PDA

View Full Version : OPenVZ, CentOS 7, CSF install error fixing: No chain/target/match by that name.



Fli
01-07-2016, 11:01 AM
I have OpenVZ VPS and CentOS 7 on it.

Config server firewall errors after executing test script (perl /etc/csf/csftest.pl)


Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: No chain/target/match by that name.] - Required for csf to function
Testing xt_connlimit...FAILED [Error: iptables: No chain/target/match by that name.] - Required for CONNLIMIT feature
Testing iptable_nat/ipt_REDIRECT...FAILED [Error: iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for MESSENGER feature
Testing iptable_nat/ipt_DNAT...FAILED [Error: iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for csf.redirect feature

--- FAILED/NO IPTABLES ---

# service iptables status

Redirecting to /bin/systemctl status iptables.service
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled)
Active: failed (Result: exit-code) since Wed 2016-01-06 22:06:09 EST; 6h ago
Main PID: 111 (code=exited, status=1/FAILURE)

Jan 06 22:06:09 vcuglsfh systemd[1]: Starting IPv4 firewall with iptables...
Jan 06 22:06:09 vcuglsfh iptables.init[111]: iptables: Applying firewall rules: iptables-restore: line 14 failed
Jan 06 22:06:09 vcuglsfh iptables.init[111]: [FAILED]
Jan 06 22:06:09 vcuglsfh systemd[1]: iptables.service: main process exited, code=exited, status=1/FAILURE
Jan 06 22:06:09 vcuglsfh systemd[1]: Failed to start IPv4 firewall with iptables.
Jan 06 22:06:09 vcuglsfh systemd[1]: Unit iptables.service entered failed state.

# cat /etc/sysconfig/iptables

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

What worked is to revert back to iptables instead of firewalld (replacement of iptables on RHEL 7?):

systemctl disable firewalld && systemctl stop firewalld
yum -y install iptables-services
systemctl enable iptables && service iptables save && service iptables restart

The above command "service iptables save" fixed the "iptables-restore: line 14 failed" problem

perl /etc/csf/csftest.pl


Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: No chain/target/match by that name.]

Error was still there, on the VPS host node server (server on which virtual private server is hosted) i executed:

vzctl set VPSIDHERE --netfilter full --save --setmode restart

then entered into VPS and tried "perl /etc/csf/csftest.pl" but same failure. What put away CSF/iptable modules errors was to restart VPS and then CSF/iptables errors was away

vzctl restart VPSIDHERE