Firewall Module Config Cleared when iptables started

RaymondR · Jun 5, 2012

Parallels Plesk Panel, 10.4.4, MU#32, CentOS 6.2 Linux 2.6.32-220.el6.x86_64

I Have the following problem.

1 Install clean CentOS 6.2
2 perform Yum Update
3 install plesk 10.4 by using: wget -O - http://autoinstall.plesk.com/one-click-installer | sh

At first, the Panel is not reachable at port 8443, i have to do a service iptables stop, after that i can reach the webinterface.

4. i install the firewall module using /usr/local/psa/admin/sbin/autoinstaller
5. i go to the firewall module, activate the default config (iptables is still nog active at this time).
6. When i perform a iptables -L -n config is looking ok i think:

Code:

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 reject-with tcp-reset
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:12443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:11443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:11444
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8447
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8880
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:21
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:587
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:465
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:995
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:143
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:993
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:106
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3306
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:5432
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:9008
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:9080
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:137
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:138
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:139
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:445
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:1194
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0
DROP       icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8 code 0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 reject-with tcp-reset
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 reject-with tcp-reset
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

7. when i perform "service iptables start" the panel is not reachble anymore.
8. when i perform "iptables -L -n" again it looks like this:

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Looks like config is cleared out again??

I have this problem on 2 CentOS6.2 servers installed same way. looks reproducable?

How can i fix this so i can use the firewall module?

RaymondR · Jun 5, 2012

Ah, i found a sollution allready;

I first had to perform

Code:

/sbin/service iptables save

Before

Code:

service iptables start

But a change in the installer of Plesk would be better;

after install open port 8443 in firewall so access to webinterface is possible;
after install firewall module, correcty write changes so manual editing is not necesary

Firewall Module Config Cleared when iptables started

RaymondR

New Pleskian

RaymondR

New Pleskian

Similar threads