<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hey Chuck.<div class=""><br class=""></div><div class="">FYI, this was nothing to do with the rule number or the name of the chain. It was related to an openvz related item… The failed command would not work no matter what rule number or chain name was used. In my case, inserting in INPUT with no rule number is meant to insert before the first rule.</div><div class=""><br class=""></div><div class="">However, with the problem - no matter where an insert was tried, it failed. XT_STATE was not active in the openvz container, due to some previous openvz changes etc… that is what it ended up being… (plus upgrading the kernel for good measure).</div><div class=""><br class=""></div><div class="">GK</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 22 Feb 2017, at 2:24 PM, Chuck Tetlow <<a href="mailto:chuck@tetlow.net" class="">chuck@tetlow.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type" class="">
<meta content="OPENWEBMAIL" name="GENERATOR" class="">
<div bgcolor="#ffffff" class="">
Hi Greg,
<br class="">
<br class="">The first rule in my firewall chain does the same thing. Its:
<br class="">iptables -I acctin 1 -p tcp -m state --state ESTABLISHED -j ACCEPT
<br class="">
<br class="">That allows any packets that are part of a established connection (no ACK bit in the header) to flow through without having to go through the rest of the rules in the chains. The only reason I do this first - I have a LOT of rules in the acctin chain.
<br class="">
<br class="">And my second rule is:
<br class="">iptables -I acctin 2 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
<br class="">
<br class="">Which allows any new http packet to flow through. The reason for this - I block out huge parts of the world with /8, and /16 network blocks. This rule allows anyone anywhere to see the webpages on my server, but no FTP, SMTP, POP, IMAP, or SSH. They can still poke around and look for vulnerabilities in the webpages or CMS - but no hacking attempts via other protocols.
<br class="">
<br class="">Try that first rule to get the ESTABLISHED packets flowing. But to be honest, if the first packets with the ACK bit set flow through - anything after that (considered ESTABLISHED) should flow through too. So that rule really shouldn't be needed.
<br class="">
<br class="">
<br class="">Oh BTW - the reason your attempt listed below failed is the chain name/location. When you use the -I switch to input a rule, you have to provide the chain name and location. So you provided the chain name "INPUT", but not where in that chain. As you can see in my inputs above - I told it to put the rule in the "acctin" CHAIN and slot number 1 or 2. You didn't provide where in the chain to insert that rule.
<br class="">
<br class="">Oh. And just FYI - you tried to use the INPUT chain. That's fine, and will work. But you'll notice that in Blueonyx - the first (and usually only) thing that INPUT chain does is call the "acctin" chain. So I usually do all my changes & inputs in the "acctin" chain instead of the "INPUT" chain. (And yes - those chain names <b class=""><i class="">are</i></b> case sensitive).
<br class="">
<br class="">
<br class="">
<br class="">Chuck
<br class="">
<br class="">
<br class="">
<br class="">
<br class=""><font size="2" class=""><b class="">---------- Original Message
-----------</b>
<br class="">
From: Greg Kuhnert <<a href="mailto:gkuhnert@compassnetworks.com.au" class="">gkuhnert@compassnetworks.com.au</a>>
<br class="">
To: BlueOnyx General Mailing List <<a href="mailto:blueonyx@mail.blueonyx.it" class="">blueonyx@mail.blueonyx.it</a>>
<br class="">
Sent: Wed, 22 Feb 2017 09:16:33 +1100
<br class="">
Subject: [BlueOnyx:20698] Re: errors and issues
<br class="">
<br class="">> Further informational [UTF-8?]update⦠While upgrading the kernel would be
helpful, it is not the answer. (I have the same kernel version on a box that
does not have this problem).
<br class="">> This problem is as follows: related and
established traffic is not being permitted on the inbound iptables rule. I am
not an APF guru, so I tried to add a manual rule as a [UTF-8?]workaroundâ¦
<br class="">>
<br class="">
<br class="">>
<pre class="" style="font-family: " liberation="" mono","andale="" mono","dejavu="" sans="" mono","vera="" mono",consolas,courier,monospace;="" background-color:="" rgb(247,="" 249,="" 250);="" border:="" 1px="" dashed="" rgb(125,="" 174,="" 150);="" padding:="" 1em;="" line-height:="" 1.3em;="" font-size:="" 12.6px;="" overflow:="" auto;"="">iptables -I INPUT -j ACCEPT -m state --state
ESTABLISHED,RELATED</pre>
<br class="">>
<br class="">> <span class="" style="font-variant-ligatures: no-common-ligatures;"># iptables -I INPUT -j ACCEPT -m state
--state ESTABLISHED,RELATED</span>
<br class="">> <span class="" style="font-variant-ligatures: no-common-ligatures;">iptables: No chain/target/match by that
name.</span>
<br class="">>
<br class="">
<br class="">> I had a chat to Chris, and he had a
report of someone once with a similar problem but was unable to recall the
solution.
<br class="">>
<br class="">
<br class="">> My time is diverted elsewhere today -
[UTF-8?]Iâll have a look within the next 24 [UTF-8?]hours⦠In the meantime, if anyone has
some APF wisdom, that might get this in the right direction.
