Issue Installing CSF

[Contemplator]

Hi,

I got the following error while installing CSF.

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: No chain/target/match by that name.] - Required for csf to function
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...FAILED [Error: iptables: No chain/target/match by that name.] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...FAILED [Error: iptables v1.4.14: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for MESSENGER feature
Testing iptable_nat/ipt_DNAT...FAILED [Error: iptables v1.4.14: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for csf.redirect feature

RESULT: csf will not function on this server due to FATAL errors from missing modules [1]

I have tried various root commands from other threads, like:

1. Issue in Installing csf in cPanel, by NaveenT20, Nov 16, 2015

   • # modprobe iptables_module
     FATAL: Module iptables_module not found.
     # lsmod
     Module                  Size  Used by
     # cd /etc/sysconfig/modules/
     [/etc/sysconfig/modules]# ls
     ./  ../
     #cat /proc/sys/net/ipv4/ip_forward
     0

2. replace centos 6.x iptables
   • Nothing Changed
3. Installation CSF Firewall on CentOS 5 and 6 - Knowledgebase
   • Nothing Changed after perl -MCPAN -e 'install Bundle::LWP' finished compiling

I also tried manually adding the modules in iptables-config, but it refused to start.
I also tried downloading the iptables (1.6.1, 1.4.20 and 1.4.14), ./configure, make and make install. Nothing changed.

/etc/centos-release:CentOS release 6.9 (Final)
/usr/local/cpanel/version:11.64.0.21
/var/cpanel/envtype:
Kernel Version : 2.6.32-042stab093.4

Note: Server is not OpenVZ (so vz commands do not exist)
Note: GoDaddy VPS (with default CentOS + CPanel)

The server holds several active email accounts, so reinstalling the OS and CPanel is not an option.

Thanks.

I also tried Iptables Basic Guide:

# cat /boot/config-2.6.32-042stab093.4 | grep -i "CONFIG_IP_NF"
cat: /boot/config-2.6.32-042stab093.4: No such file or directory
# rpm -qa | grep iptables
iptables-1.4.7-16.el6.x86_64
iptables-ipv6-1.4.7-16.el6.x86_64
# rpm -Uvh iptables-1.4.7-16.el6.x86_64.rpm
error: open of iptables-1.4.7-16.el6.x86_64.rpm failed: No such file or directory
# yum install iptables
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
 * cpanel-addons-production-feed: 104.219.172.10
 * base: centos-distro.cavecreek.net
 * extras: repos-lax.psychz.net
 * updates: dist1.800hosting.com
Package iptables-1.4.7-16.el6.x86_64 already installed and latest version
Nothing to do

 

[cPanelMichael]

Hello,

I recommend posting to the CSF support forums for help installing their software:

General Discussion (csf) - ConfigServer Community Forum

You may also want to reach out to your VPS hosting provider to see if they can help install the missing iptables modules from the hardware node.

Thank you.

 

[Contemplator]

I signed up on the CSF forum, and their welcome message is that they rarely check questions. So I asked here hoping to get an answer sooner. Thanks for your quick reply.

I will post the question on CSF and open the GoDaddy ticket.

 

[24x7server]

Hi,

It appears your VPS is not pushed with the required module. What is the Kernel version on your server. You said that it is not OpenVZ server. Please note, vz command only works on Node and not on the VPS inside it. I doubt that it is an OpenVZ VPS because in the command list you also searched something in /boot/*042stab093.4* and stab thing is always noted in the OpenVZ kernel.

What is the output of the below command in your VPS?
# uname -r
# ifconfig

Xen, KVM does not impose any such restriction, only OpenVZ does, so VPS has to be an OpenVZ container.

 

[Contemplator]

My system:

/version /var/cpanel/envtype ; grep CPANEL= /etc/cpupdate.conf
/etc/redhat-release:CentOS release 6.9 (Final)
/usr/local/cpanel/version:11.64.0.22
/var/cpanel/envtype:virtuozzo
CPANEL=stable

I'm sure it's not OpenVZ, because I just installed Let's Encrypt and it's affecting CPanel directly. Also VZ files like vz-scripts or vz.conf do not exist.

Your queries:

#uname -r
2.6.32-042stab093.4
# ifconfig
eth0      Link encap:Ethernet  HWaddr ##:##:##:##:##:## 
          inet addr:###.###.###.###  Bcast:###.###.###.###  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3722028 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3531314 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:554294495 (528.6 MiB)  TX bytes:523861182 (499.5 MiB)

eth0:0    Link encap:Ethernet  HWaddr ##:##:##:##:##:## 
          inet addr:###.###.###.###  Bcast:###.###.###.###  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0:1    Link encap:Ethernet  HWaddr ##:##:##:##:##:## 
          inet addr:###.###.###.###  Bcast:###.###.###.###  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4266835 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4266835 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:598175192 (570.4 MiB)  TX bytes:598175192 (570.4 MiB)

 

[Patrick Heinz]

Hello,

Here's a post from 2013, but maybe it helps.

itofy.com/other-stuff/openvz-iptables-csf-error-fix/

 

[Contemplator]

Hello,

Here's a post from 2013, but maybe it helps.

itofy.com/other-stuff/openvz-iptables-csf-error-fix/

Thank you for your contribution, Patrick.

However, if you look through my original post, you will notice that I have tried everything on that link.

1. lsmod returns empty, so grep will be useless
2. module folder is empty, so modprobe will be useless
3. This is not an OpenVZ container, so vz.conf and vzctl do not exist

 

[rolinger]

Thank you for your contribution, Patrick.

However, if you look through my original post, you will notice that I have tried everything on that link.

1. lsmod returns empty, so grep will be useless
2. module folder is empty, so modprobe will be useless
3. This is not an OpenVZ container, so vz.conf and vzctl do not exist

Did you ever resolve this? I am trying to implement CSF on my GoDaddy dedicated (not shared) VPS and I am running into the `iptables` errors too.