[SOLVED] Firewall Iptables managed via Webmin

1. offizieller Beitrag

    Volker, since I updraded to Fedaykin my firewall has not been working. It is not running as service anymore. There is nothing in init.d or rcx.d. So it can't be be enabled with "service iptables start". I would like to get the firewall working. Could you explain what happened? When I add a rule and commit the change it shows in /etc/network/if-pre-up.d/iptables. Also, there is no /etc/iptables.up.rules now?????? This is the package that is installed. Hast du keine Ahnung? Before it ran as a service and I could use webmin to manage it and now???


    Package: iptables
    Priority: important
    Section: net
    Installed-Size: 1256
    Maintainer: Laurence J. Lane <ljlane@debian.org>
    Architecture: amd64
    Version: 1.4.8-3

    • Offizieller Beitrag

    iptables does not have any SystemV init script. If the firewall rules are shown in /etc/network/if-pre-up.d/iptables after you commit them everything should be nearly fine. This script is executed by the ifupdown package evertime an interface goes up or down. Thus the iptables rules are automatically loaded while booting. You can also check whether the rules are loaded with


    Code
    iptables -L

    Is the ifupdown service supposed to be running all the time then? It is not on my system. Also, shouldn't ifupdown be activated when you commit a rule or do you have to start it manually? I turned on ifupdown and still nothing is being blocked. I reboot and nothing is being blocked. iptables -L shows the rules I commited and it appears in the /etc/network/if-pre-up.d/iptables as well. No ports being blocked by commited rules. ??? I know it worked before. I'm not positive it was with .3 upgrade or .4 but I haven't used it. Now I want to use some other services and open up more to internet, but not before I get this fixed. I'm usinng eth1.



    Thanks

    • Offizieller Beitrag

    The ifupdown package IS installed on your system, otherwise the openmediavault package could not be installed due the fact that it depends on it (it is listed as depencency in the Debian package control file). ifupdown is no service, it's a collection of scripts that is executed every time a interface goes up or down. Nevertheless, the generated /etc/network/if-pre-up.d/iptables script is executed everytime you commit the firewall rules in the WebGUI. If the firewall rules are listed with 'iptables -L' then there is no problem on the OMV side. In this case you have to validate the correctness of your rules. As a side note, the firewall thing is done in the kernel, no userland service is doing this.

    This is really weird then cuz I have 2 machines doing the exact same thing. If it was hard drive error I could see it happening on one machine but not 2. They both obviously have same kernel and have been upgraded all the way from .2.x.x omv. I'm not blaming you, or omv, but there is some bug in Debian. This really sucks though. Maybe upgrade to .6 should fix it? I know in older version of omv I could use webmin or omv GUI to setup Firewall. I usually test by blocking port 10000. Then test other ports. I tell you Volker, you are pretty awesome but Debian??? I'm glad you love it. In Fedora I can install 3 FTP servers no problem without going thru the crazy stuff that Debian puts you thru. THE DEBIAN PACKAGE CONTROL FILE, ARGH. Get us to Wheezy man. Danke und bis spaeter..



    PS- I should note above that I assumed it ran as a service because I could enable the firewall in webmin. I almost want to install old ISO just to see structure and why I was able to do that.


    PPS- On the kernel, I have same kernel since I installed your 1st amd64 ISO. If it were kernel issue why did it work in past and not now??? It is obviously something outside of the kernel.

    To get iptables working as normal in webmin


    1) delete any rules in omv gui and then click on commit


    2) cd /etc/network/if-pre-up.d
    3) cp iptables iptables-omv.old
    4) enable firewall in webmin but don't apply configuration. this step will create /etc/iptables.up.rules
    5) edit firewall parameters- add your rules (or delete any webmin created you don't want) in webmin interface as normal. make sure you get port 22 open.
    6) now apply configuration in webmin and test.
    7) check all settings are correct with iptables -L. if all is ok you are good. if not reboot via ssh on open port 22. rules will not be applied on reboot.
    8) to get rules to work at boot edit /etc/network/if-pre-up.d/iptables and put in this script


    Bash
    #!/bin/bash
 /sbin/iptables-restore < /etc/iptables.up.rules


    You cannot use omv firewall GUI now but can easily convert back by just doing:


    cd /etc/network/iptables.up.rules
    rm iptables
    cp iptables-omv.old iptables
    cd /etc
    rm iptables.up.rules
    reboot

    This thread deals with using webmin to create rules instead of OMV web-gui. Are you trying to use Webmin to manage Iptables or are you just having an issue with the firewall in OMV? If this is question about using firwall in OMV and not using Webmin you should create a new topic.

    Yes , i have installed webmin on my OMV , I am following your tutorial


    Zitat

    1) delete any rules in omv gui and then click on commit


    I try to delete the rules, when I refresh the page, the firewall rules in OMV has not been deleted

    You should have had the firewall rules in OMV deleted (and then click on commit) before you started this guide. Once you setup Webmin to handle the firewall you need to enter rules there and not in OMV web-gui firewall.


    Convert back to OMV Web-gui Control go back to my post with instructions and start where it says this:


    "You cannot use omv firewall GUI now but can easily convert back by just doing"


    Once you've gone thru that and restored control back to OMV go into web-gui firewall section and click on delete the firewall rules. Then click on commit. You need to make sure you click on commit otherwise they will not be deleted.


    Then start guide from beginning to move control of firewall to Webmin and make sure you add rules in Webmin at Networking / Linux Firewall

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden