* HTTP Access Blocked After iptables Update
@ 2009-11-03 19:23 JR
2009-11-03 21:06 ` fakessh
0 siblings, 1 reply; 7+ messages in thread
From: JR @ 2009-11-03 19:23 UTC (permalink / raw)
To: netfilter
Hello!
Today I updated various things in my production server, one of them was
iptables (via yum)
I'm running CentOS 5.
1) After the update I was not able to access any site hosted on my server.
2) I try to stop iptables and than I gain access again.
3) Than I've started iptables and no access again.
4) I rebooted my server.
5) After the reboot I verify if iptables was active, it was and all my sites
were accesible.
6) I've restarted iptables.
7) All sites went down again.
8) Rebooted my server and sites were accessible.
9) iptables was also running
Basically the problem is, if I restart iptables, I have to reboot my server
because my sites become offline.
So, what can be the problem here? Any ideas?
Help is highly appreciated!!!!
Many thanks in advance.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: HTTP Access Blocked After iptables Update
2009-11-03 21:06 ` fakessh
@ 2009-11-03 20:14 ` JR
2009-11-04 9:39 ` JR
1 sibling, 0 replies; 7+ messages in thread
From: JR @ 2009-11-03 20:14 UTC (permalink / raw)
To: fakessh; +Cc: netfilter
I haven't save iptables before I restart it. May that be the problem?
Do you "service iptables save" before stop, restart or flush iptables?
Thanks in advance.
--------------------------------------------------
From: <fakessh@fakessh.eu>
Sent: Tuesday, November 03, 2009 10:06 PM
To: "JR" <jdnromao@gmail.com>
Cc: <netfilter@vger.kernel.org>
Subject: Re: HTTP Access Blocked After iptables Update
> after upgrade iptables via yum on my box Centos 5.4
>
> I did not encounter such problems
> described in your post
>
> iptables work fine on my box
>
> Le mardi 3 novembre 2009 20:23, JR a écrit :
>> Hello!
>>
>> Today I updated various things in my production server, one of them was
>> iptables (via yum)
>>
>> I'm running CentOS 5.
>>
>> 1) After the update I was not able to access any site hosted on my
>> server.
>>
>> 2) I try to stop iptables and than I gain access again.
>>
>> 3) Than I've started iptables and no access again.
>>
>> 4) I rebooted my server.
>>
>> 5) After the reboot I verify if iptables was active, it was and all my
>> sites were accesible.
>>
>> 6) I've restarted iptables.
>>
>> 7) All sites went down again.
>>
>> 8) Rebooted my server and sites were accessible.
>>
>> 9) iptables was also running
>>
>> Basically the problem is, if I restart iptables, I have to reboot my
>> server
>> because my sites become offline.
>>
>> So, what can be the problem here? Any ideas?
>>
>> Help is highly appreciated!!!!
>>
>> Many thanks in advance.
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: HTTP Access Blocked After iptables Update
2009-11-03 19:23 HTTP Access Blocked After iptables Update JR
@ 2009-11-03 21:06 ` fakessh
2009-11-03 20:14 ` JR
2009-11-04 9:39 ` JR
0 siblings, 2 replies; 7+ messages in thread
From: fakessh @ 2009-11-03 21:06 UTC (permalink / raw)
To: JR; +Cc: netfilter
after upgrade iptables via yum on my box Centos 5.4
I did not encounter such problems
described in your post
iptables work fine on my box
Le mardi 3 novembre 2009 20:23, JR a écrit :
> Hello!
>
> Today I updated various things in my production server, one of them was
> iptables (via yum)
>
> I'm running CentOS 5.
>
> 1) After the update I was not able to access any site hosted on my server.
>
> 2) I try to stop iptables and than I gain access again.
>
> 3) Than I've started iptables and no access again.
>
> 4) I rebooted my server.
>
> 5) After the reboot I verify if iptables was active, it was and all my
> sites were accesible.
>
> 6) I've restarted iptables.
>
> 7) All sites went down again.
>
> 8) Rebooted my server and sites were accessible.
