Fresh Virtualmin/Centos 7 VPS Install Trying to Open Port 10000

6 posts / 0 new
Last post
#1 Mon, 12/26/2016 - 20:11
DavidLaw

Fresh Virtualmin/Centos 7 VPS Install Trying to Open Port 10000

Trying to install Virtualmin GPL on a fresh Godaddy unmanaged VPS running Centos 7.

First time user of Centos 7, been trying a couple of days to get it to work, have destroyed/rebuilt the server at least half a dozen times and still no closer to getting Virtualmin to work!

The server starts with Centos 7.1.* and iptables isn't running correctly. Iptables isn't running because of this issue: https://www.centos.org/forums/viewtopic.php?f=51&t=54469

Checked a few things before making any changes:

# systemctl is-enabled firewalld
disabled
# systemctl is-active firewalld
unknown
# systemctl is-enabled iptables
enabled
# systemctl is-active iptables
failed

So iptables is enabled, but is failing to start.

# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

Something in the default rules are stopping iptables running. According to the thread above it's due to this being a VPS and not a dedicated server. The default iptables file before making any changes is identical to what is listed at the thread above, but it's not being used because of an error: it's not line 14 per se, that's the commit line, I tried adding commit after each rule in iptables and it failed at the first rule (-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT).

Default iptables file:

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

service iptables save

Fixes the issue so iptables activates, but there's no iptable rules (none of the above is saved).

Yet the server starts with most ports blocked by default: Godaddy support have been useless providing information on how they block all ports except ports 80 and 22 (I haven't checked all ports, just the commonly used ones like MYSQL, DNS, HTTPS, FTP etc... and they are all blocked by default).

Prior to installing Virtualmin I've tried to add iptables rules like these (also tried after installing Virtualmin):

-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT

to see if iptables works and though the rules are added the ports are still blocked.

So I don't know how the server is blocking/unblocking ports, looks like it's not via iptables and firewalld isn't enabled/active either???

After running yum update (updates to Centos v7.3.1611) I use the install.sh file to install Virtualmin with no errors reported.

wget http://software.virtualmin.com/gpl/scripts/install.sh
chmod +x install.sh
./install.sh

Before a reboot all ports you'd expect to be open after Virtualmin are installed: MYSQL, HTTPS, DNS and are open, but ports 10000 and 20000 are closed.

After a reboot port 20000 is open, but port 10000 is still closed.

I can login to Usermin, but not Virtualmin/Webmin.

I've checked what iptable rules are active and still nothing is listed, so no idea how/where the ports for MYSQL etc... are saved.

Any idea what to check next?

If I can't open port 10000 thinking of switching Webmin to use port 20000 since I don't need access to Usermin.

Thanks in advance

David

Tue, 12/27/2016 - 00:49
Diabolico
Diabolico's picture

Yeah, first get away from GoDaddy, its one of the worst hosting you can get. Well maybe EIG (check the list on the bottom for their hosting companies https://en.wikipedia.org/wiki/Endurance_International_Group) is even worst but really not much of the difference. I have quite few VPS's spread with different hosting companies and i never saw such problem, actually all Centos 7 i installed did come with iptables enabled.

Reasons can many and one of them it could be their FW is blocking some ports. Do not give much hope to GoDaddy support because its completely useless, their service is useless and if you dont want to buy a TV or a fridge together with your hosting or domains just move everything from them.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Tue, 12/27/2016 - 06:57
DavidLaw

I should have checked the virtualmin-install.log and not rely on the output during Virtualmin installation in hindsight, doh!

The log file includes

Opening up firewalld ports
[91mFirewallD is not running[00m
46 lines of the above in total...
Configuring firewall rules

Looks like Virtualmin install is assuming Centos 7 has FirewallD enabled/active during installation.

I'm new to Centos 7, did read early version of Centos 7 have FirewallD enabled by default, but this was changed in recent versions.

Virtualmin is opening ports during installation, where/how are they saved if not via Firewalld/iptables?

Guess it's another destroy/rebuild, see if I can get FirewallD enabled before installing Virtualmin.

David

Wed, 12/28/2016 - 10:18
DavidLaw

I had to cancel the server, I couldn't get iptables to work correctly and their support couldn't get it working either!!!

Useless Godaddy support, time to move to another company!

David

Wed, 12/28/2016 - 13:00
Diabolico
Diabolico's picture

I told you and please stay away from EIG and their hosting companies. The (almost) full list you can find at the bottom of wiki page: https://en.wikipedia.org/wiki/Endurance_International_Group. All that companies are actually the same with same crappy support and even crappier servers.

If you say what you need and how much money you can spend i could give you some advice.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Sun, 01/08/2017 - 06:58
DavidLaw

I tracked the problem down.

Changing the "ipv6=1" line in "/etc/webmin/miniserv.conf" to "ipv6=0" and Webmin worked on port 10000 without any other changes.

Still had the line 14 error which are due to missing iptables kernel modules (an issue with the OpenVZ hardware node), but it works.

David

Topic locked