Submitted by hvillemoes on Sat, 11/09/2019 - 01:23 Pro Licensee
On both my VirtualMin 6.08pro and on my WebMin 1.930 the iptables state established,related is NOT shown - neither on the overview of rules not in the detailed rule.
I do beleave, that it has worked in the past. And this problem did cause quite some panic, until I found the error.
Status:
Closed (fixed)
Comments
Submitted by hvillemoes on Sat, 11/09/2019 - 05:00 Pro Licensee Comment #1
I noticed, that on Webmin version 1.932, Virtualmin community version 6.08, the problem does not occur. Can it be related to manual iptable config updates on the 2 servers with the problem ?
Submitted by andreychek on Sat, 11/09/2019 - 09:21 Comment #2
Howdy -- thanks for your report!
I'm passing this along to Jamie for further comment.
Note though that in theory, Webmin is just showing what iptables is telling it.
I'd be curious if you see what's missing when running iptables on the command line, such as with "iptables -L -n", or if that's missing there as well.
Submitted by hvillemoes on Sat, 11/09/2019 - 09:36 Pro Licensee Comment #3
I did attach relevant extract from iptables-save output to the original post.
Submitted by JamieCameron on Sat, 11/09/2019 - 15:56 Comment #4
This could be due to a difference in the name of the state-tracking flag in newer kernel versions.
What does the
uname -r
command output on your system?Submitted by hvillemoes on Sun, 11/10/2019 - 00:36 Pro Licensee Comment #5
3.10.0-1062.4.1.el7.x86_64 on alle 3 systems: - virtualmin pro 1.932 with the issue - webmin 1.930 with the issue - virtualmin community 1.932 without this issue That is all shown in the attachments
Submitted by JamieCameron on Sun, 11/10/2019 - 16:58 Comment #6
The simple fix is to edit your IPtables config file, and change the old
--state
flag to--cstate
Submitted by hvillemoes on Mon, 11/11/2019 - 01:04 Pro Licensee Comment #7
CentOS Linux release 7.7.1908 (Core):
[root@agurk8 ~]# iptables-restore < z
iptables-restore v1.4.21: unknown option "--cstate"
Error occurred at line: 13
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[root@agurk8 ~]#
/ Harald
Submitted by hvillemoes on Mon, 11/11/2019 - 01:08 Pro Licensee Comment #8
iptables v1.4.21
Submitted by hvillemoes on Mon, 11/11/2019 - 01:16 Pro Licensee Comment #9
https://www.booleanworld.com/depth-guide-iptables-linux-firewall/ : "On some older kernels, this module is named state and the switch is named --state instead of --ctstate."
Submitted by hvillemoes on Mon, 11/11/2019 - 03:06 Pro Licensee Comment #10
Hi again Now I finally got your point, James. My iptables configs origin from older centos 6 servers. I found this helpful manual for iptables: https://www.linuxtopia.org/Linux_Firewall_iptables/index.html I have now changed the config files from "-m state --state ..." to "-m conntrack --ctstate ..." and the GUI is working fine. Thank you.
Submitted by hvillemoes on Mon, 11/11/2019 - 03:08 Pro Licensee Comment #11
Submitted by andreychek on Mon, 11/11/2019 - 09:48 Comment #12
I'm glad you were able to fix it, thanks for letting us know how you were able to correct it!
Submitted by IssueBot on Mon, 11/25/2019 - 09:56 Comment #13
Automatically closed - issue fixed for 2 weeks with no activity.