestacp panel
Posted: Sun Aug 13, 2017 5:29 pm
by pdomain
Similar is case with me on a VPS.
Below is the result of command
Result
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-VESTA tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8083
fail2ban-MAIL tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587,2525,110,995,143,993
fail2ban-SSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 84.201.37.57 0.0.0.0/0
ACCEPT all -- 127.0.0.1 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 20,21,12000:12100
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587,2525
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 110,995
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 143,993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 3306,5432
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8083
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-MAIL (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-SSH (1 references)
target prot opt source destination
REJECT all -- 116.31.116.45 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-VESTA (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain vesta (0 references)
target prot opt source destination
However Dashboard is blank with 0 Rules & 0 minutes uptime
I have tried all commands below
Code: Select all
v-stop-service iptables
v-start-service iptables
/usr/local/vesta/bin/v-start-service iptables
service iptables stop
service iptables start
service iptables restart
I have also recreated the below files :
/usr/local/vesta/data/firewall/rules.conf
/usr/local/vesta/data/firewall/ports.conf
But sitaution is same.
However on my other VPS with VestaCP all rules are showing in Dashboad.
Thanks in advance to any one who can helps.
Re: iptables "stoped" on vestacp panel
Posted: Fri Aug 18, 2017 2:20 pm
by Mark O Polo
Just to further document..
My VestaCP is still displaying all rules in the Firewall Dashboard. I can also do all firewall configuration from the dash which seems to be working great. Just the iptables issue (no uptime minutes displayed) persists in the server dash.
@pdomain, did you do anything different between your two VPS machines or config setups. Debian 8 on both?
Do you have the same issue as mine on both, plus the firewall rules missing just on 1 out of 2?
Re: iptables "stoped" on vestacp panel
Posted: Tue Nov 13, 2018 2:18 pm
by cosmicx
Welcome to the club!
I'm experiencing similar case with "pdomain". VPS is on DO, running Ubuntu 18.04, VestaCP 0.9.8-23
Re: iptables "stoped" on vestacp panel
Posted: Thu Dec 27, 2018 12:27 pm
by peterb
Any solutions for this?
I am running centos 7, it's now December 2018.
Exact same issue.
iptables shows 0 time, when all other services are fine.
Re: iptables "stoped" on vestacp panel
Posted: Thu Jun 06, 2019 1:37 pm
by pabbae
peterb wrote: ↑Thu Dec 27, 2018 12:27 pm
Any solutions for this?
I am running centos 7, it's now December 2018.
Exact same issue.
iptables shows 0 time, when all other services are fine.
Same issue here. Did you solve it?
Check file /usr/local/vesta/data/firewall/rules.conf and check if the first line of the file is empty. In that case, remove that line, save the file and restart the service.
Re: iptables "stoped" on vestacp panel
Posted: Thu Jun 06, 2019 5:44 pm
by RFlintstone
Same issue here, I thought it was running but apparently it's not.
'service iptables status' or 'service iptable status' says the service is dead.
Code: Select all
● iptables.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
Found this out later:
iptable.service and iptables.service isn't found.
Code: Select all
Failed to start iptables.service: Unity iptables.service not found.