1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Opensuse 11.4 - Error: Could not activate firewall configuration:

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by UdoGath, Apr 22, 2012.

  1. UdoGath

    UdoGath Guest

    0
     
    Hi!

    I have 2 Server with Opensuse 11.4 & Plesk Panel 10.4.4!
    On both Servers I get the following error when I try to activate the Firewall Configuration:

    Code:
    Error: Could not activate firewall configuration:
    
    safeact: safeact: /usr/local/psa/var/modules/firewall/firewall-new.sh failed:
    /usr/local/psa/var/modules/firewall/firewall-new.sh: line 8: /proc/sys/net/ipv4/ip_forward: Read-only file system
    I had the same Problem with Plesk 10.2 (before upgrading to 10.4.4) on one of the two Servers. On the second Server is a fresh 10.4.4 installation.

    cu
     
  2. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,572
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    Looks like that it is related to some problems with /proc mounting or to something on kernel level.
     
  3. UdoGath

    UdoGath Guest

    0
     
    And what can I do now?
    Is Plesk Panel 10.x incompatible with Suse 11.4?
     
  4. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,572
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
  5. UdoGath

    UdoGath Guest

    0
     
    Yes I have default fresh Suse installation on both Strato V-Servers, without any customizations...
    For the Plesk installation I used the Plesk Auto-Installer.
     
  6. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,572
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
  7. UdoGath

    UdoGath Guest

    0
     
    ---------------------------------------------------------------
    PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
    Parallels Plesk Panel v10.4.4_build1013111102.18 os_SuSE 11.4
    Linux 2.6.18-028stab091.2
    AuthenticAMD, Quad-Core AMD Opteron(tm) Processor 2347 HE - Strato V-Server

    PROBLEM DESCRIPTION
    Error: Could not activate firewall configuration

    STEPS TO REPRODUCE
    - Install Opensuse 11.4
    - Install Plesk Panel 10.4
    - Change Firewall Settings
    - Try to activate the new settings

    ACTUAL RESULT
    Code:
    Error: Could not activate firewall configuration:
    
    safeact: safeact: /usr/local/psa/var/modules/firewall/firewall-new.sh failed:
    /usr/local/psa/var/modules/firewall/firewall-new.sh: line 8: /proc/sys/net/ipv4/ip_forward: Read-only file system"
    
    firewall-new.sh:
    Code:
    #!/bin/sh
    #
    # Automatically generated by Plesk netconf
    #
    
    set -e
    
    echo 0 > /proc/sys/net/ipv4/ip_forward
    ([ -f /var/lock/subsys/ipchains ] && /etc/init.d/ipchains stop) >/dev/null 2>&1 || true
    (rmmod ipchains) >/dev/null 2>&1 || true
    /usr/sbin/iptables -F
    /usr/sbin/iptables -X
    /usr/sbin/iptables -Z
    /usr/sbin/ip6tables -F
    /usr/sbin/ip6tables -X
    /usr/sbin/ip6tables -Z
    /usr/sbin/iptables -P INPUT DROP
    /usr/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    /usr/sbin/iptables -A INPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
    /usr/sbin/iptables -A INPUT -m state --state INVALID -j DROP
    /usr/sbin/iptables -P OUTPUT DROP
    /usr/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    /usr/sbin/iptables -A OUTPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
    /usr/sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
    /usr/sbin/iptables -P FORWARD DROP
    /usr/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    /usr/sbin/iptables -A FORWARD -p tcp ! --syn -j REJECT --reject-with tcp-reset
    /usr/sbin/iptables -A FORWARD -m state --state INVALID -j DROP
    /usr/sbin/ip6tables -P INPUT DROP
    /usr/sbin/ip6tables -P OUTPUT DROP
    /usr/sbin/ip6tables -P FORWARD DROP
    /usr/sbin/iptables -A INPUT -i lo  -j ACCEPT
    /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT
    /usr/sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT
    /usr/sbin/iptables -t mangle -F
    /usr/sbin/iptables -t mangle -X
    /usr/sbin/iptables -t mangle -Z
    /usr/sbin/ip6tables -t mangle -F
    /usr/sbin/ip6tables -t mangle -X
    /usr/sbin/ip6tables -t mangle -Z
    /usr/sbin/iptables -t mangle -P PREROUTING ACCEPT
    /usr/sbin/iptables -t mangle -P OUTPUT ACCEPT
    /usr/sbin/ip6tables -t mangle -P PREROUTING ACCEPT
    /usr/sbin/ip6tables -t mangle -P OUTPUT ACCEPT
    /usr/sbin/iptables -t mangle -P INPUT ACCEPT
    /usr/sbin/iptables -t mangle -P FORWARD ACCEPT
    /usr/sbin/iptables -t mangle -P POSTROUTING ACCEPT
    /usr/sbin/ip6tables -t mangle -P INPUT ACCEPT
    /usr/sbin/ip6tables -t mangle -P FORWARD ACCEPT
    /usr/sbin/ip6tables -t mangle -P POSTROUTING ACCEPT
    /usr/sbin/iptables -t nat -F
    /usr/sbin/iptables -t nat -X
    /usr/sbin/iptables -t nat -Z
    /usr/sbin/iptables -t nat -P PREROUTING ACCEPT
    /usr/sbin/iptables -t nat -P OUTPUT ACCEPT
    /usr/sbin/iptables -t nat -P POSTROUTING ACCEPT
    
