ConfigServer Community Forum

We have just received a brand new server from singlehop, and when attempting to install CSF etc, we apparently are blocked by the configserver's actual firewall. Our IP range includes 198.20.70.XXX

I have had to edit my evidence below due to:
"You are not currently authorized to post url links, please remove or rename:"
Thanks.

I'm also experiencing this issue, although this is my own server in my own datacenter.

Installed minimal install of CentOS 6.5, then continued by installing OpenVZ. Created a container, installed cPanel, followed by csf. All default settings, no changes. Tried this on 2 separate servers, both with the same result.

CSF does work, but blocks ALL traffic. Not sure how to fix it. Basically, if you add an IP to csf.allow, it is allowed through.

I've tried all of the help listed in the sticky posts, one particular one has 3 broken links in it for VPS providers but can't get to the info.

One thing I did notice however, is that if you don't disable OR flush & save iptables rules before booting into OpenVZ kernel after installation, you won't get access to your box afterwards. Had to go to DC and disable iptables on the HW node to regain access.

Also tried setting various settings in /etc/csf/csf.conf such as directed by several sites while searching through Google, such as the ETH device to venet+, setting conntrack mode to 1, adding inital rules in csfpre or csfpost...

Any help on this would be greatly appreciated, very difficult to get a new server going, I don't remember it being this difficult on the 30+ other servers I've configured in the past.

No fatal errors in csftest:

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...FAILED [Error: FATAL: Module ip_tables not found.] - Required for MESSENGER feature
Testing iptable_nat/ipt_DNAT...FAILED [Error: FATAL: Module ip_tables not found.] - Required for csf.redirect feature

RESULT: csf will function on this server but some features will not work due to some missing iptables modules [2]

86brown, that would be an unrelated issue to mine. I cannot reach configserver com, the actual website, from my server to update. All other traffic works fine.

It sounds like your issue is due to your main node missing the iptable_nat modules. You do have fatal errors there. Are they properly loaded in your configuration? You may have to do the following on your openVZ container:

http://www.webhostingtalk (INSERT COM) /showpost.php?s=d69cf65a2d74a1c43c1ae03dff6b0470&p=6597804&postcount=3

Again these are issued on the main node, not within the VPS. You have to stop/restart the container also after saving these variables.

Thanks.

Thanks for your reply I'll create a different thread for my issue, since its unrelated (I initally thought it was), my apologies wasn't trying to hijack the thread heheh!

--

Issue is I've tried all that. I have VZ nodes in several datacenters, physically installed personally and done all the setups, never had this issue before. Really can't discern anything different I've done other than use a more recent version of CentOS, although all get updated so it shouldn't matter. Only thing else that may be different is I'm using a Layer3 switch there, with IP routing enabled, but thats irrelevant really I would think.

I have a working server with a different kernel, which I'm updating/rebooting tonight to confirm and see if it remains working on that one, but all of the config options are quite the same between each other.