Backup and restore from FTP/NAS does not work with Alma Linux 8- SOLVED

[dorucrisan]

Problem is that you can't compare systems on different locations, because the office and home can have different firewall or other settings.
However, if you just install exactly the same server you're using now, but then with Centos 7 and it works without changes, then I'm puzzled.


If that works, then it looks as if it some user/owner/permission issue. As the problem is not that no connection is made, the problem is that curl can't change to a different directory.

In fact that would be working correctly, because the admin/back transfer is (as far as I'm aware of) done as user admin.
User admin has no permission to go to the /root/ directory of the server, that's preserved for root only.

But then I'm confused as to why the Centos 7 DA does not care about that. But I'm also wondering as to why you should use a different restore path than default.

Machines are not identical, I have two at the office and two at home for tests. Installs are exactly the same in both locations. Problem is not machine related. Will keep digging. Thanks for kind support Richard.

 

[dorucrisan]

Done another fresh install of Centos7+DA. Taking the server to work this morning to see if connects to both NAS units. Problem is the NAS at the office. I have another server there running AL8 with mentioned problem. Have also one AL8 server at home with same problem. The Centos7 server at home connects to both NAS units as well. If anybody has the time and the will to check that I will be happy to provide remote access to all those servers.

 

[dorucrisan]

Made another fresh install of Centos 7 + DA. It is working fine with same Synology NAS I cannot connect when using Alma8. It is restoring from NAS right now .

 

[Richard G]

Still I believe it must be some firewalling issue or something similar.

I didn't have seen the output of which I asked in post #9.
Maybe you can try that if you have Alma on again.

 

[dorucrisan]

Still I believe it must be some firewalling issue or something similar.

I didn't have seen the output of which I asked in post #9.
Maybe you can try that if you have Alma on again.

Thanks Richard, please tell me exactly where to look, I am not a programmer. Have to look into the server or the NAS? Where exactly? I can give you access anywhere if you have the time. The problem exists. Tested a dozen times at list. Here we are GMT+2.
Here is the output when running the given code by SSH as root on Alma server that does not connect to that NAS. I repeat, it connects to another NAS, same brand (Synology) that I have at home. No AL8 install conects to that NAS. Any Centos7 install connects just fine with exactly same credentials..


login as: root
[email protected]'s password:
Last failed login: Thu Aug 4 15:08:53 EEST 2022 from 51.15.56.154 on ssh:notty
There were 157 failed login attempts since the last successful login.
Last login: Wed Aug 3 07:50:09 2022 from 5.2.136.14
[root@server-82-78-165-202 ~]# systemctl status firewalld
● firewalld.service
Loaded: masked (Reason: Unit firewalld.service is masked.)
Active: inactive (dead)
[root@server-82-78-165-202 ~]# systemctl status nftables
● nftables.service - Netfilter Tables
Loaded: loaded (/usr/lib/systemd/system/nftables.service; disabled; vendor p>
Active: inactive (dead)
Docs: man:nft(8)
lines 1-4/4 (END)...skipping...
● nftables.service - Netfilter Tables
Loaded: loaded (/usr/lib/systemd/system/nftables.service; disabled; vendor p>
Active: inactive (dead)
Docs: man:nft(8)
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
lines 1-4/4 (END)

 

[Richard G]

Please don't quote full post, zo don't use the reply button but use the reply box, it's better. Keep things more neat.

You have to login via SSH to your Alma Linux server as root.
Then if you encounter the problem you are having, the only thing you have to do is to issue the commands I posted in Post #9 and place them here.
These commands (you can copy and paste)
systemctl status firewalld

systemctl status nftables

Could be some iptables default is running, check like this:
iptables -L

Just to be sure try this one too:
nftables-L

 

[dorucrisan]

Please don't quote full post, zo don't use the reply button but use the reply box, it's better. Keep things more neat.

Already replied please check. BTW how do I delete a thread to avoid duplication?
This is what I get from Alma server :

 

[Richard G]

BTW how do I delete a thread to avoid duplication?

You probably can't anymore. Otherwise the delete option would be present. In that case just don't reply in it anymore and it will sink automatically.

FTP information invalid is odd. That would mean that something goes wrong with the authentication but that could be a curl issue. I'm not into that.
This we already know so that is not new information.

