Submitted by isdahlc on Thu, 06/24/2010 - 15:46 Pro Licensee
This started with a cloudmin image I created configured with the settings I want (including a basic set of iptables rules). Create a new OpenVZ container in CM (this is running Virtualmin GPL) and open the Virtualmin interface. Click WEBMIN | NETWORKING | LINUX FIREWALL but none of the existing iptables rules are displayed. The rules exist, iptables is running, I've restarted iptables but can't seem to get the Webmin interface to see them.
A copy of the rules in case that's relevant:
# Generated by webmin
*filter
-A FORWARD -o venet0 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT:
-A FORWARD -i venet0 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN:
-A OUTPUT -o venet0 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT:
-A INPUT -i venet0 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN:
-A INPUT -p udp -m udp --dport ftp-data -j ACCEPT
-A INPUT -p udp -m udp --dport ftp -j ACCEPT
-A INPUT -p udp -m udp --dport domain -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport https -j ACCEPT
-A INPUT -p tcp -m tcp --dport http -j ACCEPT
-A INPUT -p tcp -m tcp --dport imaps -j ACCEPT
-A INPUT -p tcp -m tcp --dport imap -j ACCEPT
-A INPUT -p tcp -m tcp --dport pop3s -j ACCEPT
-A INPUT -p tcp -m tcp --dport pop3 -j ACCEPT
-A INPUT -p tcp -m tcp --dport ftp-data -j ACCEPT
-A INPUT -p tcp -m tcp --dport ftp -j ACCEPT
-A INPUT -p tcp -m tcp --dport domain -j ACCEPT
-A INPUT -p tcp -m tcp --dport smtp -j ACCEPT
-A INPUT -p tcp -m tcp --dport ssh -j ACCEPT
COMMIT
# Completed
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
Please let me know what I am doing wrong...
Thanks!
Craig
Status:
Closed (fixed)
Comments
Submitted by JamieCameron on Thu, 06/24/2010 - 15:48 Comment #1
Is the problem system running CentOS 5?
If so, which file are these rules in? Webmin expects /etc/sysconfig/iptables
Submitted by isdahlc on Thu, 06/24/2010 - 16:08 Pro Licensee Comment #2
Yes, CentOS 5.5
Files are located at /etc/sysconfig/iptables
[root@id1002 /]# ll /etc/sysconfig/iptables
-rw-r--r-- 1 root root 1355 Jun 24 16:31 /etc/sysconfig/iptables
[root@id1002 /]# cat /etc/redhat-release
CentOS release 5.5 (Final)
[root@id1002 /]# uname -pr
2.6.18-194.3.1.el5.028stab069.6 i686
Submitted by JamieCameron on Thu, 06/24/2010 - 17:25 Comment #3
Very odd, that file looks OK to me.
What exactly appears on the main page of the Linux Firewall module?
Submitted by isdahlc on Thu, 06/24/2010 - 17:42 Pro Licensee Comment #4
Just the normal page shows. Clicking "Showing IPTable" doesn't bring up the rules. See attached image.
Submitted by JamieCameron on Thu, 06/24/2010 - 18:31 Comment #5
Actually, that iptables file looks incomplete. At the top it should read :
\*filter:FORWARD ACCEPT [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
The lines starting with : are missing.
Submitted by isdahlc on Fri, 06/25/2010 - 08:33 Pro Licensee Comment #6
Yep, that did it... I shouldn't have missed that - sorry to waste your time. -- Craig
Submitted by JamieCameron on Fri, 06/25/2010 - 12:37 Comment #7
Ok, cool .. glad that solved it!
Submitted by Issues on Fri, 07/09/2010 - 16:20 Comment #8
Automatically closed -- issue fixed for 2 weeks with no activity.