Iptables configuration are gone after reboot

[phototoy_co]

Hi,

I have a Zentyal 3.0 i disable the firewall via iptables but everytime the Zentyal restarted it came back to its original iptables configuration.

How can i save my iptables configuration in Zentyal even the Zentyal restarted?

[christian]

Start reading this, part of documentation BTW 

[phototoy_co]

Thanks Christian...Still remember me? My apology for having so many problems in network

[strin]

Start reading this, part of documentation BTW 

Hi - having read the linked documentation above, I thought this would be the solution to my problem (default gateway on external NIC keeps getting deleted on reboot - clean install of Zentyal 3.2 from CD, and upgraded via apt-get). The functionality provided by Stubs and Hooks looks like it will provide huge flexibility.

Unfortunatley, when I went in search of /etc/zentyal/stubs, the directory does not appear to exist on my installation. All I have is:

optadmin@ocsrvgw01:/etc/zentyal$ ls -al
total 124
drwxr-xr-x   5 root root  4096 Oct 23 16:08 .
drwxr-xr-x 141 root root 12288 Oct 24 08:54 ..
-rw-r--r--   1 root root   176 Sep 19 03:07 captiveportal.conf
-rw-r--r--   1 root root   761 Oct 22 07:35 core.conf
-rw-r--r--   1 root root   815 Oct 22 07:28 dns.conf
-rw-r--r--   1 root root  1689 Sep 19 03:10 ebackup.conf
-rw-r--r--   1 root root   685 Oct 22 07:35 events.conf
-rw-r--r--   1 root root  1048 Sep 19 03:13 firewall.conf
drwxr-xr-x   2 root root  4096 Oct 23 10:42 hooks
-rw-r--r--   1 root root   985 Sep 19 03:15 ips.conf
-rw-r--r--   1 root root   365 Sep 19 03:12 ipsec.conf
-rw-r--r--   1 root root  1572 Oct 22 07:35 logs.conf
-rw-r--r--   1 root root   543 Oct 22 07:28 network.conf
-rw-r--r--   1 root root   781 Sep 19 03:16 openvpn.conf
drwxr-xr-x   2 root root  4096 Oct 23 10:44 post-save
-rw-r--r--   1 root root   601 Sep 24 09:46 ppa.gpg
drwxr-xr-x   2 root root  4096 Oct 23 10:42 pre-save
-rw-r--r--   1 root root  1294 Sep 19 03:17 remoteservices.conf
-rw-r--r--   1 root root    25 Oct 18 20:58 s4sync-groups.ignore
-rw-r--r--   1 root root  4870 Oct 18 20:58 samba.conf
-rw-r--r--   1 root root  6580 Oct 18 20:58 sids-to-hide.regex
-rw-r--r--   1 root root  1802 Sep 19 03:19 squid.conf
-rw-r--r--   1 root root   631 Oct 15 20:15 trafficshaping.conf
-rw-r--r--   1 root root   126 Sep 19 03:21 usercorner.conf
-rw-r--r--   1 root root   666 Oct 10 23:47 users.conf
-rw-r--r--   1 root root   577 Sep 19 03:23 zarafa.conf
-rw-r--r--   1 root root   861 Oct 18 20:54 zentyal.conf
optadmin@ocsrvgw01:/etc/zentyal$
 

Following a quick find / -name stubs -type d -print, I found the stubs directory under /usr/share/zentyal (and it appears to contain the .mas scripts referenced in the article above)....so not sure if there is something peculiar with my installation (I just accepted the defaults with the exception of having manually partitioned the disks for RAID5), or whether the documentation needs updating for 3.2. I'll try using these stubs to see if it fixes my gateway issue.

However, the gateway is defined within Zentyal for eth0, so is there a reason why Zentyal appears not to recognise the gateway? I'm a Zentyal newbie, but have been using Ubuntu (server & desktop) for a few years now - so any pointers/suggestions would be greatly appreciated!