    /usr/sbin/iptables -A INPUT -p tcp --dport 25 -s 178.46.34.240 -j DROP
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 25 -s ::ffff:178.46.34.240 -j DROP
    
    /usr/sbin/iptables -A INPUT -p tcp --dport 12443 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 12443 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p tcp --dport 11443 -j ACCEPT
    /usr/sbin/iptables -A INPUT -p tcp --dport 11444 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 11443 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 11444 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p tcp --dport 8447 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 8447 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
    /usr/sbin/iptables -A INPUT -p tcp --dport 8880 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 8443 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 8880 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    /usr/sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 21 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p tcp --dport 587 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 587 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
    /usr/sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 25 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 465 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
    /usr/sbin/iptables -A INPUT -p tcp --dport 995 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 110 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 995 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p tcp --dport 143 -j ACCEPT
    /usr/sbin/iptables -A INPUT -p tcp --dport 993 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 143 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 993 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p tcp --dport 106 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 106 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 3306 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p tcp --dport 5432 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 5432 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p tcp --dport 9008 -j ACCEPT
    /usr/sbin/iptables -A INPUT -p tcp --dport 9080 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 9008 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 9080 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p udp --dport 137 -j ACCEPT
    /usr/sbin/iptables -A INPUT -p udp --dport 138 -j ACCEPT
    /usr/sbin/iptables -A INPUT -p tcp --dport 139 -j ACCEPT
    /usr/sbin/iptables -A INPUT -p tcp --dport 445 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p udp --dport 137 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p udp --dport 138 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 139 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 445 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p udp --dport 1194 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p udp --dport 1194 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
    /usr/sbin/iptables -A INPUT -p tcp --dport 53 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p udp --dport 53 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p tcp --dport 53 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p udp -j ACCEPT
    /usr/sbin/iptables -A INPUT -p tcp -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 134/0 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 135/0 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 136/0 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 137/0 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 128/0 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 129/0 -j ACCEPT
    
    /usr/sbin/iptables -A INPUT -j DROP
    /usr/sbin/ip6tables -A INPUT -j DROP
    
    /usr/sbin/iptables -A OUTPUT -j ACCEPT
    /usr/sbin/ip6tables -A OUTPUT -j ACCEPT
    
    /usr/sbin/iptables -A FORWARD -j DROP
    /usr/sbin/ip6tables -A FORWARD -j DROP
    
    echo 1 > /proc/sys/net/ipv4/ip_forward
    echo 1 > /usr/local/psa/var/modules/firewall/ip_forward.active
    chmod 644 /usr/local/psa/var/modules/firewall/ip_forward.active
    #
    # End of script
    #
    
    EXPECTED RESULT
    Activated Firewall configuration

    ANY ADDITIONAL INFORMATION
    I have the same Problem on two Strato-V-Servers
    1. Server fresh Opensuse 11.4 + Plesk 10.2 Installation had this Problem. I updated to Plesk 10.4.4 and the Problem stays.
    2. Server fresh Opensuse 11.4 with fresh Plesk 10.4.4 Installation - same Problem
    --------------------------------------------------------------
     
  8. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,572
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    Thank you for detailed report. I have forward it to developers and will update thread with results as soon as I receive them.
     
Loading...