Author Topic: !!! Saved configs with error, firewall module!!!!  (Read 2365 times)

biyover

  • Zen Monk
  • **
  • Posts: 62
  • Karma: +0/-0
    • View Profile
!!! Saved configs with error, firewall module!!!!
« on: July 22, 2013, 07:21:52 pm »
Hi:

I run a Zentyal server v.3 and suddenly I'm getting:

Code: [Select]
Error output: iptables v1.4.12: Couldn't load target `iaccept':No such file or directory
 
 Try `iptables -h' or 'iptables --help' for more information.

Command output: .
Exit value: 2
2013/07/22 12:59:49 ERROR> Iptables.pm:660 EBox::Iptables::__ANON__ - Error executing firewall rules for module squid
2013/07/22 12:59:49 WARN> GlobalImpl.pm:685 EBox::GlobalImpl::saveAllModules - Changes saved with some warnings:
Firewall failed to add rules for the following modules: squid. Probably this is caused by a lack of connectivity, check your configuration or disable those modules

I recall a couple of updates recently, I wonder if any of them could be the culprit. (I also had some fat-client trouble that I had to patch, mmm...)

Does anyone know how I can dig deeper into this and fix it?
« Last Edit: July 31, 2013, 06:31:37 pm by biyover »

biyover

  • Zen Monk
  • **
  • Posts: 62
  • Karma: +0/-0
    • View Profile
Re: !!! Saved configs with error, firewall module!!!!
« Reply #1 on: July 23, 2013, 04:36:37 pm »
Well, I haven't been able to find anything more and there seems to be no apparent problem in connectivity, but theres no way i can have that error message floating around!!!

Is there anyway to do a kind of "purge" and let the configs reload from scratch (hopefully NOT from a reinstall!!!)

Any ideas?

biyover

  • Zen Monk
  • **
  • Posts: 62
  • Karma: +0/-0
    • View Profile
Re: !!! Saved configs with error, firewall module!!!!
« Reply #2 on: July 23, 2013, 05:35:07 pm »
Well... it seems that a restart fixed it.  :o

biyover

  • Zen Monk
  • **
  • Posts: 62
  • Karma: +0/-0
    • View Profile
Re: !!! Saved configs with error, firewall module!!!!
« Reply #3 on: July 31, 2013, 05:50:01 pm »
Err... Not quite SOLVED yet!!!

I had another run in with this error, I did another search on the forum and found this:

http://forum.zentyal.org/index.php/topic,16870.msg66924.html#msg66924

I "applied" the new files, from what I gather were the pseudo-instructions on the second part of the post... and after restart got an error on the webgui:Can't locate object method "STANDALONE_MODE" via package "EBox::UsersAndGroups" at /usr/share/perl5/EBox/Squid.pm line 1311.

Not good. I guess I'll revert to the old files and wait for a proper fix. :(
« Last Edit: July 31, 2013, 06:31:17 pm by biyover »

biyover

  • Zen Monk
  • **
  • Posts: 62
  • Karma: +0/-0
    • View Profile
Re: !!! Saved configs with error, firewall module!!!!
« Reply #4 on: July 31, 2013, 06:50:35 pm »
I've been looking at the logs again and have found that consistently (in other comments too) the particular "iaccept" error is preceded by:

2013/07/31 12:28:00 ERROR> Sudo.pm:233 EBox::Sudo::_rootError - root command set -e

Having briefly looked at the iptables docs, I see this command mentioned, or at least in a iptables script.

¿Maybe zentyal is refused/not gained root access when trying to set the firewall?

biyover

  • Zen Monk
  • **
  • Posts: 62
  • Karma: +0/-0
    • View Profile
Re: !!! Saved configs with error, firewall module!!!!
« Reply #5 on: September 26, 2013, 04:10:05 am »
Nope, latest updates revert to past error:

Code: [Select]
2013/09/25 14:57:47 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: firewall
2013/09/25 14:58:16 ERROR> Sudo.pm:233 EBox::Sudo::_rootError - root command set -e
/sbin/iptables -t nat -A premodules -p tcp -d hotmail.com --dport 80 -j ACCEPT
/sbin/iptables -t nat -A premodules -p tcp -d live.com --dport 80 -j ACCEPT
/sbin/iptables -t nat -A premodules -p tcp -d login.live.com --dport 80 -j ACCEPT
/sbin/iptables -t nat -A premodules -p tcp -d mail.live.com --dport 80 -j ACCEPT
/sbin/iptables -t nat -A premodules -i eth1 ! -d 192.168.10.250 -p tcp --dport 80 -j REDIRECT --to-ports 3128
/sbin/iptables -t nat -A premodules -i eth2 ! -d 192.168.123.250 -p tcp --dport 80 -j REDIRECT --to-ports 3128
/sbin/iptables -t filter -A imodules -m state --state NEW -i eth1 -p tcp --dport 3128 -j iaccept
/sbin/iptables -t filter -A imodules -m state --state NEW -i eth2 -p tcp --dport 3128 -j iaccept
/sbin/iptables -t filter -A imodules -m state --state NEW -p tcp --dport 3129 -j DROP
/sbin/iptables -t filter -A imodules -m state --state NEW -p tcp --dport 3130 -j DROP
/sbin/iptables -t filter -A omodules -m state --state NEW -p tcp --dport 80 -j oaccept
/sbin/iptables -t filter -A omodules -m state --state NEW -p tcp --dport 443 -j oaccept failed.
Error output: iptables v1.4.12: host/network `hotmail.com' not found
 Try `iptables -h' or 'iptables --help' for more information.

Command output: .
Exit value: 2
2013/09/25 14:58:16 ERROR> Iptables.pm:659 EBox::Iptables::__ANON__ - Error executing firewall rules for module squid
2013/09/25 14:58:16 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: trafficshaping
2013/09/25 14:58:22 WARN> GlobalImpl.pm:685 EBox::GlobalImpl::saveAllModules - Changes saved with some warnings:
Firewall failed to add rules for the following modules: squid. Probably this is caused by a lack of connectivity, check your configuration or disable those modules

I tried, again, the fix described here:

http://forum.zentyal.org/index.php/topic,16870.msg67270.html#msg67270

But I get:

Code: [Select]
2013/09/25 22:57:24 ERROR> Service.pm:954 EBox::Module::Service::__ANON__ - Error restarting service: Can't locate object method "STANDALONE_MODE" via package "EBox::UsersAndGroups" at /usr/share/perl5/EBox/Squid.pm line 1314.
Again.

I don't understand. Why would the latest updates NOT include what already seems to have been fixed in the source, or is this new?

All I can say is that my clients have lost connectivity to the internet since squid rules don't get added.

Any ideas? Anyone experience something similar?