PDA

View Full Version : FATAL Error: open3: exec of /sbin/iptables - Some index files failed to download


Fli
10-31-2017, 08:49 AM
I tried to install CSF on a old Linux Ubuntu (located on an OpenVZ VPS).
VPS got iptables modules enabled by doing "vzctl set CTID --netfilter full --save" on the dedicated host server, but on the VPS i got following error:


# perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...FAILED [FATAL Error: open3: exec of /sbin/iptables -I OUTPUT -p tcp --dport 9999 -j ACCEPT failed at /usr/local/csf/bin/csftest.pl line 144] - Required for csf to function
Testing ipt_LOG...FAILED [FATAL Error: open3: exec of /sbin/iptables -I OUTPUT -p tcp --dport 9999 -j LOG failed at /usr/local/csf/bin/csftest.pl line 144] - Required for csf to function
Testing ipt_multiport/xt_multiport...FAILED [FATAL Error: open3: exec of /sbin/iptables -I OUTPUT -p tcp -m multiport --dports 9998,9999 -j LOG failed at /usr/local/csf/bin/csftest.pl line 144] - Required for csf to function
Testing ipt_REJECT...FAILED [FATAL Error: open3: exec of /sbin/iptables -I OUTPUT -p tcp --dport 9999 -j REJECT failed at /usr/local/csf/bin/csftest.pl line 144] - Required for csf to function
Testing ipt_state/xt_state...FAILED [FATAL Error: open3: exec of /sbin/iptables -I OUTPUT -p tcp --dport 9999 -m state --state NEW -j LOG failed at /usr/local/csf/bin/csftest.pl line 144] - Required for csf to function
Testing ipt_limit/xt_limit...FAILED [FATAL Error: open3: exec of /sbin/iptables -I OUTPUT -p tcp --dport 9999 -m limit --limit 30/m --limit-burst 5 -j LOG failed at /usr/local/csf/bin/csftest.pl line 144] - Required for csf to function
Testing ipt_recent...FAILED [Error: open3: exec of /sbin/iptables -I OUTPUT -p tcp --dport 9999 -m recent --set failed at /usr/local/csf/bin/csftest.pl line 144] - Required for PORTFLOOD and PORTKNOCKING features
Testing xt_connlimit...FAILED [Error: open3: exec of /sbin/iptables -I INPUT -p tcp --dport 9999 -m connlimit --connlimit-above 100 -j REJECT --reject-with tcp-reset failed at /usr/local/csf/bin/csftest.pl line 144] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...FAILED [Error: open3: exec of /sbin/iptables -I OUTPUT -p tcp --dport 9999 -m owner --uid-owner 0 -j LOG failed at /usr/local/csf/bin/csftest.pl line 144] - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...FAILED [Error: open3: exec of /sbin/iptables -t nat -I OUTPUT -p tcp --dport 9999 -j REDIRECT --to-ports 9900 failed at /usr/local/csf/bin/csftest.pl line 144] - Required for MESSENGER feature
Testing iptable_nat/ipt_DNAT...FAILED [Error: open3: exec of /sbin/iptables -t nat -I PREROUTING -p tcp --dport 9999 -j DNAT --to-destination 192.168.254.1 failed at /usr/local/csf/bin/csftest.pl line 144] - Required for csf.redirect feature

RESULT: csf will not function on this server due to FATAL errors from missing modules [6]


# whereis iptables
iptables:
# which iptables

no output, so i tried to install it: sudo apt-get install iptables

Got error:

E: Some index files failed to download, they have been ignored, or old ones used instead.

As i have old Ubuntu, i had to replace content of /etc/apt/sources.list by:

deb http://old-releases.ubuntu.com/ubuntu/ oneiric main
deb-src http://old-releases.ubuntu.com/ubuntu/ oneiric main
deb http://old-releases.ubuntu.com/ubuntu/ oneiric-updates main
deb-src http://old-releases.ubuntu.com/ubuntu/ oneiric-updates main
deb http://old-releases.ubuntu.com/ubuntu/ oneiric universe
deb-src http://old-releases.ubuntu.com/ubuntu/ oneiric universe
deb http://old-releases.ubuntu.com/ubuntu/ oneiric-updates universe
deb-src http://old-releases.ubuntu.com/ubuntu/ oneiric-updates universe
deb http://old-releases.ubuntu.com/ubuntu oneiric-security main
deb-src http://old-releases.ubuntu.com/ubuntu oneiric-security main
deb http://old-releases.ubuntu.com/ubuntu oneiric-security universe
deb-src http://old-releases.ubuntu.com/ubuntu oneiric-security universe

and after "sudo apt-get update"
i installed iptables "sudo apt-get install iptables"

and test script returned better result:

# perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...FAILED [FATAL Error: FATAL: Could not load /lib/modules/2.6.32-042stab093.5/modules.dep: No such file or directory] - Required for csf to function
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...FAILED [Error: FATAL: Could not load /lib/modules/2.6.32-042stab093.5/modules.dep: No such file or directory] - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf will not function on this server due to FATAL errors from missing modules [1]

Interesting is that the multiport and owner modules are loaded on the VPS dedicated host server:

# lsmod|grep -E "owner|multiport"
xt_owner 2258 19
xt_multiport 2716 38

But on this particular Ubuntu VPS it fails, on other (CentOS) VPS it works without error. Both VPS was restarted.