<br class="">>
<br class="">
<br class="">> Greg
<br class="">
<br class="">> <blockquote class="" type="cite">
<br class="">> On 22 Feb 2017, at 7:14 AM, Greg Kuhnert <<a class="" href="mailto:gkuhnert@compassnetworks.com.au">gkuhnert@compassnetworks.com.au</a>> wrote:
<br class="Apple-interchange-newline">
<br class="">>
<br class="">> Hi all.
<br class="">>
<br class="">
<br class="">> I just had a look on [UTF-8?]RCâs boxes. This turned out to be
something related to APF. Simple test - turn off APF, and that fixed that VPS.
Question is why. Still looking into that.
<br class="">>
<br class="">
<br class="">> On the
topic of the [UTF-8?]kernelâs - regardless of this problem, I agree 100% that it is a
good idea to upgrade the kernel to the newer [UTF-8?]version⦠but I think this may be
related to something [UTF-8?]elseâ¦
<br class="">>
<br class="">
<br class="">> Stay tuned.
<br class="">>
<br class="">
<br class="">>
<br class="">
<br class="">> <blockquote class="" type="cite">
<br class="">> On 22 Feb 2017, at 2:30 AM, Richard Barker <<a class="" href="mailto:admin@probass.com">admin@probass.com</a>> wrote:
<br class="Apple-interchange-newline">
<br class="">> <span class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255); float: none; display: inline ! important;">kernal is<span class="Apple-converted-space"> </span></span>
<br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);"><span class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255); float: none; display: inline ! important;">uname -r 2.6.32-042stab116.2 is June
2016</span>
<br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);"><span class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255); float: none; display: inline ! important;">cuurent is
2.6.32-042stab120.18 Jan 2017</span>
<br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);">
<br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);"><span class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255); float: none; display: inline ! important;">Again only one VPS
has the issues but I see what you are saying.</span>
<br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);"><span class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255); float: none; display: inline ! important;">Both Maser an Slave node are running
2.6.32-042stab116.2</span>
<br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);">
<br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);"><span class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255); float: none; display: inline ! important;">Not sure which way
to turn.</span>
<br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);">
<br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);"><span class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255); float: none; display: inline ! important;">On the backup node have this error
in Cluster Settings</span>
<br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);"><strong class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);">Bypassing any DRBD related tasks
as this does not appear to be a cluster ready box.
<br class="">
<br class=""></strong><strong class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);">This node was not set up as
'cluster-ready' as /etc/vz does not appear to be a symlink.
<br class="">
<br class=""></strong><span class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255); float: none; display: inline ! important;">Oh joy no joy</span>
<br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);"><span class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255); float: none; display: inline ! important;">RC</span>
<br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);">
<br class="">> --<span class="Apple-converted-space"> </span>
<br class="">
<br class="">> <em class=""><strong class="">Richard C. Barker Sr.<span class="Apple-converted-space"> </span>
<br class="">CEO & President<span class="Apple-converted-space"> </span>
<br class="">1-813-873-8942<span class="Apple-converted-space"> </span>
<br class=""><span style="color: rgb(0, 102, 0);" class="style1">ProBass Networks Inc.<span class="Apple-converted-space"> </span></span></strong></em>
<br class=""><a class="" href="http://www.probassnetworks.net/">www.probassnetworks.net</a><span class="Apple-converted-space"> </span>
<br class=""><a class="" href="http://www.probass.net/">www.probass.net</a><span class="Apple-converted-space"> </span>
<br class="">***************************************<span class="Apple-converted-space"> </span>
<br class="">DISCLAIMER : -<span class="Apple-converted-space"> </span>
<br class="">This e-mail is
confidential and intended only for the use<span class="Apple-converted-space">
</span>
<br class="">of the individual or entity named above and may contain<span class="Apple-converted-space"> </span>
<br class="">information that is
privileged. If you are not the intended<span class="Apple-converted-space">
</span>
<br class="">recipient, you are notified that any dissemination,
distribution<span class="Apple-converted-space"> </span>
<br class="">or
copying of this e-mail is strictly prohibited. If you have<span class="Apple-converted-space"> </span>
<br class="">received this email in
error, please notify us immediately<span class="Apple-converted-space">
</span>
<br class="">by return email or telephone and destroy the original
message.<span class="Apple-converted-space"> </span>
<br class=""><span class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255); float: none; display: inline ! important;">_______________________________________________</span>
<br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);"><span class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255); float: none; display: inline ! important;">Blueonyx mailing
list</span>
<br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);"><a class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);" href="mailto:Blueonyx@mail.blueonyx.it">Blueonyx@mail.blueonyx.it</a>
<br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);"><a class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);" href="http://mail.blueonyx.it/mailman/listinfo/blueonyx">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a>
<br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255);"></blockquote>
<br class="">_______________________________________________
<br class="">Blueonyx
mailing list
<br class=""><a class="" href="mailto:Blueonyx@mail.blueonyx.it">Blueonyx@mail.blueonyx.it</a>
<br class=""><a href="http://mail.blueonyx.it/mailman/listinfo/blueonyx" class="">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a>
<br class=""></blockquote>
<br class="">
<br class=""><b class="">------- End of Original Message
-------</b>
<br class="">
</font>
</div>
_______________________________________________<br class="">Blueonyx mailing list<br class=""><a href="mailto:Blueonyx@mail.blueonyx.it" class="">Blueonyx@mail.blueonyx.it</a><br class="">http://mail.blueonyx.it/mailman/listinfo/blueonyx<br class=""></div></blockquote></div><br class=""></div></body></html>