The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Re Installing IP Tables on Centos 5.9

Discussion in 'General Discussion' started by monkey64, Mar 19, 2013.

  1. monkey64

    monkey64 Well-Known Member

    Joined:
    Nov 6, 2011
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    It seems that I have some missing IP Table modules on my Centos 5.9 VPS.
    CSF first alerted me to this issue since it returned the error: "CSF will function on this server but some features will not work due to some missing iptables modules" (see below).

    I am unable to set SMTP Restrictions to "Enable" in: Home » Security Center » SMTP Restrictions.
    The error is "An error occurred attempting to update this setting", which I think may be related.

    I also am unable to run CSF with anything higher than the Low setting, and when I click the "Test IP Tables", I get the following output:

    Code:
    Testing iptables...
    
    Testing ip_tables/iptable_filter...OK
    Testing ipt_LOG...OK
    Testing ipt_multiport/xt_multiport...OK
    Testing ipt_REJECT...OK
    Testing ipt_state/xt_state...OK
    Testing ipt_limit/xt_limit...OK
    Testing ipt_recent...OK
    Testing xt_connlimit...FAILED [Error: iptables: Unknown error 4294967295] - Required for CONNLIMIT feature
    Testing ipt_owner/xt_owner...FAILED [Error: iptables: Unknown error 4294967295] - Required for SMTP_BLOCK and UID/GID blocking features
    Testing iptable_nat/ipt_REDIRECT...OK
    Testing iptable_nat/ipt_DNAT...OK
    
    RESULT: csf will function on this server but some features will not work due to some missing iptables modules [2]
    
    I bought this up with my hosting partner who said:

    "Our mini-servers do not allow module loading, but do have IPtables modules compiled directly into the kernel. The fix for this issue is to upgrade the iptables binary to a newer version. This can be done by recompiling the iptables package from source."

    They also suggested upgrading to Centos 6, which I don't want to do right now, especially since the EOL date for Centos 5 is August 31, 2017. Seems a bit of a knee-jerk reaction!

    I am not entirely sure how I would go about "recompiling the iptables package", but I understand that this process could be risky since it has the potential to lock me out! I have downloaded iptables-1.3.5-9.2.el5_8.i386 which is correct for my Centos version.

    Code:
    iptables -V
    
    shows I am already running iptables v1.3.5.
    The following code I found on a different post seems to show a list of loaded IP Tables on my server:

    Code:
    cat /proc/net/ip_tables_matches
    
    u32
    time
    string
    statistic
    state
    realm
    rateest
    quota
    pkttype
    owner
    mac
    limit
    helper
    devgroup
    cpu
    conntrack
    conntrack
    conntrack
    connlimit
    connlimit
    connbytes
    comment
    cluster
    addrtype
    connmark
    mark
    ecn
    ah
    icmp
    tcpmss
    socket
    socket
    sctp
    recent
    policy
    osf
    multiport
    length
    iprange
    ttl
    hashlimit
    esp
    tos
    dscp
    dccp
    addrtype
    set
    set
    udplite
    udp
    tcp
    
    Could someone outline the steps needed to reinstall IP Tables or at least point me in the right direction?
     
    #1 monkey64, Mar 19, 2013
    Last edited: Mar 20, 2013
  2. arunsv84

    arunsv84 Well-Known Member

    Joined:
    Oct 20, 2008
    Messages:
    373
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    127.0.0.1
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page