Page 1 of 1
HELP! IPTABLE Block ALL DNS Lookup
Posted: Fri Dec 15, 2017 9:20 am
by chaiyuttochai
Hi All, i need a little help.
I create VM from proxmox and fresh install vestacp lasted version.
The Problem is that after finish install. I cannot "ping google.com"
It's seem resove domain doesn't work.
I config on /etc/resolv.conf
which it's has nameserver 8.8.8.8 already
when i stop iptable. It's back to normal and can ping google.com
when restart iptable its got some error like this
Code: Select all
[root@KHost02]# /etc/init.d/iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: iptable_filter iptable_filter[FAILED]es
iptables: Applying firewall rules: FATAL: Could not load /lib/modules/4.10.17-4-pve/modules.dep: No such file or directory [ OK ]
It's seem normal but i cannot resolve any domain. Cannot do wget, curl to connecting the outside with domain
Can anyone has a suggestion for this issue??
For the previous vesta version didn't have this issue before.
Re: HELP! IPTABLE Block ALL DNS Lookup
Posted: Fri Dec 15, 2017 2:32 pm
by imperio
Hi,
What version of OS and virtual system on your server ?
Re: HELP! IPTABLE Block ALL DNS Lookup
Posted: Fri Dec 15, 2017 5:59 pm
by chaiyuttochai
imperio wrote:Hi,
What version of OS and virtual system on your server ?
I using Proxmox Lasted Version
VM install with Centos 6.9
The Previous Vesta Version Install with no any problem on same Proxmox systems.
I think It's have problem with somethings on firewall or iptables config.
Addition Information
i had open port 53 on both INPUT OUTPUT ALL ACCEPT.
Event check open port53 with nmap. Result is that port53 still open.
But i don't know why cannot do DNS lookup untill i command . "/etc/init.d/iptables stop"
It's will be back to normal. Any suggestion for this issue ??
Re: HELP! IPTABLE Block ALL DNS Lookup
Posted: Fri Dec 15, 2017 6:50 pm
by chaiyuttochai
It's seem i found the solution with add something on config follow this link below
https://bitbucket.org/lowendguide/scrip ... ?at=master
This will be to run custom.sh every times when you restart iptable or firewalls
It's temporary work. But it's not a good solution.
To Vesta Teams, Please resolve this issue.
I thinks this issue is a bit big Problems
If any suggest which better this way please let me know.
Re: HELP! IPTABLE Block ALL DNS Lookup
Posted: Fri Dec 15, 2017 6:53 pm
by imperio
We will check it
Re: HELP! IPTABLE Block ALL DNS Lookup
Posted: Fri Dec 15, 2017 7:06 pm
by chaiyuttochai
imperio wrote:We will check it
Thank you..
If this issue resolved, please let me know how to re-config the right ways.
Re: HELP! IPTABLE Block ALL DNS Lookup
Posted: Sat Dec 16, 2017 6:23 am
by chaiyuttochai
I have found some clue. Hope it would help vestacp teams to find-out the solution.
I think it's iptables problem on CHAIN-MAIL from fail2ban-MAIL rules.
When I restart iptables or check iptable status as the code below...
Code: Select all
[root@K-Host02 ~]# /etc/init.d/iptables status
Table: filter
Chain INPUT (policy DROP)
num target prot opt source destination
1 fail2ban-MAIL tcp -- 0.0.0.0/0 0.0.0.0/0 FATAL: Could not load /lib/modules/4.10.17-4-pve/modules.dep: No such file or directory
multiport dports 25,465,587,2525,110,995,143,993
Re: HELP! IPTABLE Block ALL DNS Lookup
Posted: Sat Dec 16, 2017 7:38 am
by mehargags
Yes I think its a confilicting IP tables rule.
I would try to
delete one line at a time from
Code: Select all
/usr/local/vesta/data/firewall/rules.conf
then reload IPTables after each one to check if it works.
Re: HELP! IPTABLE Block ALL DNS Lookup
Posted: Mon Dec 18, 2017 10:11 am
by chaiyuttochai
While I am try to install on new server
I notice this error
Code: Select all
Complete!
iptables: Unloading modules: iptable_nat iptable_mangle iptable_security iptable_raw iptable_filter iptable_nat iptable_mangle iptable_security iptable_raw iptable_filter ip_tables [FAILED]
--2017-12-18 05:09:53-- http://c.vestacp.com/rhel/6/sudo/admin
Resolving c.vestacp.com... 104.236.66.100
Connecting to c.vestacp.com|104.236.66.100|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 204 [text/plain]
Saving to: `/etc/sudoers.d/admin'
100%[============================================================================================================>] 204 --.-K/s in 0s
Re: HELP! IPTABLE Block ALL DNS Lookup
Posted: Mon Dec 18, 2017 4:35 pm
by mehargags
I don't use CentOS at all so can't really help but that error can be a problem.
Can you check with CentOS 7 or Debian/Ubuntu ?
It can also be a problem with a pre-built template, can you try changing it ?