Results 1 to 10 of 10
Thread: CSF Firewall won't start
-
09-25-2006, 01:19 AM #1Junior Guru Wannabe
- Join Date
- Oct 2005
- Posts
- 78
CSF Firewall won't start
I installed the CSF firewall, and when I try to start it, I get this:
Code:Starting csf... Flushing chain `INPUT' Flushing chain `FORWARD' Flushing chain `OUTPUT' ACCEPT all opt -- in lo out * 0.0.0.0/0 -> 0.0.0.0/0 ACCEPT all opt -- in * out lo 0.0.0.0/0 -> 0.0.0.0/0 iptables: No chain/target/match by that name LOG tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* ' Flushing chain `INPUT' Flushing chain `FORWARD' Flushing chain `OUTPUT' Flushing chain `LOGDROP' Deleting chain `LOGDROP' Error: iptables command [/sbin/iptables -v -A LOGDROP -p tcp -i venet0 -m limit --limit 30/m --limit-burst 5 -j LOG --log-prefix 'Firewall: *TCP_IN Blocked* '] failed, at line 171 ...Done.
-
09-26-2006, 12:33 PM #2Web Hosting Guru
- Join Date
- Jun 2002
- Posts
- 289
That's a problem with the vps host server. You'd need to point your VPS provider to:
http://kb.swsoft.com/article_117_746_en.html
-
11-22-2012, 04:48 AM #3New Member
- Join Date
- Nov 2012
- Posts
- 4
Hi,
I have the same problem and I have a VPS but your link doesn't work anymore. Do you have another one ?
Thank you
(I know that this thread is horribly old but as I stumbled upon it by searching google I think I won't be the only one)
-
11-22-2012, 07:29 AM #4Web Hosting Master
- Join Date
- Dec 2006
- Location
- London
- Posts
- 661
Basically, your kernel is probably too new for your iptables version. Try to restart csf again and let us know the last few lines of output from dmesg.
You probably just need a new iptables and to replace the binaries that are listed in which iptables and which ip6tables.█ GigaTux, Value Linux Hosting
█ UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.
-
11-22-2012, 08:33 AM #5New Member
- Join Date
- Nov 2012
- Posts
- 4
Well my iptables is at the last version and I managed to retrieve the original article from Parallels and I send it to my VPS provider. I'll see what comes
-
11-22-2012, 08:57 AM #6Quality Web Hosting Matters
- Join Date
- Mar 2006
- Location
- Servers
- Posts
- 1,590
The problem is you need 20 not 30. CSF is not working with more than 20 set.
█ QHoster.com - Web Hosting with DDoS Protection | Shared & Reseller in Europe/North America
█ Linux/Windows RDP VPS 13 Locations : UK, US (5 states), Mexico, Canada, Bulgaria, Lithuania,
█ Italy, France, Germany,Netherlands, Switzerland, Rissia, Singapore | OpenVPN/PPTP Enabled
█ INSTANT | PayPal, Skrill, Payza, Bitcoin, WebMoney, Perfect Money, Ukash, CashU, paysafecard
-
11-22-2012, 08:57 AM #7Web Hosting Master
- Join Date
- Dec 2006
- Location
- London
- Posts
- 661
Doezer, can you please let us know the latest output from dmesg too? This usually says why iptables failed.
Can you also just run iptables --version? It might be the latest version available in CentOS, but is it the latest version available from source?█ GigaTux, Value Linux Hosting
█ UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.
-
11-22-2012, 09:01 AM #8New Member
- Join Date
- Nov 2012
- Posts
- 4
Here it is (nothing is shown after dmesg) :
# service csf restart
Stopping csf:You have an unresolved error when starting csf. You need to restart csf successfully to remove this warning
Done
Starting csf:Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `POSTROUTING'
Flushing chain `OUTPUT'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:67
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:67
DROP tcp opt in * out * ::/0 -> ::/0 tcp dpt:67
DROP udp opt in * out * ::/0 -> ::/0 udp dpt:67
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:68
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:68
DROP tcp opt in * out * ::/0 -> ::/0 tcp dpt:68
DROP udp opt in * out * ::/0 -> ::/0 udp dpt:68
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:111
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:111
DROP tcp opt in * out * ::/0 -> ::/0 tcp dpt:111
DROP udp opt in * out * ::/0 -> ::/0 udp dpt:111
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:113
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:113
DROP tcp opt in * out * ::/0 -> ::/0 tcp dpt:113
DROP udp opt in * out * ::/0 -> ::/0 udp dpt:113
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpts:135:139
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpts:135:139
DROP tcp opt in * out * ::/0 -> ::/0 tcp dpts:135:139
DROP udp opt in * out * ::/0 -> ::/0 udp dpts:135:139
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:445
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:445
DROP tcp opt in * out * ::/0 -> ::/0 tcp dpt:445
DROP udp opt in * out * ::/0 -> ::/0 udp dpt:445
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:500
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:500
DROP tcp opt in * out * ::/0 -> ::/0 tcp dpt:500
DROP udp opt in * out * ::/0 -> ::/0 udp dpt:500
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:513
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:513
DROP tcp opt in * out * ::/0 -> ::/0 tcp dpt:513
DROP udp opt in * out * ::/0 -> ::/0 udp dpt:513
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:520
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:520
DROP tcp opt in * out * ::/0 -> ::/0 tcp dpt:520
DROP udp opt in * out * ::/0 -> ::/0 udp dpt:520
iptables: No chain/target/match by that name.
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
Error: iptables command [/sbin/iptables -v -A LOGDROPIN -p tcp -m limit --limit 30/m --limit-burst 5 -j LOG --log-prefix 'Firewall: *TCP_IN Blocked* '] failed, you appear to be missing a required iptables module, at line 515
Done
# dmesg
# which iptables
/sbin/iptables
# which ip6tables
/sbin/ip6tables
# iptables --version
iptables v1.4.8
-
11-22-2012, 09:03 AM #9Web Hosting Master
- Join Date
- Dec 2006
- Location
- London
- Posts
- 661
Ah, you're on OpenVZ then?
The latest iptables is actually 1.4.16.3 but I can't promise this is your issue now. It probably isn't in fact, so you'll probably need to talk to your hosting provider so they can enable the appropriate iptables module.█ GigaTux, Value Linux Hosting
█ UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.
-
11-22-2012, 09:04 AM #10New Member
- Join Date
- Nov 2012
- Posts
- 4