Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

HELP! IPTABLE Block ALL DNS Lookup

https://forum.vestacp.com/viewtopic.php?f=40&t=15745

Page 1 of 1

HELP! IPTABLE Block ALL DNS Lookup

Posted: Fri Dec 15, 2017 9:20 am
by chaiyuttochai
Hi All, i need a little help.

I create VM from proxmox and fresh install vestacp lasted version.
The Problem is that after finish install. I cannot "ping google.com"
It's seem resove domain doesn't work.

I config on /etc/resolv.conf
which it's has nameserver 8.8.8.8 already

when i stop iptable. It's back to normal and can ping google.com
when restart iptable its got some error like this

Code: Select all

[root@KHost02]# /etc/init.d/iptables restart
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:  iptable_filter iptable_filter[FAILED]es
iptables: Applying firewall rules: FATAL: Could not load /lib/modules/4.10.17-4-pve/modules.dep: No such file or directory [  OK  ]
It's seem normal but i cannot resolve any domain. Cannot do wget, curl to connecting the outside with domain

Can anyone has a suggestion for this issue??
For the previous vesta version didn't have this issue before.

Re: HELP! IPTABLE Block ALL DNS Lookup

Posted: Fri Dec 15, 2017 2:32 pm
by imperio
Hi,
What version of OS and virtual system on your server ?

Re: HELP! IPTABLE Block ALL DNS Lookup

Posted: Fri Dec 15, 2017 5:59 pm
by chaiyuttochai
imperio wrote:Hi,
What version of OS and virtual system on your server ?
I using Proxmox Lasted Version
VM install with Centos 6.9

The Previous Vesta Version Install with no any problem on same Proxmox systems.
I think It's have problem with somethings on firewall or iptables config.

Addition Information
i had open port 53 on both INPUT OUTPUT ALL ACCEPT.
Event check open port53 with nmap. Result is that port53 still open.

But i don't know why cannot do DNS lookup untill i command . "/etc/init.d/iptables stop"
It's will be back to normal. Any suggestion for this issue ??

Re: HELP! IPTABLE Block ALL DNS Lookup

Posted: Fri Dec 15, 2017 6:50 pm
by chaiyuttochai
It's seem i found the solution with add something on config follow this link below

https://bitbucket.org/lowendguide/scrip ... ?at=master
This will be to run custom.sh every times when you restart iptable or firewalls

It's temporary work. But it's not a good solution.
To Vesta Teams, Please resolve this issue.
I thinks this issue is a bit big Problems

If any suggest which better this way please let me know.

Re: HELP! IPTABLE Block ALL DNS Lookup

Posted: Fri Dec 15, 2017 6:53 pm
by imperio
We will check it

Re: HELP! IPTABLE Block ALL DNS Lookup

Posted: Fri Dec 15, 2017 7:06 pm
by chaiyuttochai
imperio wrote:We will check it
Thank you..
If this issue resolved, please let me know how to re-config the right ways.

Re: HELP! IPTABLE Block ALL DNS Lookup

Posted: Sat Dec 16, 2017 6:23 am
by chaiyuttochai
I have found some clue. Hope it would help vestacp teams to find-out the solution.
I think it's iptables problem on CHAIN-MAIL from fail2ban-MAIL rules.

When I restart iptables or check iptable status as the code below...

Code: Select all

[root@K-Host02 ~]# /etc/init.d/iptables status
Table: filter
Chain INPUT (policy DROP)
num  target     prot opt source               destination         
1    fail2ban-MAIL  tcp  --  0.0.0.0/0            0.0.0.0/0           FATAL: Could not load /lib/modules/4.10.17-4-pve/modules.dep: No such file or directory
multiport dports 25,465,587,2525,110,995,143,993

Re: HELP! IPTABLE Block ALL DNS Lookup

Posted: Sat Dec 16, 2017 7:38 am
by mehargags
Yes I think its a confilicting IP tables rule.
I would try to delete one line at a time from

Code: Select all

/usr/local/vesta/data/firewall/rules.conf
then reload IPTables after each one to check if it works.

Re: HELP! IPTABLE Block ALL DNS Lookup

Posted: Mon Dec 18, 2017 10:11 am
by chaiyuttochai
While I am try to install on new server

I notice this error

Code: Select all

Complete!
iptables: Unloading modules:  iptable_nat iptable_mangle iptable_security iptable_raw iptable_filter iptable_nat iptable_mangle iptable_security iptable_raw iptable_filter ip_tables                            [FAILED]
--2017-12-18 05:09:53--  http://c.vestacp.com/rhel/6/sudo/admin
Resolving c.vestacp.com... 104.236.66.100
Connecting to c.vestacp.com|104.236.66.100|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 204 [text/plain]
Saving to: `/etc/sudoers.d/admin'

100%[============================================================================================================>] 204         --.-K/s   in 0s

Re: HELP! IPTABLE Block ALL DNS Lookup

Posted: Mon Dec 18, 2017 4:35 pm
by mehargags
I don't use CentOS at all so can't really help but that error can be a problem.
Can you check with CentOS 7 or Debian/Ubuntu ?
It can also be a problem with a pre-built template, can you try changing it ?
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/