>
> 9) iptables was also running
>
> Basically the problem is, if I restart iptables, I have to reboot my server
> because my sites become offline.
>
> So, what can be the problem here? Any ideas?
>
> Help is highly appreciated!!!!
>
> Many thanks in advance.
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: HTTP Access Blocked After iptables Update
2009-11-03 21:06 ` fakessh
2009-11-03 20:14 ` JR
@ 2009-11-04 9:39 ` JR
2009-11-04 10:52 ` Saikiran Madugula
1 sibling, 1 reply; 7+ messages in thread
From: JR @ 2009-11-04 9:39 UTC (permalink / raw)
To: fakessh; +Cc: netfilter
Hello again.
Can someone please help me on this?
After server reboot all sites are on, and iptables is running. However if I
restart iptables (service iptables restart) all sites become unavailable.
And in "top", (after the iptables restart) all I see is root processes. I've
updated kernel, may be related to it?
What can be the cause?
Any help will be very appreciated!! Thank you!
PS: I wish I won't have updated iptables, I will for sure write this 1000
times: "if it's working, don't fix it!"
--------------------------------------------------
From: <fakessh@fakessh.eu>
Sent: Tuesday, November 03, 2009 10:06 PM
To: "JR" <jdnromao@gmail.com>
Cc: <netfilter@vger.kernel.org>
Subject: Re: HTTP Access Blocked After iptables Update
> after upgrade iptables via yum on my box Centos 5.4
>
> I did not encounter such problems
> described in your post
>
> iptables work fine on my box
>
> Le mardi 3 novembre 2009 20:23, JR a écrit :
>> Hello!
>>
>> Today I updated various things in my production server, one of them was
>> iptables (via yum)
>>
>> I'm running CentOS 5.
>>
>> 1) After the update I was not able to access any site hosted on my
>> server.
>>
>> 2) I try to stop iptables and than I gain access again.
>>
>> 3) Than I've started iptables and no access again.
>>
>> 4) I rebooted my server.
>>
>> 5) After the reboot I verify if iptables was active, it was and all my
>> sites were accesible.
>>
>> 6) I've restarted iptables.
>>
>> 7) All sites went down again.
>>
>> 8) Rebooted my server and sites were accessible.
>>
>> 9) iptables was also running
>>
>> Basically the problem is, if I restart iptables, I have to reboot my
>> server
>> because my sites become offline.
>>
>> So, what can be the problem here? Any ideas?
>>
>> Help is highly appreciated!!!!
>>
>> Many thanks in advance.
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: HTTP Access Blocked After iptables Update
2009-11-04 9:39 ` JR
@ 2009-11-04 10:52 ` Saikiran Madugula
2009-11-05 1:44 ` JR
2009-11-05 2:14 ` JR
0 siblings, 2 replies; 7+ messages in thread
From: Saikiran Madugula @ 2009-11-04 10:52 UTC (permalink / raw)
To: JR; +Cc: fakessh, netfilter
JR wrote:
> Hello again.
>
> Can someone please help me on this?
>
> After server reboot all sites are on, and iptables is running. However if I
> restart iptables (service iptables restart) all sites become unavailable.
>
> And in "top", (after the iptables restart) all I see is root processes.
> I've
> updated kernel, may be related to it?
>
> What can be the cause?
>
> Any help will be very appreciated!! Thank you!
>
Shot in the dark, when you do iptables restart does it do iptables-save and
iptables-restore ? Check in /etc/init.d/iptables.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: HTTP Access Blocked After iptables Update
2009-11-04 10:52 ` Saikiran Madugula
@ 2009-11-05 1:44 ` JR
2009-11-05 2:14 ` JR
1 sibling, 0 replies; 7+ messages in thread
From: JR @ 2009-11-05 1:44 UTC (permalink / raw)
To: Saikiran Madugula; +Cc: fakessh, netfilter
Hi, thank you very much for your reply!
No, I think not, but here is a part of the config
# Default firewall configuration:
IPTABLES_MODULES=""
IPTABLES_MODULES_UNLOAD="yes"
IPTABLES_SAVE_ON_STOP="no"
IPTABLES_SAVE_ON_RESTART="no"
IPTABLES_SAVE_COUNTER="no"
IPTABLES_STATUS_NUMERIC="yes"
Should I made any changes??
