Results 1 to 16 of 16

Thread: lfd / CSF Wont start up.

  1. #1
    Join Date
    Mar 2017
    Location
    Netherlands
    Posts
    30

    Question lfd / CSF Wont start up.

    i ran Sudo yum update --cves --sec-severity && yum upgrade && rm -rf /var/cache/yum
    on my server and it gives the following updates.

    all updates install fine and everything seems to work also. even LFD start and i can restart it no problem. BUT once i restart the server and it comes back up LFD wont start up.
    it says Try restarting csf with FASTSTART disabled. You need to restart csf successfully to remove this warning, or delete /etc/csf/csf.error


    i did remove the csf.error file but the same problem.

    Code:
    ==============================================================================================================================================================
     Package                                   Arch                           Version                                      Repository                        Size
    ==============================================================================================================================================================
    Installing:
     kernel                                    x86_64                         3.10.0-862.3.2.el7                           updates                           46 M
     kernel-devel                              x86_64                         3.10.0-862.3.2.el7                           updates                           16 M
    Updating:
     initscripts                               x86_64                         9.49.41-1.el7                                base                             437 k
     iproute                                   x86_64                         4.11.0-14.el7                                base                             763 k
     iprutils                                  x86_64                         2.4.15.1-1.el7                               base                             243 k
     iptables                                  x86_64                         1.4.21-24.1.el7_5                            updates                          432 k
     kernel-headers                            x86_64                         3.10.0-862.3.2.el7                           updates                          7.1 M
     kernel-tools                              x86_64                         3.10.0-862.3.2.el7                           updates                          6.2 M
     kernel-tools-libs                         x86_64                         3.10.0-862.3.2.el7                           updates                          6.2 M
    Removing:
     kernel                                    x86_64                         3.10.0-693.5.2.el7                           @updates                          59 M
     kernel-devel                              x86_64                         3.10.0-693.5.2.el7                           @updates                          36 M
    not sure its 1 of these but strange is it works untill i reboot the server.
    Last edited by Musicfreak; 06-08-2018 at 06:57 AM.

  2. #2
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,010
    Hello,

    1. Read /etc/csf/csf.error ... fix
    2. Remove
    /etc/csf/csf.error
    3. Start lsfd/csf

  3. #3
    Join Date
    Mar 2017
    Location
    Netherlands
    Posts
    30
    i tried that. but didnt work had to restore a backup before it started working again. Forgot to copy the text out of the csf.error to show.

  4. #4
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    3,291
    Please copy the text from csf.error here, next to that:
    Try restarting csf with FASTSTART disabled
    Does it only says this or does it mention a line number like "Try restarting csf with FASTSTART disabled, at line xxx". If it mentiones a line number also, have a look at what's in that line.
    Greetings, Richard.

  5. #5
    Join Date
    Mar 2017
    Location
    Netherlands
    Posts
    30
    Quote Originally Posted by Richard G View Post
    Please copy the text from csf.error here, next to that:

    Does it only says this or does it mention a line number like "Try restarting csf with FASTSTART disabled, at line xxx". If it mentiones a line number also, have a look at what's in that line.
    iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.
    Error: FASTSTART: (DROP no logging IPv4) [] [iptables-restore v1.4.21: iptables-restore: unable to initialize table 'filter']. Try restarting csf with FASTSTART disabled, at line 5522

  6. #6
    Join Date
    Mar 2017
    Location
    Netherlands
    Posts
    30
    when i updated these packages it broke.

    Code:
    ==============================================================================================================================================================
     Package                                   Arch                           Version                                      Repository                        Size
    ==============================================================================================================================================================
    Installing:
     kernel                                    x86_64                         3.10.0-862.3.2.el7                           updates                           46 M
     kernel-devel                              x86_64                         3.10.0-862.3.2.el7                           updates                           16 M
    Updating:
     initscripts                               x86_64                         9.49.41-1.el7                                base                             437 k
     iproute                                   x86_64                         4.11.0-14.el7                                base                             763 k
     iprutils                                  x86_64                         2.4.15.1-1.el7                               base                             243 k
     iptables                                  x86_64                         1.4.21-24.1.el7_5                            updates                          432 k
     kernel-headers                            x86_64                         3.10.0-862.3.2.el7                           updates                          7.1 M
     kernel-tools                              x86_64                         3.10.0-862.3.2.el7                           updates                          6.2 M
     kernel-tools-libs                         x86_64                         3.10.0-862.3.2.el7                           updates                          6.2 M
    Removing:
     kernel                                    x86_64                         3.10.0-693.5.2.el7                           @updates                          59 M
     kernel-devel                              x86_64                         3.10.0-693.5.2.el7                           @updates                          36 M
    when i click on test Iptables it gives this error


    Code:
    Testing ip_tables/iptable_filter...FAILED [FATAL Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for csf to function
    Testing ipt_LOG...FAILED [FATAL Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for csf to function
    Testing ipt_multiport/xt_multiport...FAILED [FATAL Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for csf to function
    Testing ipt_REJECT...FAILED [FATAL Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for csf to function
    Testing ipt_state/xt_state...FAILED [FATAL Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for csf to function
    Testing ipt_limit/xt_limit...FAILED [FATAL Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for csf to function
    Testing ipt_recent...FAILED [Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for PORTFLOOD and PORTKNOCKING features
    Testing xt_connlimit...FAILED [Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for CONNLIMIT feature
    Testing ipt_owner/xt_owner...FAILED [Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for SMTP_BLOCK and UID/GID blocking features
    Testing iptable_nat/ipt_REDIRECT...FAILED [Error: iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for MESSENGER feature
    Testing iptable_nat/ipt_DNAT...FAILED [Error: iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for csf.redirect feature
    