PS I should probably add I have 2 NICs, eth0 is the external NIC and eth1 the internal. eth0 is set to a static public IP (DHCP disabled), and eth1 is set to a static private IP (DHCP enabled as I want this server to provide DHCP services for the internal network). Thanks!

[christian]

not sure /stubs is expected in /etc/zentyal.
/usr/share/zentyal/stubs contains templates.

Read again customization process...

Could you also please elaborate on your issue with iptables, this is not clear to me.
Do you mean that after reboot you don't have default gateway anymore and can't reach internet ?
iproutes2

[strin]

Hi - sorry, the documentation confused me a little with /etc/zentyal/stubs and /usr/share/zentyal/stubs, but looks like my installation is ok!

Yes, basically on reboot the gateway is being dropped from the interface details in /etc/network/interfaces (there is no gateway defined at all after reboot). This prevents any internet access and also causes the Zentyal web interface to fail to load (presumably as it is trying to contact the config backup at <servername>.zentyal.me), failing and hanging.

optadmin@ocsrvgw01:/$ cat /etc/network/interfaces
auto lo eth0 eth1

iface lo inet loopback

iface eth0 inet static
      address 95.xx.xx.98
      netmask 255.255.255.252
      broadcast 95.xx.xx.99
     
iface eth1 inet static
      address 192.168.0.1
      netmask 255.255.255.0
      broadcast 192.168.0.255

If I manually add the gateway on eth0 and restart networking services I can then access both the internet and the Zentyal web admin:

optadmin@ocsrvgw01:/$ cat /etc/network/interfaces
auto lo eth0 eth1

iface lo inet loopback

iface eth0 inet static
      address 95.xx.xx.98
      netmask 255.255.255.252
      broadcast 95.xx.xx.99
      gateway 95.xx.xx.97

iface eth1 inet static
      address 192.168.0.1
      netmask 255.255.255.0
      broadcast 192.168.0.255

The gateway is also configured within Zentyal Gateways Configuration as follows:
Enabled: Yes
Name: gw
IP Address: 95.xx.xx.97
Interface: eth0
Weight: 1
Default: Yes

but it seems that this is not being picked up by the Networking element of Zentyal 3.2?

And here is my current setup after manually adding the gateway & restarting networking services:

optadmin@ocsrvgw01:/$ ifconfig
eth0      Link encap:Ethernet  HWaddr a4:5d:36:c4:aa:64 
          inet addr:95.xx.xx.98  Bcast:95.xx.xx.99  Mask:255.255.255.252
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:26330 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11925 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:14990977 (14.9 MB)  TX bytes:1997054 (1.9 MB)
          Interrupt:16

eth1      Link encap:Ethernet  HWaddr a4:5d:36:c4:aa:65 
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:130 errors:0 dropped:0 overruns:0 frame:0
          TX packets:114 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:19960 (19.9 KB)  TX bytes:20746 (20.7 KB)
          Interrupt:17

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:60912 errors:0 dropped:0 overruns:0 frame:0
          TX packets:60912 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:15151049 (15.1 MB)  TX bytes:15151049 (15.1 MB)

optadmin@ocsrvgw01:/$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         95.xx.xx.97     0.0.0.0         UG    100    0        0 eth0
95.xx.xx.96     0.0.0.0         255.255.255.252 U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

Sorry - networking has always been a bit of a black-art to me - really appreciate your help!

[christian]

Problem is (perhaps) that you are looking for something that doesn't exist 

Accessing default gateway can be done either defining gateway in network settings or using iproute.
Have you defined one of your interfaces as "external" ?
May I also suggest we work at Zentyal GUI level rather than looking (for the being at least) at command line and configuration files content ?

[strin]

That's entirely possible 

At the Zentyal GUI level, eth0 is defined as external in Network --> Interfaces (i.e. the External (WAN) checkbox is ticked), and it has a static public IP assigned. No virtual interfaces defined on eth0. eth1 is defined as internal and has a static private IP.

