Hi there, today we have a strange problem with bastille firewall onto CentOs 6.0 with ispconfig 3.0.3.3 Firewall look not working, and if we try to change some setting on the firewall setting page from the ispconfig control panel we receive the following errors: """"""""" /sbin/bastille-ipchains: line 228: /sbin/ipchains: No such file or directory /sbin/bastille-ipchains: line 230: /sbin/ipchains: No such file or directory /sbin/bastille-ipchains: line 232: /sbin/ipchains: No such file or directory [...many more...] /sbin/bastille-ipchains: line 600: /sbin/ipchains: No such file or directory /sbin/bastille-ipchains: line 600: /sbin/ipchains: No such file or directory /sbin/bastille-ipchains: line 600: /sbin/ipchains: No such file or directory /sbin/bastille-ipchains: line 600: /sbin/ipchains: No such file or directory finished. """"""""" We have followed your perfect server installation, but we think that ipchains it's pretty old...so it's normal that on the CentOs 6.0 isn't installed... Someone has some hint on how we can solve? Thank you.
The firwall tries to use ipchains as fallback only if iptables is not installed on your server. Please post the output of: which iptables
on this server iptables is installed: [~]# rpm -qa |grep iptables iptables-1.4.7-3.el6.x86_64 iptables-devel-1.4.7-3.el6.x86_64 iptables-ipv6-1.4.7-3.el6.x86_64 [~]# which iptables /sbin/iptables
Ok, that good. Please post the output of: iptables -L and where exactly did you see the errors that you posted above?
I love comunicate good news The output is: """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" [~]# /sbin/iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain PUB_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request Chain PUB_OUT (0 references) target prot opt source destination REJECT icmp -- anywhere anywhere icmp destination-unreachable reject-with icmp-port-unreachable REJECT icmp -- anywhere anywhere icmp time-exceeded reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere Chain fail2ban-SSH (1 references) target prot opt source destination RETURN all -- anywhere anywhere """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" The errors that we have reported before, was just after a modify of some firwall rules, for example: - login into the control panel admin; - add a port on the firewall; - save; - run manually the script /usr/local/ispconfig/server/server.sh; - the output of the script it's what we have reported before; Thank you
ok solved. The problem was that the startup script of bastille made a check of the kernel installed (with uname...etcetc). Control that the kernel is newer than 2.3...but the awk syntax used it's ok onlt for all kernel from 2.3 to 2.9 If you have (like me) a kernel newer than 2.9 (like the brand new 3.0 kernel...) the startup script not start netfilter.... Change on /etc/rc.d/init.d/bastille-firewall on row (85 or 86...) the if statement. [FROM] if [ -n "$(uname -r | awk -F. ' $1 == 2 && $2 > 2 {print}')" ]; then [TO] if [ -n "$(uname -r | awk -F. ' $1 == 3 {print}')" ]; then next i had to save the configuration on sysconfig/iptables (on centos) with the command: /sbin/service iptables save just before the last case statement on this same script.. Hope it usefull..
