Knowledgebase

Portal Home > Knowledgebase > Articles Database > Can't Restart iptables on my dedi


Can't Restart iptables on my dedi




Posted by AprilJay, 05-05-2009, 12:43 AM
I shut down iptables on my dedi to try to install Poweradmin but, when the install did not work (probably because DirectAdmin was controlling files and processes I needed for the package) I attempted to restart iptables by running "/etc/init.d/iptables restart" and "service iptables start". It didn't restart. I restarted the webserver running "/etc/init.d/httpd restart". I even rebooted the dedi. Still, no iptables. I'm beginning to wonder if iptables was ever even up. Any ideas? Thanks. April
Posted by CiscoMike, 05-05-2009, 01:59 AM
any error messages at the console? anything in /var/log/messages? Unfortunately it's just a bit too vague to help diagnose the issue.
Posted by AprilJay, 05-05-2009, 02:34 AM
Mike, or rather, Mr. Security Propeller Head, Thank you for your response in these wee hours. I appreciate your help. Would you kindly tell this fairly newbie Linux user what commands I should run to find the output from these logs? If you don't tell me exactly what to run on my CentOS 5.3 dedi via SSH, I probably won't be able to guess without spending a lot of time trying. We I come back to all of this later today, I'll run the commands and post the output. Please tell me what else you need to know to help me. Thanks. April
Posted by hexahost, 05-05-2009, 03:07 AM
tail -200 /var/log/messages
Posted by CiscoMike, 05-05-2009, 03:15 AM
on top of what hexahost mentioned, what happens when you do a "service iptables restart" or "service iptables start"? If it says [Failed], it should also say why it failed (at least in most cases). But yeah, after you do a start/restart you should tail the messages file so we can see what it says.
Posted by AprilJay, 05-05-2009, 03:59 PM
Thanks for your help. Here's the output of that command. It's pretty much just repeated but appears not to mention the firewall at all (though I don't know what Guardian is since I didn't install it, I don't think). (FYI: for readers who don't know, "pdns" is the "PowerDNS" DNS server I tried to install around DirectAdmin that made me decide DA had to go.) May 5 15:53:04 server pdns[2800]: Our pdns instance exited with code 1 May 5 15:53:04 server pdns[2800]: Respawning May 5 15:53:05 server pdns[20919]: Guardian is launching an instance May 5 15:53:05 server pdns[20919]: This is module gmysqlbackend.so reporting May 5 15:53:05 server pdns[20919]: This is a guarded instance of pdns May 5 15:53:05 server pdns[20919]: Fatal error: Trying to set unexisting parameter '[...]' May 5 15:53:06 server pdns[2800]: Our pdns instance exited with code 1 May 5 15:53:06 server pdns[2800]: Respawning May 5 15:53:07 server pdns[20920]: Guardian is launching an instance May 5 15:53:07 server pdns[20920]: This is module gmysqlbackend.so reporting May 5 15:53:07 server pdns[20920]: This is a guarded instance of pdns May 5 15:53:07 server pdns[20920]: Fatal error: Trying to set unexisting parameter '[...]' May 5 15:53:08 server pdns[2800]: Our pdns instance exited with code 1 May 5 15:53:08 server pdns[2800]: Respawning May 5 15:53:09 server pdns[20921]: Guardian is launching an instance May 5 15:53:09 server pdns[20921]: This is module gmysqlbackend.so reporting May 5 15:53:09 server pdns[20921]: This is a guarded instance of pdns May 5 15:53:09 server pdns[20921]: Fatal error: Trying to set unexisting parameter '[...]' May 5 15:53:10 server pdns[2800]: Our pdns instance exited with code 1 May 5 15:53:10 server pdns[2800]: Respawning May 5 15:53:11 server pdns[20922]: Guardian is launching an instance May 5 15:53:11 server pdns[20922]: This is module gmysqlbackend.so reporting May 5 15:53:11 server pdns[20922]: This is a guarded instance of pdns May 5 15:53:11 server pdns[20922]: Fatal error: Trying to set unexisting parameter '[...]' Do you have what I can do next to determine why this firewall isn't restarting? Again, thank you. April
Posted by AprilJay, 05-05-2009, 04:04 PM
Thank you, Mike. I tried that repeatedly but kept getting no response--just returned to the command line. I don't know what you can glean from the output above about the firewall, but I'd appreciate what other helpful suggestions you have for attempting to determine the source of the issue and resolving it. April
Posted by dotHostel, 05-05-2009, 04:20 PM
What is the output of iptables -L?
Posted by AprilJay, 05-05-2009, 05:10 PM
Here it is: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Please let me know what I can do with this information. Thank you. April
Posted by atariko, 05-05-2009, 06:12 PM
It sounds like you upgraded a dependent kernel module. What does running 'lsmod' give you? We can see if there are any modules not being loaded...
Posted by AprilJay, 05-05-2009, 06:22 PM
Thank you, atariko, for your help. My first question is how do I prevent updating of dependent kernels and otherwise protect software from being inadvertently updated such that they don't work? I know there's a way to do this in yum. Second, should I update iptables? Third, here's the output from 'lsmod'. Please tell me what I'm looking at and what to do with the information. Module Size Used by iptable_filter 7105 0 ip_tables 17029 1 iptable_filter ipt_REJECT 9537 0 xt_tcpudp 7105 0 x_tables 17349 3 ip_tables,ipt_REJECT,xt_tcpudp bridge 53085 0 ipv6 261473 30 xfrm_nalgo 13381 1 ipv6 crypto_api 12609 1 xfrm_nalgo autofs4 24261 2 sunrpc 144765 1 cpufreq_ondemand 12493 1 acpi_cpufreq 13897 4 dm_multipath 24013 0 scsi_dh 11713 1 dm_multipath video 21193 0 hwmon 7365 0 backlight 10049 1 video sbs 18533 0 i2c_ec 9025 1 sbs button 10705 0 battery 13637 0 asus_acpi 19289 0 ac 9157 0 parport_pc 29157 0 lp 15849 0 parport 37513 2 parport_pc,lp sr_mod 19941 0 cdrom 36577 1 sr_mod i2c_i801 11725 0 i2c_core 23745 2 i2c_ec,i2c_i801 r8168 43796 0 sg 36189 0 serio_raw 10693 0 pcspkr 7105 0 dm_raid45 66509 0 dm_message 6977 1 dm_raid45 dm_region_hash 15681 1 dm_raid45 dm_mem_cache 9537 1 dm_raid45 dm_snapshot 22245 0 dm_zero 6209 0 dm_mirror 23877 0 dm_log 14529 3 dm_raid45,dm_region_hash,dm_mirror dm_mod 62201 11 dm_multipath,dm_raid45,dm_snapshot,dm_zero,dm_mirror,dm_log ata_piix 23621 2 libata 156677 1 ata_piix sd_mod 25153 3 scsi_mod 141589 5 scsi_dh,sr_mod,sg,libata,sd_mod ext3 124361 2 jbd 56937 1 ext3 uhci_hcd 25421 0 ohci_hcd 24681 0 ehci_hcd 33357 0 April
Posted by hexahost, 05-06-2009, 08:14 AM
Just check if you have the entry in /etc/yum.conf exclude=kernel* If you have this, kernel will not be upgraded automatically.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Hostgator || Eleven2??? (Views: 731)
How does cloud hosting work? (Views: 776)
ASP code debugging tool (Views: 838)
Hardening Windows 2003 + Secure Remote Admin (Views: 691)
IE8 base href bug (Views: 679)

Language: