[BlueOnyx:19675] Re: iptables not starting /fresh 5209R install

Michael Stauber mstauber at blueonyx.it
Thu Jun 9 15:05:25 -05 2016 

Hi Tim,

> Fresh 5209R install
> 
> Went great other than this iptables issue

I just checked. Fresh 5209R install with the
BlueOnyx-5209R-CentOS-7.2-20160604.iso

Right after the initial console based login and finishing the network
config I took a look:

[root at localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled;
vendor preset: enabled)
Active: inactive (dead)

Jun 09 16:54:24 localhost.localdomain systemd[1]: Stopped firewalld -
dynamic firewall daemon.
Jun 09 16:57:12 localhost.localdomain systemd[1]: Stopped firewalld -
dynamic firewall daemon.


That's fine. We're not using "firewalld". We use "iptables":


[root at localhost ~]# systemctl status iptables
● iptables.service - SYSV: Starts, stops and saves iptables firewall
   Loaded: loaded (/etc/rc.d/init.d/iptables)
   Active: failed (Result: exit-code) since Do 2016-06-09 16:54:21 EDT;
55min left
     Docs: man:systemd-sysv-generator(8)

Jun 09 16:54:21 localhost.localdomain systemd[1]: Starting SYSV: Starts,
stops and saves iptables firewall...
Jun 09 16:54:21 localhost.localdomain systemd[1]: iptables.service:
control process exited, code=exited status=1
Jun 09 16:54:21 localhost.localdomain systemd[1]: Failed to start SYSV:
Starts, stops and saves iptables firewall.
Jun 09 16:54:21 localhost.localdomain systemd[1]: Unit iptables.service
entered failed state.
Jun 09 16:54:21 localhost.localdomain systemd[1]: iptables.service failed.


I think I see the problem. The firewall rules from "iptables" are active:


[root at localhost ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
acctin     all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
acctout    all  --  0.0.0.0/0            0.0.0.0/0

Chain acctin (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            127.0.0.1
RETURN     all  --  0.0.0.0/0            10.1.58.1
RETURN     all  --  0.0.0.0/0            10.1.255.255
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain acctout (1 references)
target     prot opt source               destination
RETURN     all  --  127.0.0.1            0.0.0.0/0
RETURN     all  --  10.1.58.1            0.0.0.0/0
RETURN     all  --  10.1.255.255         0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0


So "iptables" *did* start. But Systemd "thinks" (remove brain, insert
wet loaf of bread) it didn't.

That means: "iptables" works, but I need to overhaul the startup script
of it to appease Systemd.

I'll publish an update for this.

Many thanks for letting us know.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list