Already replied please check.

I already did and nowhere is the output to be seen from the commands I asked.

 

[dorucrisan]

It is all in post #25. How about Alma 9? Is that works? We need FTP backups, must solve. I would not return to Centos 7 even that one is working perfectly. I am curios if CPanel has same issue with Alma 8. They had a bug related with FTP backups they did not know about it but it was solved. Took a week but was finally solved. They issued some code to be replaced. This was not related to Alma Linux, it was CentOS problem, almost identical nature.

 

[Richard G]

It is all in post #25.

Ah you asked me how to do it and then you reply'd during the time I was writing my reply. So I was looking at the previous page and didn't see your output due to my browser cache.

However, the iptables -L and nftables -L output is still missing.

You can also try to remove nftables before via the yum remove nftables command.

I don't know if Alma 9 works, because I don't even know why Alma 8 is giving issues.
If it's a Centos problem, then Centos 8 also should have the problem, but as far as I know it hasn't.

Ofcourse you could always send in a ticket.

 

[dorucrisan]

Done that, still not working

login as: root
[email protected]'s password:
Last failed login: Thu Aug 4 16:40:10 EEST 2022 from 209.141.57.23 on ssh:notty
There were 5 failed login attempts since the last successful login.
Last login: Thu Aug 4 15:54:35 2022 from 5.2.136.14
[root@server-82-78-165-202 ~]# yum remove nftables
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Removing:
nftables x86_64 1:0.9.3-25.el8 @anaconda 826 k
Removing dependent packages:
firewalld noarch 0.9.3-13.el8 @anaconda 2.0 M
Removing unused dependencies:
firewalld-filesystem noarch 0.9.3-13.el8 @anaconda 239
ipset x86_64 7.1-1.el8 @anaconda 63 k
ipset-libs x86_64 7.1-1.el8 @anaconda 217 k
iptables x86_64 1.8.4-22.el8 @anaconda 1.9 M
iptables-ebtables x86_64 1.8.4-22.el8 @anaconda 14 k
iptables-libs x86_64 1.8.4-22.el8 @anaconda 198 k
libibverbs x86_64 37.2-1.el8 @anaconda 990 k
libnetfilter_conntrack x86_64 1.0.6-5.el8 @anaconda 161 k
libnfnetlink x86_64 1.0.1-13.el8 @anaconda 51 k
libnftnl x86_64 1.1.5-5.el8 @anaconda 217 k
libpcap x86_64 14:1.9.1-5.el8 @anaconda 376 k
python3-decorator noarch 4.2.1-2.el8 @anaconda 47 k
python3-firewall noarch 0.9.3-13.el8 @anaconda 2.0 M
python3-libselinux x86_64 2.9-5.el8 @anaconda 771 k
python3-nftables x86_64 1:0.9.3-25.el8 @anaconda 28 k
python3-slip noarch 0.6.4-11.el8 @anaconda 60 k
python3-slip-dbus noarch 0.6.4-11.el8 @anaconda 70 k

Transaction Summary
================================================================================
Remove 19 Packages

Freed space: 9.9 M
Is this ok [y/N]: y
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: firewalld-0.9.3-13.el8.noarch 1/1
Running scriptlet: firewalld-0.9.3-13.el8.noarch 1/19
Erasing : firewalld-0.9.3-13.el8.noarch 1/19
Running scriptlet: firewalld-0.9.3-13.el8.noarch 1/19
Erasing : python3-firewall-0.9.3-13.el8.noarch 2/19
Running scriptlet: ipset-7.1-1.el8.x86_64 3/19
Current iptables configuration requires ipsets
error: %preun(ipset-7.1-1.el8.x86_64) scriptlet failed, exit status 1

Error in PREUN scriptlet in rpm package ipset
Erasing : python3-slip-dbus-0.6.4-11.el8.noarch 4/19
error: ipset-7.1-1.el8.x86_64: erase failed

