[BlueOnyx:19676] Re: iptables not starting /fresh 5209R install

webmaster webmaster at oldcabin.net
Thu Jun 9 16:38:12 -05 2016 


On 6/9/2016 3:05 PM, Michael Stauber wrote:
> Hi Tim,
>
>> Fresh 5209R install
>>
>> Went great other than this iptables issue
> I just checked. Fresh 5209R install with the
> BlueOnyx-5209R-CentOS-7.2-20160604.iso
>
> Right after the initial console based login and finishing the network
> config I took a look:
>
> [root at localhost ~]# systemctl status firewalld
> ● firewalld.service - firewalld - dynamic firewall daemon
> Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled;
> vendor preset: enabled)
> Active: inactive (dead)
>
> Jun 09 16:54:24 localhost.localdomain systemd[1]: Stopped firewalld -
> dynamic firewall daemon.
> Jun 09 16:57:12 localhost.localdomain systemd[1]: Stopped firewalld -
> dynamic firewall daemon.
>
>
> That's fine. We're not using "firewalld". We use "iptables":
>
>
> [root at localhost ~]# systemctl status iptables
> ● iptables.service - SYSV: Starts, stops and saves iptables firewall
>     Loaded: loaded (/etc/rc.d/init.d/iptables)
>     Active: failed (Result: exit-code) since Do 2016-06-09 16:54:21 EDT;
> 55min left
>       Docs: man:systemd-sysv-generator(8)
>
> Jun 09 16:54:21 localhost.localdomain systemd[1]: Starting SYSV: Starts,
> stops and saves iptables firewall...
> Jun 09 16:54:21 localhost.localdomain systemd[1]: iptables.service:
> control process exited, code=exited status=1
> Jun 09 16:54:21 localhost.localdomain systemd[1]: Failed to start SYSV:
> Starts, stops and saves iptables firewall.
> Jun 09 16:54:21 localhost.localdomain systemd[1]: Unit iptables.service
> entered failed state.
> Jun 09 16:54:21 localhost.localdomain systemd[1]: iptables.service failed.
>
>
> I think I see the problem. The firewall rules from "iptables" are active:
>
>
> [root at localhost ~]# iptables -L -n
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> acctin     all  --  0.0.0.0/0            0.0.0.0/0
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> acctout    all  --  0.0.0.0/0            0.0.0.0/0
>
> Chain acctin (1 references)
> target     prot opt source               destination
> RETURN     all  --  0.0.0.0/0            127.0.0.1
> RETURN     all  --  0.0.0.0/0            10.1.58.1
> RETURN     all  --  0.0.0.0/0            10.1.255.255
> RETURN     all  --  0.0.0.0/0            0.0.0.0/0
>
> Chain acctout (1 references)
> target     prot opt source               destination
> RETURN     all  --  127.0.0.1            0.0.0.0/0
> RETURN     all  --  10.1.58.1            0.0.0.0/0
> RETURN     all  --  10.1.255.255         0.0.0.0/0
> RETURN     all  --  0.0.0.0/0            0.0.0.0/0
>
>
> So "iptables" *did* start. But Systemd "thinks" (remove brain, insert
> wet loaf of bread) it didn't.
>
> That means: "iptables" works, but I need to overhaul the startup script
> of it to appease Systemd.
>
> I'll publish an update for this.
>
> Many thanks for letting us know.

Glad I could give back!

After running

iptables -L -n

I do now see that it is running






>

More information about the Blueonyx mailing list