[WHM/cPanel] after every reboot, IPTables denied all visitors

Discussion in 'Site & Server Administration' started by basketmen, Apr 23, 2014.

0
  1. #1
    Hi guys,

    i am using vps with WHM/cPanel

    after every reboot, IPTables denied all visitors, including me

    so i cant access the sites, whm, cpanel, ftp, or ssh at all
    so i need to create webhosting support ticket to help disable IPTables from they side, everytime after rebooted


    this just suddenly hapenned in the last 7 days, as i remember no settings i changed before


    please help guys, how to fix this


    nb.
    - i already change my ip address, still same, the IPTables denied all visitors
    - i already tried uninstall csf firewall, but still same, looks like this is IPTables from linux/whm, not from csf firewall?
     
    Solved! View solution.
    basketmen, Apr 23, 2014 IP
  2. evtimii

    evtimii Active Member

    Messages:
    55
    Likes Received:
    9
    Best Answers:
    1
    Trophy Points:
    70
    #2
    When you are able to log in to your server, check the IPtables rules

    iptables --list

    You can search for your IP as well:

    iptables --list | grep YOUR_IP


    Try to clear the iptables rules and restart the firewall.

    iptables --flush


    If you are using CSF, add your IP to the allowed list of IP addresses:

    edit /etc/csf/csf.allow

    then restart CSF and LFD

    csf -r && service lfd restart
     
    evtimii, Apr 23, 2014 IP
  3. #3
    Try this from a console:

    iptables --flush
service iptables save
    Code (markup):
    That should clear all rules and then save them. If this does not help, check your /etc/init.d directory to see if something else is loading the rules.

    Regards,
    Chris
     
    RHS-Chris, Apr 23, 2014 IP
    basketmen likes this.
  4. Tier_net

    Tier_net Active Member

    Messages:
    35
    Likes Received:
    5
    Best Answers:
    3
    Trophy Points:
    58
    #4
    What stops working? Everything or just SSH? Did you change SSH ports?

    Please also check /etc/sysconfig/iptables

    Sometimes, a default CentOS install will put static port rules in this file, which will be reloaded each time iptables starts.
     
    Tier_net, May 21, 2014 IP
  5. markjcc

    markjcc Greenhorn

    Messages:
    8
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    8
    #5
    What VPS Virtualization? OpenVZ, Xen, KVM, Other
    I know some VPS Virtualization software such as OpenVZ push default Iptable configs from the Slave node to make sure the IPV4 is running and connections arn't blocked from SolusVM or the Slave Server.
     
    markjcc, May 27, 2014 IP
  6. ironcladservers

    ironcladservers Well-Known Member

    Messages:
    389
    Likes Received:
    20
    Best Answers:
    4
    Trophy Points:
    115
    #6
    I think I know whats going on here. Is this an OpenVZ platform? If so, there is a new git commit for OpenVZ that causes issues for any stateful firewall.

    http://git.openvz.org/?p=vzctl;a=commit;h=9b8afa654945acc6d3bd782f622aaf9c54e4e87b

    You need to tell your VPS provider (if they are using OpenVZ) to include the following in your VPS's configuration file found in "/etc/vz/conf/":
    or (to include NAT):
    Then reboot the VPS. Things should work afterwards, hopefully :)
     
    ironcladservers, Jun 11, 2014 IP