iptables stopped after installed

[edica]

I installed Vesta, but iptables does not start. What can it be?
VPS Centos 7.6

[dreiggy]

First check if iptables are installed:

Code: Select all

yum list installed | grep iptables

You too may check this:

Code: Select all

systemctl status iptables.service -l

[edica]

Gave this:

iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Qui 2019-04-18 23:05:21 UTC; 9min ago
Main PID: 159 (code=exited, status=1/FAILURE)

Abr 18 23:05:21 testhost iptables.init[159]: iptables: Applying firewall rules: iptables-restore: line 14 failed
Abr 18 23:05:21 testhost iptables.init[159]: [FAILED]

[dreiggy]

Try to flush iptables rules: sudo iptables -F
And then restart iptables.

More info:
https://www.cyberciti.biz/tips/linux-ip ... rules.html

[edica]

I was able to activate the iptables service. But iptables in Vesta is stopped.

[dreiggy]

Check if fail2ban is running:

Code: Select all

service fail2ban status

[edica]

service fail2ban status :

Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: active (running) since Sex 2019-04-26 13:10:32 BRT; 42s ago
Docs: man:fail2ban(1)
Process: 554 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=0/SUCCESS)
Process: 527 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 705 (fail2ban-server)
CGroup: /system.slice/fail2ban.service
└─705 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban....

Abr 26 13:07:43 testhost fail2ban-client[2861]: 2019-04-26 13:07:43,444 fail2ban.server [2862]: INFO St...0.9.7
Abr 26 13:07:43 testhost fail2ban-client[2861]: 2019-04-26 13:07:43,445 fail2ban.server [2862]: INFO St... mode
Abr 26 13:09:55 testhost fail2ban-client[6464]: Shutdown successful
Abr 26 13:10:30 testhost fail2ban-client[554]: 2019-04-26 13:10:30,347 fail2ban.server [666]: INFO Star...0.9.7
Abr 26 13:10:30 testhost fail2ban-client[554]: 2019-04-26 13:10:30,348 fail2ban.server [666]: INFO Star... mode
Hint: Some lines were ellipsized, use -l to show in full.

[edica]

Vesta installation of this problem:

Note: Forwarding request to 'systemctl enable iptables.service'.
Note: Forwarding request to 'systemctl disable iptables.service'.
Removed symlink /etc/systemd/system/basic.target.wants/iptables.service.
Note: Forwarding request to 'systemctl enable iptables.service'.
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
Note: Forwarding request to 'systemctl disable iptables.service'.
Removed symlink /etc/systemd/system/basic.target.wants/iptables.service.
Note: Forwarding request to 'systemctl enable iptables.service'.
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
Note: Forwarding request to 'systemctl disable iptables.service'.
Removed symlink /etc/systemd/system/basic.target.wants/iptables.service.

[ro0t]

I was on a UBUNTU 18.04. made a fresh install and the IPTABLES wasn't starting, no mater what...
So i tried to see by vesta commands:

Code: Select all

source /etc/profile  ##to enable the use the vesta commands
PATH=$PATH:/usr/local/vesta/bin && export PATH ##to enable the use the vesta commands
v-update-firewall
/usr/local/vesta/bin/v-update-firewall: line 161: /sbin/iptables-save: No such file or directory

So i see the configurations on the backend and realized it should have a config file... but could not find.

Then i did:

Code: Select all

sudo apt-get remove --purge iptable*

And got these results:

Code: Select all

Note, selecting 'iptables-converter-doc' for glob 'iptables*'
Note, selecting 'iptables' for glob 'iptables*'
Note, selecting 'iptables-optimizer-doc' for glob 'iptables*'
Note, selecting 'iptables-converter' for glob 'iptables*'
Note, selecting 'iptables-persistent' for glob 'iptables*'
Note, selecting 'iptables-nftables-compat' for glob 'iptables*'
Note, selecting 'iptables-optimizer' for glob 'iptables*'
Note, selecting 'iptables-dev' for glob 'iptables*'
Package 'iptables' is not installed, so not removed
Package 'iptables-dev' is not installed, so not removed
Package 'iptables-converter' is not installed, so not removed
Package 'iptables-converter-doc' is not installed, so not removed
Package 'iptables-nftables-compat' is not installed, so not removed
Package 'iptables-optimizer' is not installed, so not removed
Package 'iptables-optimizer-doc' is not installed, so not removed
Package 'iptables-persistent' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 9 not upgraded.

