We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
HELP! IPTABLE Block ALL DNS Lookup
-
- Posts: 28
- Joined: Sun Nov 15, 2015 1:36 pm
HELP! IPTABLE Block ALL DNS Lookup
Hi All, i need a little help.
I create VM from proxmox and fresh install vestacp lasted version.
The Problem is that after finish install. I cannot "ping google.com"
It's seem resove domain doesn't work.
I config on /etc/resolv.conf
which it's has nameserver 8.8.8.8 already
when i stop iptable. It's back to normal and can ping google.com
when restart iptable its got some error like this
It's seem normal but i cannot resolve any domain. Cannot do wget, curl to connecting the outside with domain
Can anyone has a suggestion for this issue??
For the previous vesta version didn't have this issue before.
I create VM from proxmox and fresh install vestacp lasted version.
The Problem is that after finish install. I cannot "ping google.com"
It's seem resove domain doesn't work.
I config on /etc/resolv.conf
which it's has nameserver 8.8.8.8 already
when i stop iptable. It's back to normal and can ping google.com
when restart iptable its got some error like this
Code: Select all
[root@KHost02]# /etc/init.d/iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: iptable_filter iptable_filter[FAILED]es
iptables: Applying firewall rules: FATAL: Could not load /lib/modules/4.10.17-4-pve/modules.dep: No such file or directory [ OK ]
Can anyone has a suggestion for this issue??
For the previous vesta version didn't have this issue before.
Re: HELP! IPTABLE Block ALL DNS Lookup
Hi,
What version of OS and virtual system on your server ?
What version of OS and virtual system on your server ?
-
- Posts: 28
- Joined: Sun Nov 15, 2015 1:36 pm
Re: HELP! IPTABLE Block ALL DNS Lookup
I using Proxmox Lasted Versionimperio wrote:Hi,
What version of OS and virtual system on your server ?
VM install with Centos 6.9
The Previous Vesta Version Install with no any problem on same Proxmox systems.
I think It's have problem with somethings on firewall or iptables config.
Addition Information
i had open port 53 on both INPUT OUTPUT ALL ACCEPT.
Event check open port53 with nmap. Result is that port53 still open.
But i don't know why cannot do DNS lookup untill i command . "/etc/init.d/iptables stop"
It's will be back to normal. Any suggestion for this issue ??
-
- Posts: 28
- Joined: Sun Nov 15, 2015 1:36 pm
Re: HELP! IPTABLE Block ALL DNS Lookup
It's seem i found the solution with add something on config follow this link below
https://bitbucket.org/lowendguide/scrip ... ?at=master
This will be to run custom.sh every times when you restart iptable or firewalls
It's temporary work. But it's not a good solution.
To Vesta Teams, Please resolve this issue.
I thinks this issue is a bit big Problems
If any suggest which better this way please let me know.
https://bitbucket.org/lowendguide/scrip ... ?at=master
This will be to run custom.sh every times when you restart iptable or firewalls
It's temporary work. But it's not a good solution.
To Vesta Teams, Please resolve this issue.
I thinks this issue is a bit big Problems
If any suggest which better this way please let me know.
Re: HELP! IPTABLE Block ALL DNS Lookup
We will check it
-
- Posts: 28
- Joined: Sun Nov 15, 2015 1:36 pm
Re: HELP! IPTABLE Block ALL DNS Lookup
Thank you..imperio wrote:We will check it
If this issue resolved, please let me know how to re-config the right ways.
-
- Posts: 28
- Joined: Sun Nov 15, 2015 1:36 pm
Re: HELP! IPTABLE Block ALL DNS Lookup
I have found some clue. Hope it would help vestacp teams to find-out the solution.
I think it's iptables problem on CHAIN-MAIL from fail2ban-MAIL rules.
When I restart iptables or check iptable status as the code below...
I think it's iptables problem on CHAIN-MAIL from fail2ban-MAIL rules.
When I restart iptables or check iptable status as the code below...
Code: Select all
[root@K-Host02 ~]# /etc/init.d/iptables status
Table: filter
Chain INPUT (policy DROP)
num target prot opt source destination
1 fail2ban-MAIL tcp -- 0.0.0.0/0 0.0.0.0/0 FATAL: Could not load /lib/modules/4.10.17-4-pve/modules.dep: No such file or directory
multiport dports 25,465,587,2525,110,995,143,993
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: HELP! IPTABLE Block ALL DNS Lookup
Yes I think its a confilicting IP tables rule.
I would try to delete one line at a time from then reload IPTables after each one to check if it works.
I would try to delete one line at a time from
Code: Select all
/usr/local/vesta/data/firewall/rules.conf
-
- Posts: 28
- Joined: Sun Nov 15, 2015 1:36 pm
Re: HELP! IPTABLE Block ALL DNS Lookup
While I am try to install on new server
I notice this error
I notice this error
Code: Select all
Complete!
iptables: Unloading modules: iptable_nat iptable_mangle iptable_security iptable_raw iptable_filter iptable_nat iptable_mangle iptable_security iptable_raw iptable_filter ip_tables [FAILED]
--2017-12-18 05:09:53-- http://c.vestacp.com/rhel/6/sudo/admin
Resolving c.vestacp.com... 104.236.66.100
Connecting to c.vestacp.com|104.236.66.100|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 204 [text/plain]
Saving to: `/etc/sudoers.d/admin'
100%[============================================================================================================>] 204 --.-K/s in 0s
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: HELP! IPTABLE Block ALL DNS Lookup
I don't use CentOS at all so can't really help but that error can be a problem.
Can you check with CentOS 7 or Debian/Ubuntu ?
It can also be a problem with a pre-built template, can you try changing it ?
Can you check with CentOS 7 or Debian/Ubuntu ?
It can also be a problem with a pre-built template, can you try changing it ?