Firewall rules not shown

6 posts / 0 new
Last post
#1 Sat, 12/07/2013 - 10:06
PatTzZ

Firewall rules not shown

Hi everyone!

I installed virtualmin and almost everything i need seems to run fine now.

I have few other servers running it and everything is fine but on my dedicated, i dont see any rules in the webmin "linux firewall" module. (You can see it attachment).

If i verify rules from ssh, everything seems to be ok (however, the state is also unknowbut in webmin "bootup and shutdown" module)

how can i debug this?

Any clue will be welcome!

Thanks in advance!

Sun, 12/22/2013 - 11:45
PatTzZ

Finally, that case has never been fixed properly. I dont really remember what i did but i've been able to copy a file content somewhere days ago and after that, the rules has been shown in webmin firewall but now, if i use it to add some rules, these rules dont appair.

I can manage iptables manually but i prefer to have it fixed properly because it's the only thing that dont work like a charm now with webmin/virtualmin.

The state is also staying at "unknow" under bootup and shutdown.

Please can you help us to fix this problem?

Sun, 12/22/2013 - 11:51
Locutus

What distribution are you using? Did you install Virtualmin using its installer script on a clean OS?

Sun, 12/22/2013 - 13:29
PatTzZ

I'm using centos 6.5 and yes, i installed it on a clean os using the installer script.

I didnt check deeply before to know what was installed on it, if there was already some softwares installed but it was supposed to be only the OS clean.

By the way, i installed it twice (I mean i reinstalled it) because of this problem and both tries gave the same results.

Tue, 12/24/2013 - 21:33
AllanIT

Hi PatTzz

Below is the firewall section of a tutorial I wrote some time a go for installing Virtualmin on Ubuntu hope it is helpful

k. Add iptables firewall rules
i. Goto webmin> networking> Linux firewall.
ii. What you will see is that there is no fire wall rules. This is not actually true they are just not showing up for some reason.
(1) To make the existing rules show up we have to trick the firewall.
(a) click apply configuration button once
(b) NOTE Only once.
(2) Then click the revert configuration button once.
(a) When the screen refreshes you will see a set of rules that come with Virtualmin.
(3) Click the apply configuration button and you will have a basic configuration
(a) NOTE: This configuration as is, is not very secure and will need modifying.
iii. You will need to add the following rules if they are not there
(1) To add rules click the add rule button at the bottom of the section to insert a rule, at the bottom of the section. Or the blue arrow to insert a rule above or below another.
(2) On the add rule screen select the conditions you want and then click the create button at the bottom of the screen.
(a) NOTE: after you have successfully created the rules you want you must also click apply configuration button on the bottom of the Linux Firewall screen.
(b) NOTE: You should wind up with the rules in the order listed below.
(3) To edit a rule click on the coloured action.
(a) When finished click the save button.
(4) NOTE: Make sure you are inserting rules in the correct section EG: Incoming packets (INPUT), Forwarded packets (FORWARD),  Outgoing packets (OUTPUT)
iv. Incoming packets (INPUT)
(1) Log packet Always
(2) Accept If source is 127.0.0.1
(3) Accept If source is xxx.xxxx.xxx.xxx
(a) The above rule is for the IP Address that your server is on, on your network (internal IP Address) Gg: 192.xxx.xxxx.xxx
(4) Accept If source is xxx.xxxx.xxx.xxx
(a) the above rule is to allow you access at all times replace “xxx.xxxx.xxx.xxx ” with your IP address or addresses or address range
(5) Accept If protocol is UDP and source and destination port is 123
(6) Accept If protocol is UDP and source and destination ports are 465
(7) Accept If protocol is TCP and destination port is 10000
(8) Accept If protocol is TCP and destination port is 20000
(9) Accept If protocol is TCP and destination port is 443
(10) Accept If protocol is TCP and destination port is 80
(11) Accept If protocol is TCP and destination port is 993
(12) Accept If protocol is TCP and destination port is 143
(13) Accept If protocol is TCP and destination port is 995
(14) Accept If protocol is TCP and destination port is 110
(15) Accept If protocol is TCP and destination port is 20:21
(16) Accept If protocol is TCP and destination port is 22
(17) Accept If protocol is TCP and destination port is 25
(18) Accept If protocol is TCP and source and destination ports are ssh,ftp,www,http,https,pop3,smtp,imap,imaps,imap2,pop3s,993,10000,2000
(a) NOTE wen entering a group like above make sure there are no additional spaces. 
(19) Accept If protocol is ICMP and ICMP type is echo-request and state of connection is NEW,ESTABLISHED,RELATED
(20) Accept If protocol is ICMP and ICMP type is echo-reply and state of connection is ESTABLISHED,RELATED
(21) Accept If protocol is TCP and destination port is 1024:65535  and source port is 53
(22) Accept If protocol is UDP and destination port is 1024:65535 and source port is 53
(23) Accept If protocol is TCP and destination port is 53 and source port is 1024:65535
(24) Accept If protocol is UDP and destination port is 53 and source port is 1024:65535
(25) Accept If protocol is TCP and destination port is 953
(26) Accept If protocol is UDP and destination port is 953
(27) Accept If protocol is TCP and source and destination ports are 53
(28) Accept If protocol is UDP and source and destination ports are 53

