Problem with iptables (sendmsg: Operation not permitted)
hi
I'm having trouble with iptables after install cpanel and csf, all website on the server down and whm does not running after restarting iptables all problem sloved.
rules in iptables :
/etc/sysconfig/iptables :
when all website down and whm not running before restarting iptables output of the command "ping google.com" :
the problem sloved restarting iptables but repeat after about 24hr . this problem in 3servers of cpanel+cloudliunux and cpanel+centos. I running iptables -F and re-install csf and configure but problem not sloved. Please help Thank you.
# Generated by iptables-save v1.4.7 on Wed Aug 13 19:52:40 2014
*nat
:PREROUTING ACCEPT [75579:4880184]
:POSTROUTING ACCEPT [949:60462]
:OUTPUT ACCEPT [949:60462]
COMMIT
# Completed on Wed Aug 13 19:52:40 2014
# Generated by iptables-save v1.4.7 on Wed Aug 13 19:52:40 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10:808]
:acctboth - [0:0]
:cP-Firewall-1-INPUT - [0:0]
-A INPUT -j cP-Firewall-1-INPUT
-A INPUT -j acctboth
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j cP-Firewall-1-INPUT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j acctboth
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2078 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2082 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2077 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 26 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2086 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2087 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2095 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2096 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2083 -j ACCEPT
-A cP-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
COMMIT
# Completed on Wed Aug 13 19:52:40 2014
when all website down and whm not running before restarting iptables output of the command "ping google.com" :
PING google.com (74.125.195.100) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
the problem sloved restarting iptables but repeat after about 24hr . this problem in 3servers of cpanel+cloudliunux and cpanel+centos. I running iptables -F and re-install csf and configure but problem not sloved. Please help Thank you.
-
Hello :) You could try saving the flushed iptables rule set after disabling CSF with a command such as: /etc/init.d/iptables save
However, I suggest consulting with CSF on their support forums for help troubleshooting this issue: ConfigServer - Forums Thank you.0 -
Thank you. i flush iptables and remove CSF but it problem not sloved!!!!! Please help. [url=http://forum.configserver.com/viewtopic.php?f=6&t=8036]ConfigServer Community Forum • View topic - Problem with iptables (sendmsg: Operation not permitted) 0 -
The "ping: sendmsg: Operation not permitted" message occurs when you try to ping an IP that is currently blocked in iptables. You need to be sure CSF is entirely removed or at least disabled (csf -x) before flushing iptables. Otherwise you can leave your server in an entirely unreachable state. 0 -
The "ping: sendmsg: Operation not permitted" error, means that your system is unable to send ICMP packets outbound from your server. This means that you likely have a firewall rule that is blocking ICMP traffic to that IP, or perhaps ICMP entirely. To test if your firewall is indeed the problem, you can manually perform the following steps: iptables-save > /root/current.ipt iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT iptables -F INPUT; iptables -F OUTPUT ping -c 3 google.com iptables-restore < /root/current.ipt rm -f /root/current.ipt
If you're able to successfully ping, then you have a firewall issue. If this does not solve the problem, I don't know what other suggestions to offer given the information at hand. Except maybe Selinux, because I always like to blame it for everything anyways. j/k j/k0 -
Hello cPanelKurtN thanks for your help, but when I run "csf -r" the hole thing comes again ? 0 -
Sorry, I'm not familiar with ConfigServer. The goal of my example was to give you a few commands that can help you temporary diagnose your issue. 0
Please sign in to leave a comment.
Comments
6 comments