The gateway is defined on eth0 in Network --> Gateways, and is enabled and set to the default gateway (as it is the only one). All the settings are in the post above - I don't have any screenshot software installed on the server, and am connecting clients today (all being well!!), as this is a brand-new installation for a small business I am working in. Once I have an operational client I should be able to provide screenshots if required!

I have not configured any static routes in Network --> Static Routes.

In DHCP (under the Infrastructure menu), eth0 is disabled for DHCP, and eth1 is enabled for DHCP (and has correctly allocated an internal IP address from a predefined range to a network printer).

So - I think I've done everything to get internet connectivity working on eth0, but it doesn't seem to work unless I manually add the gateway to eth0 in /etc/network/interfaces and restart networking....or have I missed something?

[christian]

What you describe looks OK.
I don't see why you should manually add anything to any conf file. This is supposed to work out-of-the-box.
Just curious: using default configuration (not adding anything), what is the behaviour when trying to reach internet from Zentyal server itself?
Did you try to run some traceroute ?

[strin]

Ok, thanks - thought I was going mad!

When I installed from CD, I had internet connectivity - eth0 was (by default) set to DHCP and picked up a private ip 10.x.x.x (I am in a serviced office with internet connectivity provided direct to the floorports). They had to repatch something to allow the public IP to be presented on the particular floor-port in question. It was at that point that I set the config as above, and after applying the changes lost connectivity. I used the command line to run route -n which showed no gateway as being defined, hence why I tried manually adding it...after which everything worked again. I'll reboot the server again to confirm that the settings are being lost despite being defined in the GUI - back soon...

[strin]

Yep - rebooted and the gateway entry is now missing from eth0 in the interfaces file, and internet connectivity lost. Added manually, and working again. Does it matter what name I assign to the gateway in the Zentyal GUI (it is currently set to gw)? The IP address of the gateway was provided to me by the serviced office network team (along with the public IP and subnet mask)...

[christian]

Added manually, and working again.

When you write "added manually" do you mean using Zentyal GUI ?

That's indeed odd that defining gateway is not kept.
Did you look at /var/log/zentyal/zentyal.log for any abnormal or error message ?

[strin]

I saved the existing zentyal.log to zentyal.log.saved and 'touch'ed a new, empty log file. I then rebooted to see what we got, and there are a few errors (and warnings), see attached (I've anonymised the public IPs). I'm not worried (for now) about the remote services errors (seem to be username/password related). There is an LDAP error which I assume is unrelated to network routing, and likewise for Samba (I renamed the host yesterday, but Samba still appears to be trying the old hostname) - perhaps this is giving a clue as to the issue - could it be related to the renaming of the host yesterday (which I did through the Zentyal GUI)?

I'm wondering if a clean install might be the best way forward...start with a clean sheet, get the hostname right, and see what happens?

UPDATE: tried a clean install - used network details (public IP, netmask, gateway IP) provided by serviced office and successfully installed (ie. it downloaded all it needed from the internet during installation). Got as far as the Zentyal GUI, logged in and after login got "Waiting until Zentyal is ready..." - have basically lost internet connectivity again. This time, ifconfig shows only eth0 (eth1 not yet configured) and gateway is not present. However, if I add it manually now and restart network services, it no longer connects. Time to go home, I think, and come at it again in the morning with a clear head!

[strin]

A fresh day, another clean install (2 actually as first did not complete cleanly) and I am now up & running as expected. I've done nothing different other than perhaps wait a little longer after reboot before trying to install/configure the required Zentyal modules from the GUI (5 mins as I was grabbing a much-needed coffee!). All I can assume is that it takes a little longer to start the various Zentyal / underlying Ubuntu services than expected? Having done 5 installs in the last 3 days, I at least feel familiar with the process now