patch for firewall config to fix HTTP 500 on fresh install Topic is solved
-
executioner
- Posts: 1
- Joined: Sat Oct 25, 2014 1:40 pm
patch for firewall config to fix HTTP 500 on fresh install
The following patch properly allows all traffic on the local loopback interface. Out of the box, vestacp's iptables configuration blocks nginx from communicating with apache via 127.0.0.1:8080. The fix is to add the following rule
-I INPUT -p all -i lo -j ACCEPT
The patch addresses the rule meant to allow loopback traffic on the localhost. It replaces '-A -s 127.0.0.1' with '-I -p all -i lo'. This allows all protocols (TCP,UDP,ICMP) into the loopback interface and it inserts the rule into the beginning of the ruleset.
This applies to # Vesta Ubuntu installer v.04
--- v-update-firewall 2014-10-23 14:16:12.000000000 +0000
+++ add-loopback 2014-10-25 14:06:31.134818335 +0000
@@ -92,7 +92,7 @@
for ip in $(ls $VESTA/data/ips); do
echo "$iptables -A INPUT -s $ip -j ACCEPT" >> $tmp
done
-echo "$iptables -A INPUT -s 127.0.0.1 -j ACCEPT" >> $tmp
+echo "$iptables -I INPUT -p all -i lo -j ACCEPT" >> $tmp
IFS=$'\n'
for p_rule in $(cat $ports); do
eval $p_rule
-I INPUT -p all -i lo -j ACCEPT
The patch addresses the rule meant to allow loopback traffic on the localhost. It replaces '-A -s 127.0.0.1' with '-I -p all -i lo'. This allows all protocols (TCP,UDP,ICMP) into the loopback interface and it inserts the rule into the beginning of the ruleset.
This applies to # Vesta Ubuntu installer v.04
--- v-update-firewall 2014-10-23 14:16:12.000000000 +0000
+++ add-loopback 2014-10-25 14:06:31.134818335 +0000
@@ -92,7 +92,7 @@
for ip in $(ls $VESTA/data/ips); do
echo "$iptables -A INPUT -s $ip -j ACCEPT" >> $tmp
done
-echo "$iptables -A INPUT -s 127.0.0.1 -j ACCEPT" >> $tmp
+echo "$iptables -I INPUT -p all -i lo -j ACCEPT" >> $tmp
IFS=$'\n'
for p_rule in $(cat $ports); do
eval $p_rule
Re: patch for firewall config to fix HTTP 500 on fresh insta
Already fixed on fresh installationfix HTTP 500 on fresh install