[SOLVED] Firewall Iptables managed via Webmin

    • [SOLVED] Firewall Iptables managed via Webmin

      Volker, since I updraded to Fedaykin my firewall has not been working. It is not running as service anymore. There is nothing in init.d or rcx.d. So it can't be be enabled with "service iptables start". I would like to get the firewall working. Could you explain what happened? When I add a rule and commit the change it shows in /etc/network/if-pre-up.d/iptables. Also, there is no /etc/iptables.up.rules now?????? This is the package that is installed. Hast du keine Ahnung? Before it ran as a service and I could use webmin to manage it and now???

      Package: iptables
      Priority: important
      Section: net
      Installed-Size: 1256
      Maintainer: Laurence J. Lane <ljlane@debian.org>
      Architecture: amd64
      Version: 1.4.8-3
    • Re: Firewall Iptables

      iptables does not have any SystemV init script. If the firewall rules are shown in /etc/network/if-pre-up.d/iptables after you commit them everything should be nearly fine. This script is executed by the ifupdown package evertime an interface goes up or down. Thus the iptables rules are automatically loaded while booting. You can also check whether the rules are loaded with

      Source Code

      1. iptables -L
      Absolutely no support through PM!

      I must not fear.
      Fear is the mind-killer.
      Fear is the little-death that brings total obliteration.
      I will face my fear.
      I will permit it to pass over me and through me.
      And when it has gone past I will turn the inner eye to see its path.
      Where the fear has gone there will be nothing.
      Only I will remain.

      Litany against fear by Bene Gesserit
    • Re: Firewall Iptables

      Is the ifupdown service supposed to be running all the time then? It is not on my system. Also, shouldn't ifupdown be activated when you commit a rule or do you have to start it manually? I turned on ifupdown and still nothing is being blocked. I reboot and nothing is being blocked. iptables -L shows the rules I commited and it appears in the /etc/network/if-pre-up.d/iptables as well. No ports being blocked by commited rules. ??? I know it worked before. I'm not positive it was with .3 upgrade or .4 but I haven't used it. Now I want to use some other services and open up more to internet, but not before I get this fixed. I'm usinng eth1.


      Thanks
    • Re: Firewall Iptables

      The ifupdown package IS installed on your system, otherwise the openmediavault package could not be installed due the fact that it depends on it (it is listed as depencency in the Debian package control file). ifupdown is no service, it's a collection of scripts that is executed every time a interface goes up or down. Nevertheless, the generated /etc/network/if-pre-up.d/iptables script is executed everytime you commit the firewall rules in the WebGUI. If the firewall rules are listed with 'iptables -L' then there is no problem on the OMV side. In this case you have to validate the correctness of your rules. As a side note, the firewall thing is done in the kernel, no userland service is doing this.
      Absolutely no support through PM!

      I must not fear.
      Fear is the mind-killer.
      Fear is the little-death that brings total obliteration.
      I will face my fear.
      I will permit it to pass over me and through me.
      And when it has gone past I will turn the inner eye to see its path.
      Where the fear has gone there will be nothing.
      Only I will remain.

      Litany against fear by Bene Gesserit
    • Re: Firewall Iptables

      This is really weird then cuz I have 2 machines doing the exact same thing. If it was hard drive error I could see it happening on one machine but not 2. They both obviously have same kernel and have been upgraded all the way from .2.x.x omv. I'm not blaming you, or omv, but there is some bug in Debian. This really sucks though. Maybe upgrade to .6 should fix it? I know in older version of omv I could use webmin or omv GUI to setup Firewall. I usually test by blocking port 10000. Then test other ports. I tell you Volker, you are pretty awesome but Debian??? I'm glad you love it. In Fedora I can install 3 FTP servers no problem without going thru the crazy stuff that Debian puts you thru. THE DEBIAN PACKAGE CONTROL FILE, ARGH. Get us to Wheezy man. Danke und bis spaeter..


      PS- I should note above that I assumed it ran as a service because I could enable the firewall in webmin. I almost want to install old ISO just to see structure and why I was able to do that.

      PPS- On the kernel, I have same kernel since I installed your 1st amd64 ISO. If it were kernel issue why did it work in past and not now??? It is obviously something outside of the kernel.
    • Re: Firewall Iptables

      To get iptables working as normal in webmin

      1) delete any rules in omv gui and then click on commit

      2) cd /etc/network/if-pre-up.d
      3) cp iptables iptables-omv.old
      4) enable firewall in webmin but don't apply configuration. this step will create /etc/iptables.up.rules
      5) edit firewall parameters- add your rules (or delete any webmin created you don't want) in webmin interface as normal. make sure you get port 22 open.
      6) now apply configuration in webmin and test.
      7) check all settings are correct with iptables -L. if all is ok you are good. if not reboot via ssh on open port 22. rules will not be applied on reboot.
      8) to get rules to work at boot edit /etc/network/if-pre-up.d/iptables and put in this script

      Source Code

      1. #!/bin/bash
      2. /sbin/iptables-restore < /etc/iptables.up.rules


      You cannot use omv firewall GUI now but can easily convert back by just doing:

      cd /etc/network/iptables.up.rules
      rm iptables
      cp iptables-omv.old iptables
      cd /etc
      rm iptables.up.rules
      reboot
    • Re: [SOLVED] Firewall Iptables

      "tekkbebe" wrote:

      I'm very f'in happy now...... :D :D :D :D :D :D :D :D :D :D

      I'm too. :D
      Absolutely no support through PM!

      I must not fear.
      Fear is the mind-killer.
      Fear is the little-death that brings total obliteration.
      I will face my fear.
      I will permit it to pass over me and through me.
      And when it has gone past I will turn the inner eye to see its path.
      Where the fear has gone there will be nothing.
      Only I will remain.

      Litany against fear by Bene Gesserit
    • Re: [SOLVED] Firewall Iptables managed via Webmin

      You should have had the firewall rules in OMV deleted (and then click on commit) before you started this guide. Once you setup Webmin to handle the firewall you need to enter rules there and not in OMV web-gui firewall.

      Convert back to OMV Web-gui Control go back to my post with instructions and start where it says this:

      "You cannot use omv firewall GUI now but can easily convert back by just doing"

      Once you've gone thru that and restored control back to OMV go into web-gui firewall section and click on delete the firewall rules. Then click on commit. You need to make sure you click on commit otherwise they will not be deleted.

      Then start guide from beginning to move control of firewall to Webmin and make sure you add rules in Webmin at Networking / Linux Firewall