Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Very broken iptables 1.4.21 after upgrade to kernel 3.10.0-514.26.2.el7.x86_64

Discussion in 'Security' started by simonautomatic, Aug 17, 2017.

  1. simonautomatic

    Joined:
    Jul 17, 2008
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    51
    I ran system update in WHM 64 Build 36, to upgrade some packages and also update the kernel to 3.10.0-514.26.2.el7.x86_64 (as advised by the security advisor).

    The updates ran successsfully, but after a reboot I noticed that configServer (Csf) would no longer start. This turned out to be due to a problem with iptables. It seems that the newer kernel either doesn't have all the iptables modules loaded or doesn't even have support for them compiled in - I'm not quite sure which.

    The error message when trying to start iptables (and thus when trying to start csf too) is:

    Code:
    iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
    I have tried various things such as issuing the modprobe command for iptables_filter and iptables_nat but to no avail. I also checked the netfilter directory (/lib/modules/3.10.0-514.26.2.el7.x86_64/kernel/net/ipv4/netfilter/) and it seems to contain all the correct files (I compared it with the previous kernel)

    Am I right that the only solution here would be to recompile the kernel?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,080
    Likes Received:
    1,364
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you provide some more information about the server environment (OS, VPS software)? For instance, are you using a Linux Container (LXC)? Also, please post the output from the following commands:

    Code:
    runlevel
    telnet 127.0.0.1
    Thank you.
     
  3. simonautomatic

    Joined:
    Jul 17, 2008
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    51
    Sure, it's a physical server running CENTOS 7.3 x86_64 standard (so no container)

    [root@XXX /]# runlevel
    N 3

    [root@XXX /]# telnet 127.0.0.1
    Trying 127.0.0.1...
    telnet: connect to address 127.0.0.1: Connection refused
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,080
    Likes Received:
    1,364
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you also run the "rpm -qa|grep iptables" command and let us know the output?

    Thank you.
     
  5. simonautomatic

    Joined:
    Jul 17, 2008
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    51
    Sure. Note that I installed the devel and services packages with yum, as part of various attempts to remedy the situation:

    [root@jakot tmp]# rpm -qa|grep iptables
    iptables-1.4.21-17.el7.x86_64
    iptables-services-1.4.21-17.el7.x86_64
    iptables-devel-1.4.21-17.el7.x86_64
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,080
    Likes Received:
    1,364
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
  7. simonautomatic

    Joined:
    Jul 17, 2008
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    51
    I've done so. Hope you can help.
     
Loading...

Share This Page