Erasing : python3-slip-0.6.4-11.el8.noarch 5/19
Erasing : python3-nftables-1:0.9.3-25.el8.x86_64 6/19
Running scriptlet: iptables-ebtables-1.8.4-22.el8.x86_64 7/19
Erasing : iptables-ebtables-1.8.4-22.el8.x86_64 7/19
Running scriptlet: iptables-ebtables-1.8.4-22.el8.x86_64 7/19
Erasing : python3-decorator-4.2.1-2.el8.noarch 8/19
Erasing : firewalld-filesystem-0.9.3-13.el8.noarch 9/19
Erasing : iptables-1.8.4-22.el8.x86_64 10/19
Running scriptlet: iptables-1.8.4-22.el8.x86_64 10/19
Running scriptlet: nftables-1:0.9.3-25.el8.x86_64 11/19
Erasing : nftables-1:0.9.3-25.el8.x86_64 11/19
Running scriptlet: nftables-1:0.9.3-25.el8.x86_64 11/19
Erasing : iptables-libs-1.8.4-22.el8.x86_64 12/19
Erasing : libpcap-14:1.9.1-5.el8.x86_64 13/19
Erasing : libnetfilter_conntrack-1.0.6-5.el8.x86_64 14/19
Running scriptlet: libnetfilter_conntrack-1.0.6-5.el8.x86_64 14/19
Erasing : libnfnetlink-1.0.1-13.el8.x86_64 15/19
Running scriptlet: libnfnetlink-1.0.1-13.el8.x86_64 15/19
Erasing : libibverbs-37.2-1.el8.x86_64 16/19
Running scriptlet: libibverbs-37.2-1.el8.x86_64 16/19
Erasing : libnftnl-1.1.5-5.el8.x86_64 17/19
Running scriptlet: libnftnl-1.1.5-5.el8.x86_64 17/19
Erasing : python3-libselinux-2.9-5.el8.x86_64 18/19
Erasing : ipset-libs-7.1-1.el8.x86_64 19/19
Running scriptlet: ipset-libs-7.1-1.el8.x86_64 19/19
Verifying : firewalld-0.9.3-13.el8.noarch 1/19
Verifying : firewalld-filesystem-0.9.3-13.el8.noarch 2/19
Verifying : ipset-7.1-1.el8.x86_64 3/19
Verifying : ipset-libs-7.1-1.el8.x86_64 4/19
Verifying : iptables-1.8.4-22.el8.x86_64 5/19
Verifying : iptables-ebtables-1.8.4-22.el8.x86_64 6/19
Verifying : iptables-libs-1.8.4-22.el8.x86_64 7/19
Verifying : libibverbs-37.2-1.el8.x86_64 8/19
Verifying : libnetfilter_conntrack-1.0.6-5.el8.x86_64 9/19
Verifying : libnfnetlink-1.0.1-13.el8.x86_64 10/19
Verifying : libnftnl-1.1.5-5.el8.x86_64 11/19
Verifying : libpcap-14:1.9.1-5.el8.x86_64 12/19
Verifying : nftables-1:0.9.3-25.el8.x86_64 13/19
Verifying : python3-decorator-4.2.1-2.el8.noarch 14/19
Verifying : python3-firewall-0.9.3-13.el8.noarch 15/19
Verifying : python3-libselinux-2.9-5.el8.x86_64 16/19
Verifying : python3-nftables-1:0.9.3-25.el8.x86_64 17/19
Verifying : python3-slip-0.6.4-11.el8.noarch 18/19
Verifying : python3-slip-dbus-0.6.4-11.el8.noarch 19/19

Removed:
firewalld-0.9.3-13.el8.noarch
firewalld-filesystem-0.9.3-13.el8.noarch
ipset-libs-7.1-1.el8.x86_64
iptables-1.8.4-22.el8.x86_64
iptables-ebtables-1.8.4-22.el8.x86_64
iptables-libs-1.8.4-22.el8.x86_64
libibverbs-37.2-1.el8.x86_64
libnetfilter_conntrack-1.0.6-5.el8.x86_64
libnfnetlink-1.0.1-13.el8.x86_64
libnftnl-1.1.5-5.el8.x86_64
libpcap-14:1.9.1-5.el8.x86_64
nftables-1:0.9.3-25.el8.x86_64
python3-decorator-4.2.1-2.el8.noarch
python3-firewall-0.9.3-13.el8.noarch
python3-libselinux-2.9-5.el8.x86_64
python3-nftables-1:0.9.3-25.el8.x86_64
python3-slip-0.6.4-11.el8.noarch
python3-slip-dbus-0.6.4-11.el8.noarch
Failed:
ipset-7.1-1.el8.x86_64

