The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IP Tables configuration

Discussion in 'General Discussion' started by monkey64, Aug 21, 2012.

  1. monkey64

    monkey64 Well-Known Member

    Joined:
    Nov 6, 2011
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I am trying to install CSF Firewall and I have an IP Tables config error when I try to turn on CSF:

    Code:
    iptables: Unknown error 4294967295
    ACCEPT  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:25 OWNER UID match 0 
    Error: iptables command [/sbin/iptables -v -I OUTPUT -p tcp --dport 25 -m owner --uid-owner 0 -j ACCEPT] failed, at line 552
    
    Googling "Unknown error 4294967295", gives me a wide range of possible fixes involving the --numiptent variable, or this post which goes way over my head.

    It looks as though IP Tables is not configured correctly and I need to add some modules.
    I did try this:

    Code:
    /etc$ modprobe ipt_conntrack
    FATAL: Could not load /lib/modules/2.6.39.4-x1/modules.dep: No such file or directory
    
    But I got an error.
    Any ideas?
     
    #1 monkey64, Aug 21, 2012
    Last edited: Aug 21, 2012
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,481
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  3. monkey64

    monkey64 Well-Known Member

    Joined:
    Nov 6, 2011
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Tearing my hair out with this one!
    To check that Iptables is actually installed, on my Centos 5 VPS, I run this, and it looks like it is:

    Code:
    rpm -q iptables
    iptables-1.3.5-9.1.el5
    
    To check if iptables is actually running, I run the following, but get an error:

    Code:
    lsmod | grep ip_tables
    Opening /proc/modules: No such file or directory
    
    And quite correctly, there isn't a "/proc/modules" folder. Am I running the wrong command?
    To add the modules to iptables, I added the following entry to my /etc/sysconfig/iptables-config and rebooted the server:

    Code:
    IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle  ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ip_conntrack_ftp ipt_conntrack ip_tables  ip_conntrack_netbios_ns"
    
    It doesn't seem to have worked. What is the correct way to add modules to Iptables? :confused:
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Are you on a dedicated machine or a VPS machine? You cannot add modules if it is a VPS machine such as Virtuozzo or OpenVZ.
     
  5. monkey64

    monkey64 Well-Known Member

    Joined:
    Nov 6, 2011
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Tristan

    I'm on a VPS running Centos 5. No idea whether it is Virtuozzo or OpenVZ though.
    That's a shame because it doesn't look like I can get CSF Firewall to work.
    Oh well thanks anyway.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,481
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Have you read this document?
    http://www.configserver.com/free/csf/install.txt
     
  7. monkey64

    monkey64 Well-Known Member

    Joined:
    Nov 6, 2011
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Tristan

    Thanks for the post.
    Yes I have read the document and the problems begin when I run the Perl test script "perl /etc/csf/csftest.pl". The output script gives me the following:

    Code:
    Testing ip_tables/iptable_filter...OK
    Testing ipt_LOG...OK
    Testing ipt_multiport/xt_multiport...OK
    Testing ipt_REJECT...OK
    Testing ipt_state/xt_state...OK
    Testing ipt_limit/xt_limit...OK
    Testing ipt_recent...OK
    Testing xt_connlimit...FAILED [Error: iptables: Unknown error 4294967295] - Required for CONNLIMIT feature
    Testing ipt_owner/xt_owner...FAILED [Error: iptables: Unknown error 4294967295] - Required for SMTP_BLOCK and UID/GID blocking features
    Testing iptable_nat/ipt_REDIRECT...OK
    Testing iptable_nat/ipt_DNAT...OK
    
    I can't start csf at all because of the iptables error, which leads me back to my first post.
    You say that "You cannot add modules if it is a VPS machine", so I can't move forward because it looks like the modules are not being loaded.

    Unless you know of another way...
     
  8. monkey64

    monkey64 Well-Known Member

    Joined:
    Nov 6, 2011
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Tristan

    I don't beleive it.
    I tried one again to install CSF as I had done many times before and it worked!
    So the IPtables Unknown error 4294967295 was a red herring.
    Thanks for your help. I wish I understood why it words now.
     
  9. revendai

    revendai Registered

    Joined:
    Sep 23, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    RJ
    cPanel Access Level:
    Root Administrator
    Helo error on start iptables

    iptables v1.3.5: can't initialize iptables table `filter': No chain/target/match by that name
    Perhaps iptables or your kernel needs to be upgraded.
     
  10. pwhjenny

    pwhjenny Well-Known Member

    Joined:
    Aug 31, 2012
    Messages:
    135
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    You need to contact your host in order to get required Iptable modules installed in your VPS. After that you can install csf.
     
  11. monkey64

    monkey64 Well-Known Member

    Joined:
    Nov 6, 2011
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Just a quick followup to my original post.

    My issue was that I was trying to select a Firewall Security Level which could not be supported with the limited amount of IP Tables modules. Because I did not have xt_connlimit and ipt_owner/xt_owner modules, I could only run the Firewall on its LOW setting. Took a while to figure that out...

    I would reccommend ConfigServer Security & Firewall to everyone who is serious about server security.
     
  12. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    462
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I hope this URL will help for how to add /http://forum.parallels.com/showthread.php?t=114991 on the hardware node. But better to consult with your hosting provider before you try this.
     
Loading...

Share This Page