(Dec 29) New version 0.9.8-18 has been released

HELP! IPTABLE Block ALL DNS Lookup

RHEL/CentOS related topics
Forum rules
Before creating a new topic or reply on the forum you should fill out additional fields "Os" and "Web" in your profile section.
In case of violation, the topic can be closed or response from the support will not be received.
chaiyuttochai
Posts: 27
Joined: Sun Nov 15, 2015 1:36 pm

HELP! IPTABLE Block ALL DNS Lookup

Postby chaiyuttochai » Fri Dec 15, 2017 9:20 am

Hi All, i need a little help.

I create VM from proxmox and fresh install vestacp lasted version.
The Problem is that after finish install. I cannot "ping google.com"
It's seem resove domain doesn't work.

I config on /etc/resolv.conf
which it's has nameserver 8.8.8.8 already

when i stop iptable. It's back to normal and can ping google.com
when restart iptable its got some error like this

Code: Select all

[root@KHost02]# /etc/init.d/iptables restart
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:  iptable_filter iptable_filter[FAILED]es
iptables: Applying firewall rules: FATAL: Could not load /lib/modules/4.10.17-4-pve/modules.dep: No such file or directory [  OK  ]


It's seem normal but i cannot resolve any domain. Cannot do wget, curl to connecting the outside with domain

Can anyone has a suggestion for this issue??
For the previous vesta version didn't have this issue before.

imperio
VestaCP Team
Posts: 5786
Joined: Sat Dec 01, 2012 12:37 pm
Contact:

Re: HELP! IPTABLE Block ALL DNS Lookup

Postby imperio » Fri Dec 15, 2017 2:32 pm

Hi,
What version of OS and virtual system on your server ?
-> DigitalOcean competition - please, support us
-> fix for phpmyadmin - nice and sweet now

chaiyuttochai
Posts: 27
Joined: Sun Nov 15, 2015 1:36 pm

Re: HELP! IPTABLE Block ALL DNS Lookup

Postby chaiyuttochai » Fri Dec 15, 2017 5:59 pm

imperio wrote:Hi,
What version of OS and virtual system on your server ?


I using Proxmox Lasted Version
VM install with Centos 6.9

The Previous Vesta Version Install with no any problem on same Proxmox systems.
I think It's have problem with somethings on firewall or iptables config.

Addition Information
i had open port 53 on both INPUT OUTPUT ALL ACCEPT.
Event check open port53 with nmap. Result is that port53 still open.

But i don't know why cannot do DNS lookup untill i command . "/etc/init.d/iptables stop"
It's will be back to normal. Any suggestion for this issue ??

chaiyuttochai
Posts: 27
Joined: Sun Nov 15, 2015 1:36 pm

Re: HELP! IPTABLE Block ALL DNS Lookup

Postby chaiyuttochai » Fri Dec 15, 2017 6:50 pm

It's seem i found the solution with add something on config follow this link below

https://bitbucket.org/lowendguide/scripts/src/06cc2250855e/VestaCP%20firewall%20custom%20script/?at=master
This will be to run custom.sh every times when you restart iptable or firewalls

It's temporary work. But it's not a good solution.
To Vesta Teams, Please resolve this issue.
I thinks this issue is a bit big Problems

If any suggest which better this way please let me know.

imperio
VestaCP Team
Posts: 5786
Joined: Sat Dec 01, 2012 12:37 pm
Contact:

Re: HELP! IPTABLE Block ALL DNS Lookup

Postby imperio » Fri Dec 15, 2017 6:53 pm

We will check it
-> DigitalOcean competition - please, support us
-> fix for phpmyadmin - nice and sweet now

chaiyuttochai
Posts: 27
Joined: Sun Nov 15, 2015 1:36 pm

Re: HELP! IPTABLE Block ALL DNS Lookup

Postby chaiyuttochai » Fri Dec 15, 2017 7:06 pm

imperio wrote:We will check it


Thank you..
If this issue resolved, please let me know how to re-config the right ways.

chaiyuttochai
Posts: 27
Joined: Sun Nov 15, 2015 1:36 pm

Re: HELP! IPTABLE Block ALL DNS Lookup

Postby chaiyuttochai » Sat Dec 16, 2017 6:23 am

I have found some clue. Hope it would help vestacp teams to find-out the solution.
I think it's iptables problem on CHAIN-MAIL from fail2ban-MAIL rules.

When I restart iptables or check iptable status as the code below...

Code: Select all

[root@K-Host02 ~]# /etc/init.d/iptables status
Table: filter
Chain INPUT (policy DROP)
num  target     prot opt source               destination         
1    fail2ban-MAIL  tcp  --  0.0.0.0/0            0.0.0.0/0           FATAL: Could not load /lib/modules/4.10.17-4-pve/modules.dep: No such file or directory
multiport dports 25,465,587,2525,110,995,143,993

mehargags
Moderators
Posts: 897
Joined: Sat Sep 06, 2014 9:58 pm
Contact:

Re: HELP! IPTABLE Block ALL DNS Lookup

Postby mehargags » Sat Dec 16, 2017 7:38 am

Yes I think its a confilicting IP tables rule.
I would try to delete one line at a time from

Code: Select all

/usr/local/vesta/data/firewall/rules.conf
then reload IPTables after each one to check if it works.

chaiyuttochai
Posts: 27
Joined: Sun Nov 15, 2015 1:36 pm

Re: HELP! IPTABLE Block ALL DNS Lookup

Postby chaiyuttochai » Mon Dec 18, 2017 10:11 am

While I am try to install on new server

I notice this error

Code: Select all

Complete!
iptables: Unloading modules:  iptable_nat iptable_mangle iptable_security iptable_raw iptable_filter iptable_nat iptable_mangle iptable_security iptable_raw iptable_filter ip_tables                            [FAILED]
--2017-12-18 05:09:53--  http://c.vestacp.com/rhel/6/sudo/admin
Resolving c.vestacp.com... 104.236.66.100
Connecting to c.vestacp.com|104.236.66.100|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 204 [text/plain]
Saving to: `/etc/sudoers.d/admin'

100%[============================================================================================================>] 204         --.-K/s   in 0s

mehargags
Moderators
Posts: 897
Joined: Sat Sep 06, 2014 9:58 pm
Contact:

Re: HELP! IPTABLE Block ALL DNS Lookup

Postby mehargags » Mon Dec 18, 2017 4:35 pm

I don't use CentOS at all so can't really help but that error can be a problem.
Can you check with CentOS 7 or Debian/Ubuntu ?
It can also be a problem with a pre-built template, can you try changing it ?


Return to “RHEL/CentOS”



Who is online

Users browsing this forum: No registered users and 1 guest

cron