v. Forwarded packets (FORWARD)
(1) Log packet Always
(2) Accept If source is 127.0.0.1
(3) Accept If source is xxx.xxxx.xxx.xxx
(a) The above rule is for the IP Address that your server is on, on your network (internal IP Address) Gg: 192.xxx.xxxx.xxx

vi. Outgoing packets (OUTPUT)
(1) Log packet Always
(2) Accept If source is 127.0.0.1
(3) Accept If source is xxx.xxxx.xxx.xxx
(a) The above rule is for the IP Address that your server is on, on your network (internal IP Address) Gg: 192.xxx.xxxx.xxx
(4) Accept If protocol is UDP and source and destination ports are 123
(5) Accept If protocol is ICMP and ICMP type is echo-reply and state of connection is ESTABLISHED,RELATED
(6) Accept If protocol is ICMP and ICMP type is echo-request and state of connection is NEW,ESTABLISHED,RELATED
(7) Accept If protocol is TCP and destination port is 53  and source port is 1024:65535
(8) Accept If protocol is UDP and destination port is 53 and source port is 1024:65535
(9) Accept If protocol is TCP and destination port is 1024:65535 and source port is 53
(10) Accept If protocol is UDP and destination port is 1024:65535 and source port is 53
(11) Accept If protocol is TCP and destination port is 953
(12) Accept If protocol is UDP and destination port is 953
(13) Accept If protocol is TCP and source and destination ports are 53
(14) Accept If protocol is UDP and source and destination ports are 53

vii. Close the firewall up!
(1) NOTE: Make sure you have entered the rule above that allows you access to the server.
(2) At the bottom of the incoming packets section select drop from the listbox
(a) Then click the “set default action” button.
(3) Now click the apply configuration button at the bottom of the screen.
(4) Repeat for “Forwarded packets”
viii. Activate at boot
(1) At the bottom of the Linux Firewall screen is a Activate at boot button with a yes and no radio button.
(a) Select the yes radio button
(b) Then click the Activate at boot button.
ix. Then scroll to the bottom of the screen and click the “apply configuration” button.
x. The fire wall should now be working.
Thu, 06/05/2014 - 12:16 (Reply to #5)
batteryman

AllanIT - great tip! I had a fresh install of Centos 6.5 and Virtualmin 4.08 but no firewall rules showed up. So I followed the first part of you instructions and voila!

k.  Add iptables firewall rules
        i.  Goto webmin> networking> Linux firewall.
     ii. What you will see is that there is no fire wall rules. This is not actually true they are just not showing up for some reason.
            (1) To make the existing rules show up we have to trick the firewall.
             (a) click apply configuration button once
             (b) NOTE Only once.
            (2) Then click the revert configuration button once.
              (a) When the screen refreshes you will see a set of rules that come with Virtualmin.
Topic locked