1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Firewall Module Config Cleared when iptables started

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by RaymondR, Jun 5, 2012.

  1. RaymondR

    RaymondR New Pleskian

    16
    35%
    Joined:
    Jan 29, 2011
    Messages:
    24
    Likes Received:
    0
    Parallels Plesk Panel, 10.4.4, MU#32, CentOS 6.2 Linux 2.6.32-220.el6.x86_64

    I Have the following problem.

    1 Install clean CentOS 6.2
    2 perform Yum Update
    3 install plesk 10.4 by using: wget -O - http://autoinstall.plesk.com/one-click-installer | sh

    At first, the Panel is not reachable at port 8443, i have to do a service iptables stop, after that i can reach the webinterface.

    4. i install the firewall module using /usr/local/psa/admin/sbin/autoinstaller
    5. i go to the firewall module, activate the default config (iptables is still nog active at this time).
    6. When i perform a iptables -L -n config is looking ok i think:

    Code:
    Chain INPUT (policy DROP)
    target     prot opt source               destination
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 reject-with tcp-reset
    DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:12443
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:11443
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:11444
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8447
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8443
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8880
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:21
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:587
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:25
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:465
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:110
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:995
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:143
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:993
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:106
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3306
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:5432
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:9008
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:9080
    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:137
    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:138
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:139
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:445
    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:1194
    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53
    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0
    DROP       icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8 code 0
    DROP       all  --  0.0.0.0/0            0.0.0.0/0
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 reject-with tcp-reset
    DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
    DROP       all  --  0.0.0.0/0            0.0.0.0/0
    
    Chain OUTPUT (policy DROP)
    target     prot opt source               destination
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 reject-with tcp-reset
    DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
    
    7. when i perform "service iptables start" the panel is not reachble anymore.
    8. when i perform "iptables -L -n" again it looks like this:
    Code:
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    

    Looks like config is cleared out again??

    I have this problem on 2 CentOS6.2 servers installed same way. looks reproducable?

    How can i fix this so i can use the firewall module?
     
  2. RaymondR

    RaymondR New Pleskian

    16
    35%
    Joined:
    Jan 29, 2011
    Messages:
    24
    Likes Received:
    0
    Ah, i found a sollution allready;

    I first had to perform
    Code:
    /sbin/service iptables save
    
    Before
    Code:
    service iptables start
    
    But a change in the installer of Plesk would be better;

    after install open port 8443 in firewall so access to webinterface is possible;
    after install firewall module, correcty write changes so manual editing is not necesary
     
Loading...