Can't get iptables working in VPS - state and conntrack not possibleFsockOpen problem with Iptables inside...
Character reincarnated...as a snail
Why can't we play rap on piano?
Client team has low performances and low technical skills: we always fix their work and now they stop collaborate with us. How to solve?
What does the "remote control" for a QF-4 look like?
How much of data wrangling is a data scientist's job?
Do infinite dimensional systems make sense?
How can I make my BBEG immortal short of making them a Lich or Vampire?
Why doesn't Newton's third law mean a person bounces back to where they started when they hit the ground?
A newer friend of my brother's gave him a load of baseball cards that are supposedly extremely valuable. Is this a scam?
Is it unprofessional to ask if a job posting on GlassDoor is real?
Definite integral giving negative value as a result?
Can an x86 CPU running in real mode be considered to be basically an 8086 CPU?
Can you really stack all of this on an Opportunity Attack?
Does detail obscure or enhance action?
Perform and show arithmetic with LuaLaTeX
Why is consensus so controversial in Britain?
Paid for article while in US on F-1 visa?
Are astronomers waiting to see something in an image from a gravitational lens that they've already seen in an adjacent image?
"You are your self first supporter", a more proper way to say it
Watching something be written to a file live with tail
Did Shadowfax go to Valinor?
How can I prevent hyper evolved versions of regular creatures from wiping out their cousins?
Why doesn't H₄O²⁺ exist?
How to format long polynomial?
Can't get iptables working in VPS - state and conntrack not possible
FsockOpen problem with Iptables inside OpenVZ VMHelp With IPTables: Traffic Forced To Specific NIC?Trying to make iptables stateless is causing unforeseen filteringWorkaround for state ESTABLISHED,RELATED to allow downloads?Configuring iptables on dd-wrt routerFirewall rules for ssh, ftp and webappsCentos 7 , Master-slave replication iptables?iptables nf_conntrack_ftp not working?debian kvm server with iptables is dropping bridge packetsIPtables blocking SSH only if using conntrack
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I've been browsing and reading documentations all night and I can't figure out any solution...
I'm trying to get iptables working on my VPS (Debian 7).
But I can't get established connections answered. The "-m state --state" and also "-m conntrack --ctstate" both don't work.
Both result in iptables: No chain/target/match by that name.
As far as I figured out, state has been outsourced from iptables and conntrack isn't installed on my system and isn't possible to be installed because I ain't got Kernel-Access to the network interfaces system.
I tried to install it from scratch but both tries (from packages and from source) failed. I changed the system to Ubuntu 14.04 for try but it didn't work either.
Is there any workaround or anything else I can do? I'm regulary using PF with OpenBSD as Firewall, so I'm not very familiar with iptables.
Here are the rules I'm adding - have I maybe forgotten something?
iptalbes -F
iptables -A OUTPUT -j ACCEPT
iptables -A FORWARD -j DROP
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
All rules beside the mentioned one are working well!
I found this question asked here before but there were no helpful answers or solutions.
I'm thankful for any help in advance :)
networking iptables firewall vps conntrack
asked May 12 '15 at 9:37
Velvetto WarriororVelvetto Warrioror
61
bumped to the homepage by Community♦ 3 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I've been browsing and reading documentations all night and I can't figure out any solution...
I'm trying to get iptables working on my VPS (Debian 7).
But I can't get established connections answered. The "-m state --state" and also "-m conntrack --ctstate" both don't work.
Both result in iptables: No chain/target/match by that name.
As far as I figured out, state has been outsourced from iptables and conntrack isn't installed on my system and isn't possible to be installed because I ain't got Kernel-Access to the network interfaces system.
I tried to install it from scratch but both tries (from packages and from source) failed. I changed the system to Ubuntu 14.04 for try but it didn't work either.
Is there any workaround or anything else I can do? I'm regulary using PF with OpenBSD as Firewall, so I'm not very familiar with iptables.
Here are the rules I'm adding - have I maybe forgotten something?
iptalbes -F
iptables -A OUTPUT -j ACCEPT
iptables -A FORWARD -j DROP
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
All rules beside the mentioned one are working well!
I found this question asked here before but there were no helpful answers or solutions.
I'm thankful for any help in advance :)
networking iptables firewall vps conntrack
asked May 12 '15 at 9:37
Velvetto WarriororVelvetto Warrioror
61
bumped to the homepage by Community♦ 3 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
What type VPS is it? (Do uname -a and paste it)
– Konrad Gajewski
May 12 '15 at 13:31
add a comment |
I've been browsing and reading documentations all night and I can't figure out any solution...
I'm trying to get iptables working on my VPS (Debian 7).
But I can't get established connections answered. The "-m state --state" and also "-m conntrack --ctstate" both don't work.
Both result in iptables: No chain/target/match by that name.
As far as I figured out, state has been outsourced from iptables and conntrack isn't installed on my system and isn't possible to be installed because I ain't got Kernel-Access to the network interfaces system.
I tried to install it from scratch but both tries (from packages and from source) failed. I changed the system to Ubuntu 14.04 for try but it didn't work either.