I saw "Package 'iptables' is not installed, so not removed" and thought.. wth...
Just to confirm...i tried to find and list the ipteables.

Code: Select all

#whereis iptables
#iptables: /etc/iptables.rules
#nano /etc/iptables.rules  ##was empty
#systemctl status iptables.service -l
Unit iptables.service could not be found.
#service fail2ban status
Unit fail2ban.service could not be found.

To fix i did this:

Code: Select all

sudo apt install iptables fail2ban

SOLVED







-----------------------

Got a new problem, or it already was there idk, after fix the iptables i realized it.
On phpMYadmin after create a new db, on the login webpage, got this msg:

Code: Select all

OpenSSL error: error:0909006C:PEM routines:get_name:no start line

To fix i did an upgrade from v4.6 to 5.2 (i just copied and paste all codes from this link):
https://devanswers.co/manually-upgrade-phpmyadmin/

Code: Select all

sudo rm -rf /usr/share/phpmyadmin.bak
sudo mv /usr/share/phpmyadmin/ /usr/share/phpmyadmin.bak
sudo mkdir /usr/share/phpmyadmin/
cd /usr/share/phpmyadmin/
sudo wget https://files.phpmyadmin.net/phpMyAdmin/5.2.0/phpMyAdmin-5.2.0-all-languages.tar.gz
sudo tar xzf phpMyAdmin-5.2.0-all-languages.tar.gz
sudo mv phpMyAdmin-5.2.0-all-languages/* /usr/share/phpmyadmin

Login to php to see if the version changed and see 2 new error msgs.
Fixing errors:
1- Blowfish error:

Code: Select all

sudo nano /usr/share/phpmyadmin/config.inc.php

Your file should look something like below. Generate your own 32-character blowfish secret and paste it below.

Code: Select all

?php
// use here a value of your choice 32 chars long
$cfg['blowfish_secret'] = 'PASTE__32__CHAR__BLOWFISH_SECRET';

$i=0;
$i++;
$cfg['Servers'][$i]['auth_type']     = 'cookie';

Save it!
SOLVED

2- $cfg[‘TempDir’] error:

Code: Select all

sudo mkdir /usr/share/phpmyadmin/tmp && sudo chmod 777 /usr/share/phpmyadmin/tmp

SOLVED

Cleanup everything:

Code: Select all

sudo rm /usr/share/phpmyadmin/phpMyAdmin-5.2.0-all-languages.tar.gz
sudo rm -rf /usr/share/phpmyadmin/phpMyAdmin-5.2.0-all-languages
sudo rm -rf /usr/share/phpmyadmin.bak

DONE

So i had to recreate, or follow some instructions (phpmyadmin botton page, after login) to go to operations and fix the storage, for the DB's works as it should.




-----------------------


After this had a problem on apt update command, did this to solve:

Code: Select all

nginx N: Skipping acquire of configured file 'nginx/binary-i386/Packages' as repository 'http://nginx.org/packages/mainline/ubuntu bionic InRelease' doesn't support architecture 'i386'

To fix i did:

Code: Select all

nano /etc/apt/sources.list.d/nginx.list

DELETE the old and added:

Code: Select all

deb [arch=amd64] http://nginx.org/packages/mainline/ubuntu/ bionic nginx
deb-src http://nginx.org/packages/mainline/ubuntu/ bionic nginx

Code: Select all

wget http://nginx.org/keys/nginx_signing.key

Code: Select all

apt-key add nginx_signing.key

Then everything got back working.

Code: Select all

apt update

SOLVED