Thank you in advance!!
--------------------------------------------------
From: "Saikiran Madugula" <hummerbliss@gmail.com>
Sent: Wednesday, November 04, 2009 11:52 AM
To: "JR" <jdnromao@gmail.com>
Cc: <fakessh@fakessh.eu>; <netfilter@vger.kernel.org>
Subject: Re: HTTP Access Blocked After iptables Update
> JR wrote:
>> Hello again.
>>
>> Can someone please help me on this?
>>
>> After server reboot all sites are on, and iptables is running. However if
>> I
>> restart iptables (service iptables restart) all sites become unavailable.
>>
>> And in "top", (after the iptables restart) all I see is root processes.
>> I've
>> updated kernel, may be related to it?
>>
>> What can be the cause?
>>
>> Any help will be very appreciated!! Thank you!
>>
> Shot in the dark, when you do iptables restart does it do iptables-save
> and
> iptables-restore ? Check in .
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: HTTP Access Blocked After iptables Update
2009-11-04 10:52 ` Saikiran Madugula
2009-11-05 1:44 ` JR
@ 2009-11-05 2:14 ` JR
1 sibling, 0 replies; 7+ messages in thread
From: JR @ 2009-11-05 2:14 UTC (permalink / raw)
To: Saikiran Madugula; +Cc: fakessh, netfilter
One more thing, I have APF firewall.
Probaly is related to it...
Here is my iptables-config file:
# Load additional iptables modules (nat helpers)
# Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers
are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES="ip_conntrack_netbios_ns"
# Unload modules on restart and stop
# Value: yes|no, default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading
netfilter
# modules.
IPTABLES_MODULES_UNLOAD="yes"
# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="no"
# Save current firewall rules on restart.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="no"
# Save (and restore) rule and chain counter.
# Value: yes|no, default: no
# Save counters for rules and chains to /etc/sysconfig/iptables if
# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
# SAVE_ON_RESTART is enabled.
IPTABLES_SAVE_COUNTER="no"
# Numeric status output
# Value: yes|no, default: yes
# Print IP addresses and port numbers in numeric format in the status
output.
IPTABLES_STATUS_NUMERIC="yes"
# Verbose status output
# Value: yes|no, default: yes
# Print info about the number of packets and bytes plus the "input-" and
# "outputdevice" in the status output.
IPTABLES_STATUS_VERBOSE="no"
# Status output with numbered lines
# Value: yes|no, default: yes
# Print a counter/number for every rule in the status output.
IPTABLES_STATUS_LINENUMBERS="yes"
Any ideas?
Many thanks in advance.
--------------------------------------------------
From: "Saikiran Madugula" <hummerbliss@gmail.com>
Sent: Wednesday, November 04, 2009 11:52 AM
To: "JR" <jdnromao@gmail.com>
Cc: <fakessh@fakessh.eu>; <netfilter@vger.kernel.org>
Subject: Re: HTTP Access Blocked After iptables Update
> JR wrote:
>> Hello again.
>>
>> Can someone please help me on this?
>>
>> After server reboot all sites are on, and iptables is running. However if
>> I
>> restart iptables (service iptables restart) all sites become unavailable.
>>
>> And in "top", (after the iptables restart) all I see is root processes.
>> I've
>> updated kernel, may be related to it?
>>
>> What can be the cause?
>>
>> Any help will be very appreciated!! Thank you!
>>
> Shot in the dark, when you do iptables restart does it do iptables-save
> and
> iptables-restore ? Check in /etc/init.d/iptables.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2009-11-05 2:14 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-11-03 19:23 HTTP Access Blocked After iptables Update JR
2009-11-03 21:06 ` fakessh
2009-11-03 20:14 ` JR
2009-11-04 9:39 ` JR
2009-11-04 10:52 ` Saikiran Madugula
2009-11-05 1:44 ` JR
2009-11-05 2:14 ` JR
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.