Is there any workaround or anything else I can do? I'm regulary using PF with OpenBSD as Firewall, so I'm not very familiar with iptables.
Here are the rules I'm adding - have I maybe forgotten something?
iptalbes -F
iptables -A OUTPUT -j ACCEPT
iptables -A FORWARD -j DROP
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
All rules beside the mentioned one are working well!
I found this question asked here before but there were no helpful answers or solutions.
I'm thankful for any help in advance :)
networking iptables firewall vps conntrack
asked May 12 '15 at 9:37
Velvetto WarriororVelvetto Warrioror
61
I've been browsing and reading documentations all night and I can't figure out any solution...
I'm trying to get iptables working on my VPS (Debian 7).
But I can't get established connections answered. The "-m state --state" and also "-m conntrack --ctstate" both don't work.
Both result in iptables: No chain/target/match by that name.
As far as I figured out, state has been outsourced from iptables and conntrack isn't installed on my system and isn't possible to be installed because I ain't got Kernel-Access to the network interfaces system.
I tried to install it from scratch but both tries (from packages and from source) failed. I changed the system to Ubuntu 14.04 for try but it didn't work either.
Is there any workaround or anything else I can do? I'm regulary using PF with OpenBSD as Firewall, so I'm not very familiar with iptables.
Here are the rules I'm adding - have I maybe forgotten something?
iptalbes -F
iptables -A OUTPUT -j ACCEPT
iptables -A FORWARD -j DROP
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
All rules beside the mentioned one are working well!
I found this question asked here before but there were no helpful answers or solutions.
I'm thankful for any help in advance :)
networking iptables firewall vps conntrack
networking iptables firewall vps conntrack
asked May 12 '15 at 9:37
Velvetto WarriororVelvetto Warrioror
61
asked May 12 '15 at 9:37
Velvetto WarriororVelvetto Warrioror
61
asked May 12 '15 at 9:37
Velvetto WarriororVelvetto Warrioror
61
asked May 12 '15 at 9:37
Velvetto WarriororVelvetto Warrioror
61
asked May 12 '15 at 9:37
Velvetto WarriororVelvetto Warrioror
61
61
bumped to the homepage by Community♦ 3 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 3 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
What type VPS is it? (Do uname -a and paste it)
– Konrad Gajewski
May 12 '15 at 13:31
add a comment |
What type VPS is it? (Do uname -a and paste it)
– Konrad Gajewski
May 12 '15 at 13:31
What type VPS is it? (Do uname -a and paste it)
– Konrad Gajewski
May 12 '15 at 13:31
What type VPS is it? (Do uname -a and paste it)
– Konrad Gajewski
May 12 '15 at 13:31
add a comment |
1 Answer
1
active
oldest
votes
Is kernel module nf_conntrack exist at /lib/modules//kernel/net/netfilter/ and loaded? If exist try:
modprobe nf_conntrack
answered May 12 '15 at 10:13
MaxikoMaxiko
45428
Nope, doesn't exist. Conntrack doesn't seem to be an option here.
– Velvetto Warrioror
May 12 '15 at 10:22
Are you running on OpenVZ? If yes, try to install linux-image deb packet same version as your running kernel and then try to load module, if it doesn't help then you should contact your provider to enable iptables.
– Maxiko
May 12 '15 at 10:26
Hey Maxiko, sadly I'm not running on OpenVZ. This would've made it much easier.... Provider has been contacted but hasn't responded yet...
– Velvetto Warrioror
May 12 '15 at 10:31
Anyway, try to install linux-image deb packet same version as your running kernel.
– Maxiko
May 13 '15 at 2:48
I did so, conntrack and state still not working. Should I try installing conntrack by hand now again or isn't it worth the try?
– Velvetto Warrioror
May 13 '15 at 17:14
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f691367%2fcant-get-iptables-working-in-vps-state-and-conntrack-not-possible%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Is kernel module nf_conntrack exist at /lib/modules//kernel/net/netfilter/ and loaded? If exist try:
modprobe nf_conntrack
answered May 12 '15 at 10:13
MaxikoMaxiko
45428
Nope, doesn't exist. Conntrack doesn't seem to be an option here.
– Velvetto Warrioror
May 12 '15 at 10:22
Are you running on OpenVZ? If yes, try to install linux-image deb packet same version as your running kernel and then try to load module, if it doesn't help then you should contact your provider to enable iptables.
– Maxiko
May 12 '15 at 10:26
Hey Maxiko, sadly I'm not running on OpenVZ. This would've made it much easier.... Provider has been contacted but hasn't responded yet...
– Velvetto Warrioror
May 12 '15 at 10:31
Anyway, try to install linux-image deb packet same version as your running kernel.
– Maxiko
May 13 '15 at 2:48
I did so, conntrack and state still not working. Should I try installing conntrack by hand now again or isn't it worth the try?
– Velvetto Warrioror
May 13 '15 at 17:14
add a comment |
Is kernel module nf_conntrack exist at /lib/modules//kernel/net/netfilter/ and loaded? If exist try:
modprobe nf_conntrack
answered May 12 '15 at 10:13
MaxikoMaxiko
45428
Nope, doesn't exist. Conntrack doesn't seem to be an option here.
