Problema com CSF e Iptables

professormichel
(usa CentOS)

Enviado em 09/01/2016 - 02:18h

Prezados Srs, venho encarecidamente pedir ajuda pois estou configurando um servidor com whm CENTOS 6.7 x86_64 virtuozzo WHM 11.52.2 (build 1) - e ao instalar o csf tenho obtido alguns erros conforme segue:
------------------------------------------------------------------------------------------------------------------------------

Restarting csf...

Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:67
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:67
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:68
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:68
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:111
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:111
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:113
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:113
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpts:135:139
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpts:135:139
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:445
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:445
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:500
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:500
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:513
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:513
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:520
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:520
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *TCP_OUT Blocked* '
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *UDP_OUT Blocked* '
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *ICMP_OUT Blocked* '
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
DENYOUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
DENYIN all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
ALLOWOUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
ALLOWIN all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
iptables: No chain/target/match by that name.
INVDROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 state INVALID
Error: iptables command [/sbin/iptables -v -A INVALID -m state --state INVALID -j INVDROP] failed, you appear to be missing a required iptables module, at line 1397
...Done.

Restarting lfd...

Stopping lfd:[FAILED]
[ OK ]
Starting lfd:
Error: You have an unresolved error when starting csf. You need to restart csf successfully before starting lfd (see /etc/csf/csf.error)
[ OK ]
...Done.

-----------------------------------------------------------------------------------------------------------------------

rodei o comando: /etc/csf/csftest.pl

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: No chain/target/match by that name.] - Required for csf to function
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...FAILED [Error: iptables: No chain/target/match by that name.] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...FAILED [Error: FATAL: Module ip_tables not found.] - Required for MESSENGER feature
Testing iptable_nat/ipt_DNAT...FAILED [Error: FATAL: Module ip_tables not found.] - Required for csf.redirect feature

RESULT: csf will not function on this server due to FATAL errors from missing modules [1]

-----------------------------------------------------------------------------------------------
então rodei os comandos:

modprobe xt_state
modprobe xt_connlimit
modprobe ipt_REDIRECT
modprobe ipt_DNAT


modprobe xt_state
FATAL: Module xt_state not found.
root@hades [~]# modprobe xt_connlimit
FATAL: Module xt_connlimit not found.
root@hades [~]# modprobe ipt_REDIRECT
FATAL: Module ipt_REDIRECT not found.
root@hades [~]# modprobe ipt_DNAT
FATAL: Module ipt_DNAT not found.


-------------------------------------------------------------------------
preciso muito da ajuda de vocês, estou utilizando o iptables:

Installed Packages
Name : iptables
Arch : x86_64
Version : 1.4.7
Release : 16.el6
Size : 841 k
Repo : installed
Summary : Tools for managing Linux kernel packet filtering capabilities
URL : http://www.netfilter.org/
License : GPLv2
Description : The iptables utility controls the network packet filtering code in the
: Linux kernel. If you need to set up firewalls and/or IP masquerading,
: you should install this package.

Available Packages
Name : iptables
Arch : i686
Version : 1.4.7
Release : 16.el6
Size : 250 k
Repo : base
Summary : Tools for managing Linux kernel packet filtering capabilities
URL : http://www.netfilter.org/
License : GPLv2
Description : The iptables utility controls the network packet filtering code in the
: Linux kernel. If you need to set up firewalls and/or IP masquerading,
: you should install this package.

-----------------------------------------------------------------------------------------

Peço encarecidamente que me ajudem pois preciso entregar a um cliente este servidor com csf instalado e preciso muito resolver este problema.

conectadohost
(usa XUbuntu)

Enviado em 09/01/2016 - 10:08h

Olá,
trabalho com servidores Cpanel/WHM e utilizo o csf
o csf para que ele funcione você não pode usar regras iptables senão da xabu
como iptables é um firewall e o csf tambem é, usar 2 firewall vai dar problema no csf.
limpe as regras do iptables e tente reinstalar o csf



---> A arte de programar consiste na arte de organizar e dominar a complexidade.
---> Dijkstra <---