Firewall config not updated in 2.2.25

Discussion in 'Installation/Configuration' started by mytux, Sep 24, 2008.

Page 1 of 2
  1. mytux

    mytux New Member

    I have upgraded to ISPConfig 2.2.25. I wanted now to add a port and disable some others in the Firewall section. In the GUI I see all the changes, but they are not written to /etc/Bastille/bastille-firewall.cfg and also by checking with 'iptables -L' my changes are not done.

    What is wrong in my setup?

    Thanks
     
    mytux, Sep 24, 2008
    #1
  2. radim_h

    radim_h Member HowtoForge Supporter

    radim_h, Sep 25, 2008
    #2
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    But the firewall config from radim_h is written as you can see from the iptables output.
     
    till, Sep 25, 2008
    #3
  4. mytux

    mytux New Member

    No, he just has the defaults set. But radim_h has configured a lot more ports than that. IMAPS, POP3S, VMWARE, FTPS, SMTPS, MYSQL, ... are all missing in iptables output.
     
    mytux, Sep 25, 2008
    #4
  5. falko

    falko Super Moderator Howtoforge Staff

    Are there any warnings in /home/admispconfig/ispconfig/ispconfig.log?
    What's the output of
    Code:
    ls -la /root/ispconfig
    ?
     
    falko, Sep 26, 2008
    #5
  6. mytux

    mytux New Member

    No Warnings in the log file.

    Output is:

    [root@tux ~]# ls -la /root/ispconfig
    insgesamt 100
    drwxr-xr-x 9 root root 4096 16. Sep 23:38 .
    drwxr-x--- 27 root root 4096 16. Sep 22:45 ..
    -rwxr-xr-x 1 root root 33526 16. Sep 22:45 cronolog
    -rwxr-xr-x 1 root root 9673 16. Sep 22:45 cronosplit
    drwxr-xr-x 12 root root 4096 16. Sep 22:39 httpd
    drwxr-xr-x 16 root root 4096 16. Sep 22:45 isp
    -rw-r--r-- 1 root root 0 24. Sep 21:57 .ispconfig_lock
    -rw-r--r-- 1 root root 14 24. Sep 21:57 .old_path_httpd_root
    drwxr-xr-x 6 root root 4096 16. Sep 22:38 openssl
    drwxr-xr-x 6 root root 4096 16. Sep 22:43 php
    drwxr-xr-x 4 root root 4096 16. Sep 22:45 scripts
    drwxr-xr-x 4 root root 4096 16. Sep 22:45 standard_cgis
    drwxr-xr-x 2 root root 4096 16. Sep 22:45 sv
    -rwx------ 1 root root 9389 16. Sep 22:45 uninstall
     
    mytux, Sep 28, 2008
    #6
  7. radim_h

    radim_h Member HowtoForge Supporter

    Here is mine:

    web1:~# ls -la /root/ispconfig
    total 108
    drwxr-xr-x 9 root root 4096 2008-09-28 15:51 .
    drwxr-xr-x 12 root root 4096 2008-09-25 00:15 ..
    -rwxr-xr-x 1 root root 41628 2008-09-02 23:38 cronolog
    -rwxr-xr-x 1 root root 9673 2008-09-02 23:38 cronosplit
    drwxr-xr-x 12 root root 4096 2008-09-02 23:31 httpd
    drwxr-xr-x 15 root root 4096 2008-09-03 01:42 isp
    -rw-r--r-- 1 root root 8 2008-09-28 15:51 .old_path_httpd_root
    drwxr-xr-x 6 root root 4096 2008-09-02 23:29 openssl
    drwxr-xr-x 6 root root 4096 2008-09-02 23:37 php
    drwxr-xr-x 4 root root 4096 2008-09-02 23:38 scripts
    drwxr-xr-x 4 root root 4096 2008-09-02 23:38 standard_cgis
    drwxr-xr-x 2 root root 4096 2008-09-02 23:38 sv
    -rwx------ 1 root root 9389 2008-09-02 23:38 uninstall
     
    radim_h, Sep 29, 2008
    #7
  8. falko

    falko Super Moderator Howtoforge Staff

    Please run
    Code:
    rm -f /root/ispconfig/.ispconfig_lock
/root/ispconfig/php/php /root/ispconfig/scripts/writeconf.php
    Does the last command show any errors?
     
    falko, Sep 29, 2008
    #8
  9. mytux

    mytux New Member

    No Errors so far, but two warnings (removed the domainname):


    postmap: warning: /etc/postfix/virtusertable.db: duplicate entry: "[email protected]"
    postmap: warning: /etc/postfix/virtusertable.db: duplicate entry: "[email protected]"

    After that it stops with a segmentation fault!

    I the log /home/admispconfig/ispconfig/ispconfig.log I can see this:
    30.09.2008 - 08:15:07 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 137: cp -fr /etc/postfix/local-host-names /etc/postfix/local-host-names~
    30.09.2008 - 08:15:07 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 284: cp -fr /etc/postfix/virtusertable /etc/postfix/virtusertable~
    30.09.2008 - 08:15:07 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 289: postmap hash:/etc/postfix/virtusertable
    30.09.2008 - 08:15:07 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1265: cp -fr /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf~
    30.09.2008 - 08:15:07 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_system.lib.php, Line 728: /etc/rc.d/init.d/postfix stop &> /dev/null
    30.09.2008 - 08:15:08 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_system.lib.php, Line 728: /etc/rc.d/init.d/postfix start &> /dev/null

    So it breaks after restarting postfix somewhere...

