johnchristy

Active Member
Mar 7, 2014
28
0
1
cPanel Access Level
Root Administrator
Hi guys

I already posted this n CSF forum but didnt get any reply.

I'm using Centos 5.10 with latest CSF installed. Yesterday I did some changes from UI. I only changed SU/SSH login alerts set to root and it was working great for like 6 hours. Today when I saw my mail box I got around 50 mails with this

===
lfd failed @ Wed Mar 26 06:55:41 2014. A restart was attempted automagically.
===

Then I quickly checked few things, but I was getting these errors :

>> tail /var/log/lfd.log

===
centos *Error* LF_DAEMON not enabled in /etc/csf/csf.conf, at line 70
===

iptables

===
Error: (iptables binary location) does not exist!, at line 41
===

So I had to contact my host and they said iptables crashed and they stopped iptables and I was able to SSH again. So what I did was I re-installed CSF.

But now When i start iptables I'm getting

===
[email protected][~/csf]# service csf start
Starting csf:iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
===

When I checked /etc/sysconfig/iptables it shows last line

==
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
==

Should I remove this line? Again started to getting this same LFD alerts. So I stopped LFD for now.


I need some help here to narrow down this issue

Thank you in advance

Additional detail : now when I start csf, my httpd going down

Outage reason: name lookup timed out

if I stop csf then httpd is up
 

rhenderson

Well-Known Member
Apr 21, 2005
785
2
168
Oklahoma
cPanel Access Level
Root Administrator
I am NOT a IPTables expert AT ALL, but since no one responded I thoguht i would at least tell you that I don't have it in mine and from a quick Google search it doesn't look very productive, but someone else might chime in on that part, but above that do you have the accept lines, like

-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

Also is this on a VPS? I know by setting up a bunch of servers we use fro VPS's that we always have to do extra configurations on IPTables to get everything in CSF to work.