– Velvetto Warrioror
May 12 '15 at 10:22
Are you running on OpenVZ? If yes, try to install linux-image deb packet same version as your running kernel and then try to load module, if it doesn't help then you should contact your provider to enable iptables.
– Maxiko
May 12 '15 at 10:26
Hey Maxiko, sadly I'm not running on OpenVZ. This would've made it much easier.... Provider has been contacted but hasn't responded yet...
– Velvetto Warrioror
May 12 '15 at 10:31
Anyway, try to install linux-image deb packet same version as your running kernel.
– Maxiko
May 13 '15 at 2:48
I did so, conntrack and state still not working. Should I try installing conntrack by hand now again or isn't it worth the try?
– Velvetto Warrioror
May 13 '15 at 17:14
add a comment |
Is kernel module nf_conntrack exist at /lib/modules//kernel/net/netfilter/ and loaded? If exist try:
modprobe nf_conntrack
answered May 12 '15 at 10:13
MaxikoMaxiko
45428
Is kernel module nf_conntrack exist at /lib/modules//kernel/net/netfilter/ and loaded? If exist try:
modprobe nf_conntrack
answered May 12 '15 at 10:13
MaxikoMaxiko
45428
answered May 12 '15 at 10:13
MaxikoMaxiko
45428
answered May 12 '15 at 10:13
MaxikoMaxiko
45428
answered May 12 '15 at 10:13
MaxikoMaxiko
45428
45428
Nope, doesn't exist. Conntrack doesn't seem to be an option here.
– Velvetto Warrioror
May 12 '15 at 10:22
Are you running on OpenVZ? If yes, try to install linux-image deb packet same version as your running kernel and then try to load module, if it doesn't help then you should contact your provider to enable iptables.
– Maxiko
May 12 '15 at 10:26
Hey Maxiko, sadly I'm not running on OpenVZ. This would've made it much easier.... Provider has been contacted but hasn't responded yet...
– Velvetto Warrioror
May 12 '15 at 10:31
Anyway, try to install linux-image deb packet same version as your running kernel.
– Maxiko
May 13 '15 at 2:48
I did so, conntrack and state still not working. Should I try installing conntrack by hand now again or isn't it worth the try?
– Velvetto Warrioror
May 13 '15 at 17:14
add a comment |
Nope, doesn't exist. Conntrack doesn't seem to be an option here.
– Velvetto Warrioror
May 12 '15 at 10:22
Are you running on OpenVZ? If yes, try to install linux-image deb packet same version as your running kernel and then try to load module, if it doesn't help then you should contact your provider to enable iptables.
– Maxiko
May 12 '15 at 10:26
Hey Maxiko, sadly I'm not running on OpenVZ. This would've made it much easier.... Provider has been contacted but hasn't responded yet...
– Velvetto Warrioror
May 12 '15 at 10:31
Anyway, try to install linux-image deb packet same version as your running kernel.
– Maxiko
May 13 '15 at 2:48
I did so, conntrack and state still not working. Should I try installing conntrack by hand now again or isn't it worth the try?
– Velvetto Warrioror
May 13 '15 at 17:14
Nope, doesn't exist. Conntrack doesn't seem to be an option here.
– Velvetto Warrioror
May 12 '15 at 10:22
Nope, doesn't exist. Conntrack doesn't seem to be an option here.
– Velvetto Warrioror
May 12 '15 at 10:22
Are you running on OpenVZ? If yes, try to install linux-image deb packet same version as your running kernel and then try to load module, if it doesn't help then you should contact your provider to enable iptables.
– Maxiko
May 12 '15 at 10:26
Are you running on OpenVZ? If yes, try to install linux-image deb packet same version as your running kernel and then try to load module, if it doesn't help then you should contact your provider to enable iptables.
– Maxiko
May 12 '15 at 10:26
Hey Maxiko, sadly I'm not running on OpenVZ. This would've made it much easier.... Provider has been contacted but hasn't responded yet...
– Velvetto Warrioror
May 12 '15 at 10:31
Hey Maxiko, sadly I'm not running on OpenVZ. This would've made it much easier.... Provider has been contacted but hasn't responded yet...
– Velvetto Warrioror
May 12 '15 at 10:31
Anyway, try to install linux-image deb packet same version as your running kernel.
– Maxiko
May 13 '15 at 2:48
Anyway, try to install linux-image deb packet same version as your running kernel.
– Maxiko
May 13 '15 at 2:48
I did so, conntrack and state still not working. Should I try installing conntrack by hand now again or isn't it worth the try?
– Velvetto Warrioror
May 13 '15 at 17:14
I did so, conntrack and state still not working. Should I try installing conntrack by hand now again or isn't it worth the try?
– Velvetto Warrioror
May 13 '15 at 17:14
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f691367%2fcant-get-iptables-working-in-vps-state-and-conntrack-not-possible%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What type VPS is it? (Do uname -a and paste it)
– Konrad Gajewski
May 12 '15 at 13:31