Error: Transaction failed
[root@server-82-78-165-202 ~]#

 

[dorucrisan]

That removed csf and I can't rebuid it

 

[dorucrisan]

Unbelievable! I reinstalled csf by SSH. Csf was still not showing in DA panel. When clicking displayed white/blank page. I reinstalled DA again. Miracle! Now works. It connects. Question is what do I have to do to make it work as fresh install.

 

[Richard G]

CSF should be off for testing anyway.
However if that still gives the same error with curl 7, it shouldn't, then I don't know. Might still be best to send in a ticket then.

Do you know the thread on CP where a similar thing was solved? Maybe I can have a look.

To get csf working again, just install iptables again.
yum install iptables yum install ip6tables
second command is if you also use ipv6.

 

[dorucrisan]

Regarding CPanel issue, it was me who reported first. They did not know. It was like 2 years ago, I will look if I can find anything in my ticket history and if I can still access it, as I canceled CP license, using only DA now on 3 servers.

 

[dorucrisan]

I run yum install iptables. I have error again. What is hapening?

 

[Richard G]

That's a different error. First you had error 7, now you have error 56. At least that's better, it's a timeout issue.

I presume you have started CSF again?

Try this via SSH (disable firewall):
csf -x
then see if you get the same curl error on restore.

If yes, enable CSF again via SSH:
csf -e

 

[dorucrisan]

Yes I started csf again and again and every time I enter I find the message that csf not working -

Firewall Status: Enabled but Stopped​

Despite these errors, server is now connecting to NAS. Was it a server firewall problem? How can I avoid? I will do another install but what settings do I need to keep it working?
csf -x / csf -e retuns this:

login as: root
[email protected]'s password:
Last failed login: Fri Aug 5 04:23:01 EEST 2022 from 61.177.173.51 on ssh:notty
There were 1504 failed login attempts since the last successful login.
Last login: Thu Aug 4 19:19:35 2022 from 5.2.136.14
[root@server-82-78-165-202 ~]# csf -x
You have an unresolved error when starting csf:
Error: FASTSTART: (csf.deny IPv4) [] [iptables-restore v1.8.4 (nf_tables): Set c hain_DENY doesn't exist.]. Try restarting csf with FASTSTART disabled, at line 5 781 in /usr/sbin/csf

You need to restart csf successfully to remove this warning, or delete /etc/csf/ csf.error
[root@server-82-78-165-202 ~]# csf -e
csf and lfd are not disabled!
[root@server-82-78-165-202 ~]#

 

[Ohm J]

bro, why you trying to remove nftables without reading how script removed.

Error: Transaction failed

see this line, it error. So it dangerous to remove in currently now.
You can trying remove on fresh install, But shouldn't do in current running server. it could breaks change thing with other script. ( like "ipset" )

I don't know, install it back with just "iptables" will bring back "csf" to work. but forsure, install "nftables" too .

then installing "csf" again ( For makesure all Important libs )

first thing, Please backup your current config. and reading tutorial how to install csf in current exists server.

---

cp -rf /etc/csf /etc/csf_backup

Securing with Brute Force Monitor | Directadmin Docs

when everything back to work, makesure to disable "firewalld"

CentOS 8 Disable Firewall

A firewall is considered as the "First Line of Defense" within any operating system. It prohibits any unauthorized access to your system hence preventing it from all potential harms. However, at times it happens that you are performing a critical task, and your Firewall causes hindrance. In such...

linuxhint.com

if you wanna disable firewall, just use
csf -x
to temporary disable firewall

 

[dorucrisan]

Thank you, I followed Richard's advice. As of now I have a lot of errors and cannot start csf but server is connecting to NAS. However, this is not production server. I noticed the problem on a production server, but that is working as is, I build several other machines to investigate the NAS connection issue, still unsolved. Looks like firewall problem, at list we narrowed to that. Problem is only on Alma Linux 8, Centos 7 is working fine. Thanks everybody.