    Any idea?
     
    Last edited: Sep 30, 2008
    mytux, Sep 30, 2008
    #9
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Most likely ist a problem with bind.

    1) Which Linux distribution do you use?
    2) Which path to the named files is shown in ispaconfig under management > server > settings on the dns tab?
     
    till, Sep 30, 2008
    #10
  11. mytux

    mytux New Member

    I am using Fedora 9, DNS config in the GUI is:

    /var/named/chroot/etc/named.conf
    /etc/bind

    changed /etc/bind to /var/named/chroot/var/named, which is correct, but it dows not let me save this value. It always goes back to /etc/bind, which is not correct. How can I change this value?

    Regards, mytux
     
    Last edited: Sep 30, 2008
    mytux, Sep 30, 2008
    #11
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, then the permissions of your named directory aare wrong. Please redo the configuration steps for bind from the perfect setup guide and then change the path again in the ispconfig interface.
     
    till, Sep 30, 2008
    #12
  13. mytux

    mytux New Member

    Solved

    Yeah, this was the problem? Thank you very much till! :p I also changed the value for the correct zonefiles dir in the db directly. I could not change it in the GUI.

    Seems that bind rpm update changed the permissions back.

    According to the perfect server guide I have to to this:

    chmod 777 /var/named/chroot/var/run/named/

    Is this really needed? It look like named is writing to this dir, why to we have to set this writeable for everybody?

    Regards,

    mytux
     
    mytux, Sep 30, 2008
    #13
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    Do not do that! Never edit values in the database directly as every change of a value is connected to changes in other tables and config files and you break these dependencies when you change something manually. There is a good reson if ispconfig refuses to change a value trough the interface!

    The directory must at least be world readable or ispconfig wont work. If you set the correct permissions as described in the perfect setup guide, ISPConfig will let you update the value in the interface.
     
    till, Sep 30, 2008
    #14
  15. mytux

    mytux New Member

    I tried to change the zonefiles dir value through the interface again. It does not say something in the GUI, when I save it, but the value in the db is then empty afterwards.

    Any hint on this one?
     
    mytux, Sep 30, 2008
    #15
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    Please set the modes of directory exactly as described in the perfect setup guide and try again. ISPConfig will not save any value in this field until the folders have the correct settings.
     
    till, Sep 30, 2008
    #16
  17. mytux

    mytux New Member


    Yes, I did that. I rechecked with the Perfect Server Howto. I had different owner for the zone files. I changed all files to be owned by named. Some were owned by root. Which one is correct? Can you tell me how the permissions should be here:

    [root@tux named]# pwd
    /var/named/chroot/var/named
    [root@tux named]# ls -la
    insgesamt 128
    drwxrwxr-x 5 root named 4096 30. Sep 12:18 .
    drwxrwxr-x 6 root named 4096 20. Jul 2007 ..
    lrwxrwxrwx 1 root named 6 4. Jul 11:36 chroot -> ../../
    drwxrwx--- 2 named named 4096 25. Aug 2004 data
    drwxrwx--- 2 named named 4096 4. Jun 2007 dynamic
    -rw-r----- 1 named named 1892 18. Feb 2008 named.ca
    -rw-r----- 1 named named 129 21. Jun 2007 named.empty
    -rw-r----- 1 named named 256 7. Jul 12:04 named.local
    -rw-r----- 1 named named 152 21. Jun 2007 named.localhost
    -rw-r----- 1 named named 145 21. Jun 2007 named.loopback
    -rw-r----- 1 named named 824 28. Aug 22:26 pri.abc.com
    -rw-r----- 1 named named 824 28. Aug 22:26 pri.abc.com~
    -rw-r----- 1 named named 832 29. Aug 16:02 pri.xyz.com
    -rw-r----- 1 named named 832 29. Aug 16:02 pri.xyz.com~
    drwxrwx--- 2 named named 4096 27. Jul 2004 slaves
     
    mytux, Sep 30, 2008
    #17
  18. falko

    falko Super Moderator Howtoforge Staff

    Please do this:
    Code:
    chmod 755 /var/named/
chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 775 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/
     
    falko, Oct 1, 2008
    #18
  19. mytux

    mytux New Member

    This was not my question. I already did that. I wanted to know to whom the files inside /var/named/chroot/var/run/named should belong to. I had some files from root and some from named. Which on e is correct? If they have the wrong owner, they cannot be updated by ispconfig.

    Regards,

    mytux
     
    mytux, Oct 1, 2008
    #19
  20. till

    till Super Moderator Staff Member ISPConfig Developer

    The ISPConfig daemon part which is writing these files has root priveliges, so this does not matter. Just leave it as it is and run the commands falko posted above.
     
    till, Oct 1, 2008
    #20
Page 1 of 2

Share This Page