patch for firewall config to fix HTTP 500 on fresh install
Posted: Sun Oct 26, 2014 1:59 am
The following patch properly allows all traffic on the local loopback interface. Out of the box, vestacp's iptables configuration blocks nginx from communicating with apache via 127.0.0.1:8080. The fix is to add the following rule
-I INPUT -p all -i lo -j ACCEPT
The patch addresses the rule meant to allow loopback traffic on the localhost. It replaces '-A -s 127.0.0.1' with '-I -p all -i lo'. This allows all protocols (TCP,UDP,ICMP) into the loopback interface and it inserts the rule into the beginning of the ruleset.
This applies to # Vesta Ubuntu installer v.04
--- v-update-firewall 2014-10-23 14:16:12.000000000 +0000
+++ add-loopback 2014-10-25 14:06:31.134818335 +0000
@@ -92,7 +92,7 @@
for ip in $(ls $VESTA/data/ips); do
echo "$iptables -A INPUT -s $ip -j ACCEPT" >> $tmp
done
-echo "$iptables -A INPUT -s 127.0.0.1 -j ACCEPT" >> $tmp
+echo "$iptables -I INPUT -p all -i lo -j ACCEPT" >> $tmp
IFS=$'\n'
for p_rule in $(cat $ports); do
eval $p_rule
-I INPUT -p all -i lo -j ACCEPT
The patch addresses the rule meant to allow loopback traffic on the localhost. It replaces '-A -s 127.0.0.1' with '-I -p all -i lo'. This allows all protocols (TCP,UDP,ICMP) into the loopback interface and it inserts the rule into the beginning of the ruleset.
This applies to # Vesta Ubuntu installer v.04
--- v-update-firewall 2014-10-23 14:16:12.000000000 +0000
+++ add-loopback 2014-10-25 14:06:31.134818335 +0000
@@ -92,7 +92,7 @@
for ip in $(ls $VESTA/data/ips); do
echo "$iptables -A INPUT -s $ip -j ACCEPT" >> $tmp
done
-echo "$iptables -A INPUT -s 127.0.0.1 -j ACCEPT" >> $tmp
+echo "$iptables -I INPUT -p all -i lo -j ACCEPT" >> $tmp
IFS=$'\n'
for p_rule in $(cat $ports); do
eval $p_rule