Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


In this Discussion

How to make iptables running and default configuration from rescue mode?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How to make iptables running and default configuration from rescue mode?

postcdpostcd Member
edited April 2016 in Help

Hello,

being logged to the server via SSH in rescue mode: Linux rescue.ovh.net 3.14.32-xxxx-std-ipv6-64-rescue

how to make sure in normal (non-rescue) mode, iptables will be running at boot time and it will have default rules in them?


There is

df -h

find / -name "iptables"

output (done from rescue mode):
http://pastebin.com/3jj2vrFR

Comments

  • SvenSven Member

    Chroot into your system and remove your rules.

  • postcdpostcd Member
    edited April 2016

    @Sven said:
    Chroot into your system and remove your rules.

    How can i do it please? im a newbie in this.

  • SvenSven Member

    Mount your drive (for example sda)

    mount /dev/sda/mnt/

    Then chroot into your system

    chroot /mnt/

    Run command in your system

    iptables -F

  • postcdpostcd Member
    edited April 2016

    @Sven said: mount /dev/sda/mnt

    Thank you, this command not worked saying: mount: can't find /dev/sda in /etc/fstab
    not even sda1, 2...

    But this worked:
    fdisk -l
    so i see partitions:

    /dev/sda1 40 2048 2009 1004.5K BIOS boot

    /dev/sda2 4096 40962047 40957952 19.5G Linux filesystem

    /dev/sda3 40962048 3905974271 3865012224 1.8T Linux filesystem

    /dev/sda4 3905974272 3907020799 1046528 511M Linux swap

    Then i did: mount /dev/sda2 /mnt/hd

    then as you adviced: chroot /mnt/hd

    iptables -L shows:

    Chain INPUT (policy ACCEPT)

    target prot opt source destination

    Chain FORWARD (policy ACCEPT)

    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)

    target prot opt source destination

    so it appears right, not sure if it not conencted.

    These are latest command in history when server was running in normal non rescue mode:
    http://pastebin.com/gc9N16iv

    So the problem appeared after flushing and restarting iptables in non rescue mode.

    Current SSHd config file (on chroot /mnt/hd):

    Port 3501

    Protocol 2

    SyslogFacility AUTHPRIV

    PermitRootLogin yes

    PasswordAuthentication yes

    ChallengeResponseAuthentication no

    GSSAPIAuthentication yes

    GSSAPICleanupCredentials yes

    UsePAM yes

    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES

    AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT

    AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE

    AcceptEnv XMODIFIERS

    X11Forwarding yes

    Subsystem sftp /usr/libexec/openssh/sftp-server

    Please do you see anything strange in that which can prevent connection and idea how to fix?

  • SvenSven Member

    postcd said: Thank you, this command not worked saying: mount: can't find /dev/sda in /etc/fstab not even sda1, 2...

    Keep in mind this is not your system. You are logged in the recovery system.

    Your iptables are empty. In your lastest command you changed your ssd config. What did you change?

  • postcdpostcd Member
    edited April 2016

    @Sven said: you changed your ssd config. What did you change?

    I changed SSH port number in non rescue mode and that is why i was unable to connect via SSH. So everything appears to work now. I thank you very much for usefull commands mount, chroot
    it helped. also iptables -F might have been solution if the cause was iptables. But i wonder if iptables-save would have been required to apply changes.

Sign In or Register to comment.