    RESULT: csf will not function on this server due to FATAL errors from missing modules [6]
    Disabling Faststart to 0 didnt help
    Last edited by Musicfreak; 06-08-2018 at 06:49 AM. Reason: Disable Faststart doesnt work

  7. #7
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    345
    http://www.webhostingtalk.com/showthread.php?t=1685482
    and others for iptable searchimng the web

    CENTOS

    You update only parts as for security with Yum ?

    but a lot of kernel bugs should be there then if not up to date ( overige delen)

    http://suhail-ah.blogspot.com/2016/0...s-restore.html

    To resolve this, check the output of iptables -L if that gives any output, save it using following command and then restart iptables as shown below.
    Saving iptables rules:

    You can also get errors with iptables if you've installed a new version of the Kernel but you haven't rebooted yet
    Last edited by ikkeben; 06-08-2018 at 07:27 AM.
    DUTCH GERMAN, GERMAN DUTCH

  8. #8
    Join Date
    Mar 2017
    Location
    Netherlands
    Posts
    30
    Quote Originally Posted by ikkeben View Post
    http://www.webhostingtalk.com/showthread.php?t=1685482
    and others for iptable searchimng the web

    CENTOS

    You update only parts as for security with Yum ?

    but a lot of kernel bugs should be there then if not up to date ( overige delen)

    http://suhail-ah.blogspot.com/2016/0...s-restore.html




    You can also get errors with iptables if you've installed a new version of the Kernel but you haven't rebooted yet
    no i update everything. not only securty updates.

    there where 180 packages avail for update so i installed them 1 by 1 to see which one gave the problems and it seems these were left.

    i checked both links i tried it also. I did reboot multiply times. Not working.

  9. #9
    Join Date
    Jul 2007
    Posts
    170
    try:

    sudo modprobe ip_tables
    sudo echo 'ip_tables' >> /etc/modules

  10. #10
    Join Date
    Mar 2017
    Location
    Netherlands
    Posts
    30
    Quote Originally Posted by sysdev View Post
    try:

    sudo modprobe ip_tables
    sudo echo 'ip_tables' >> /etc/modules
    When i use those commands nothing happens. And its still wont start it.

  11. #11
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    345
    Quote Originally Posted by Musicfreak View Post
    no i update everything. not only securty updates.

    there where 180 packages avail for update so i installed them 1 by 1 to see which one gave the problems and it seems these were left.

    i checked both links i tried it also. I did reboot multiply times. Not working.
    So you did both links

    then iptalbes L and iptable start should give more info or errors?
    DUTCH GERMAN, GERMAN DUTCH

  12. #12
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    3,291
    When looking around you see this issue re-occuring several times, also years ago.
    In most cases it has to do with some issue between the kernel and iptables.

    You did have a kernel update on the yum update.
    It might be an idea to use the previous kernel version and wait for a newer one to come up, before updateding the kernel again.
    Greetings, Richard.

  13. #13
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    345
    Output of command for iptables yes or no running and errors and so on

    For csf needed.
    Testing ip_tables/iptable_filter...OK
    Testing ipt_LOG...OK
    Testing ipt_multiport/xt_multiport...OK
    Testing ipt_REJECT...OK
    Testing ipt_state/xt_state...OK
    Testing ipt_limit/xt_limit...OK
    Testing ipt_recent...OK
    Testing xt_connlimit...OK
    Testing ipt_owner/xt_owner...OK
    Testing iptable_nat/ipt_REDIRECT...OK
    Testing iptable_nat/ipt_DNAT...OK

    RESULT: csf should function on this server
    DUTCH GERMAN, GERMAN DUTCH

  14. #14
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    345
    If everything allright you still could have this prob ( don't know if centos 7 this could..)

    Disable iptables:

    That was reported that raw iptables in some cases might overwrite existing rules loaded by CSF/LFD. To avoid it we'd recommend to disable iptables and ip6tables from being loaded at boot time:
    You could read some about that here https://forum.directadmin.com/showth...244#post229244
    DUTCH GERMAN, GERMAN DUTCH

  15. #15
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,010
    Perhaps iptables or your kernel needs to be upgraded.
    What do you see when running the following commands?

    Code:
    uname -a
    Code:
    lsmod | egrep "^(ip_|ipt|xt_)"

  16. #16
    Join Date
    Mar 2017
    Location
    Netherlands
    Posts
    30
    Quote Originally Posted by ikkeben View Post
    If everything allright you still could have this prob ( don't know if centos 7 this could..)

    You could read some about that here https://forum.directadmin.com/showth...244#post229244
    So in this case we dont need iptables at all ? if we use CSF/LFD?

    Quote Originally Posted by zEitEr View Post
    What do you see when running the following commands?

    Code:
    uname -a
    Code:
    lsmod | egrep "^(ip_|ipt|xt_)"
    uname -a
    Linux mail 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

    lsmod | egrep "^(ip_|ipt|xt_)"
    xt_owner 12534 2
    xt_REDIRECT 12757 0
    xt_conntrack 12760 30
    xt_LOG 12690 6
    xt_limit 12711 7
    xt_multiport 12798 4
    iptable_nat 12875 0
    iptable_mangle 12695 0
    iptable_raw 12678 0
    ipt_REJECT 12541 1
    iptable_filter 12810 1
    ip_tables 27115 4 iptable_filter,iptable_mangle,iptable_nat,iptable_raw

    when i try chkconfig iptables off i see

    error reading information on service iptables: No such file or directory
    Last edited by Musicfreak; 06-12-2018 at 11:00 AM.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •