Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: biyover on July 22, 2013, 07:21:52 pm
-
Hi:
I run a Zentyal server v.3 and suddenly I'm getting:
Error output: iptables v1.4.12: Couldn't load target `iaccept':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
Command output: .
Exit value: 2
2013/07/22 12:59:49 ERROR> Iptables.pm:660 EBox::Iptables::__ANON__ - Error executing firewall rules for module squid
2013/07/22 12:59:49 WARN> GlobalImpl.pm:685 EBox::GlobalImpl::saveAllModules - Changes saved with some warnings:
Firewall failed to add rules for the following modules: squid. Probably this is caused by a lack of connectivity, check your configuration or disable those modules
I recall a couple of updates recently, I wonder if any of them could be the culprit. (I also had some fat-client trouble that I had to patch, mmm...)
Does anyone know how I can dig deeper into this and fix it?
-
Well, I haven't been able to find anything more and there seems to be no apparent problem in connectivity, but theres no way i can have that error message floating around!!!
Is there anyway to do a kind of "purge" and let the configs reload from scratch (hopefully NOT from a reinstall!!!)
Any ideas?
-
Well... it seems that a restart fixed it. :o
-
Err... Not quite SOLVED yet!!!
I had another run in with this error, I did another search on the forum and found this:
http://forum.zentyal.org/index.php/topic,16870.msg66924.html#msg66924
I "applied" the new files, from what I gather were the pseudo-instructions on the second part of the post... and after restart got an error on the webgui:Can't locate object method "STANDALONE_MODE" via package "EBox::UsersAndGroups" at /usr/share/perl5/EBox/Squid.pm line 1311.
Not good. I guess I'll revert to the old files and wait for a proper fix. :(
-
I've been looking at the logs again and have found that consistently (in other comments too) the particular "iaccept" error is preceded by:
2013/07/31 12:28:00 ERROR> Sudo.pm:233 EBox::Sudo::_rootError - root command set -e
Having briefly looked at the iptables docs, I see this command mentioned, or at least in a iptables script.
¿Maybe zentyal is refused/not gained root access when trying to set the firewall?
-
Nope, latest updates revert to past error:
2013/09/25 14:57:47 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: firewall
2013/09/25 14:58:16 ERROR> Sudo.pm:233 EBox::Sudo::_rootError - root command set -e
/sbin/iptables -t nat -A premodules -p tcp -d hotmail.com --dport 80 -j ACCEPT
/sbin/iptables -t nat -A premodules -p tcp -d live.com --dport 80 -j ACCEPT
/sbin/iptables -t nat -A premodules -p tcp -d login.live.com --dport 80 -j ACCEPT
/sbin/iptables -t nat -A premodules -p tcp -d mail.live.com --dport 80 -j ACCEPT
/sbin/iptables -t nat -A premodules -i eth1 ! -d 192.168.10.250 -p tcp --dport 80 -j REDIRECT --to-ports 3128
/sbin/iptables -t nat -A premodules -i eth2 ! -d 192.168.123.250 -p tcp --dport 80 -j REDIRECT --to-ports 3128
/sbin/iptables -t filter -A imodules -m state --state NEW -i eth1 -p tcp --dport 3128 -j iaccept
/sbin/iptables -t filter -A imodules -m state --state NEW -i eth2 -p tcp --dport 3128 -j iaccept
/sbin/iptables -t filter -A imodules -m state --state NEW -p tcp --dport 3129 -j DROP
/sbin/iptables -t filter -A imodules -m state --state NEW -p tcp --dport 3130 -j DROP
/sbin/iptables -t filter -A omodules -m state --state NEW -p tcp --dport 80 -j oaccept
/sbin/iptables -t filter -A omodules -m state --state NEW -p tcp --dport 443 -j oaccept failed.
Error output: iptables v1.4.12: host/network `hotmail.com' not found
Try `iptables -h' or 'iptables --help' for more information.
Command output: .
Exit value: 2
2013/09/25 14:58:16 ERROR> Iptables.pm:659 EBox::Iptables::__ANON__ - Error executing firewall rules for module squid
2013/09/25 14:58:16 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: trafficshaping
2013/09/25 14:58:22 WARN> GlobalImpl.pm:685 EBox::GlobalImpl::saveAllModules - Changes saved with some warnings:
Firewall failed to add rules for the following modules: squid. Probably this is caused by a lack of connectivity, check your configuration or disable those modules
I tried, again, the fix described here:
http://forum.zentyal.org/index.php/topic,16870.msg67270.html#msg67270
But I get:
2013/09/25 22:57:24 ERROR> Service.pm:954 EBox::Module::Service::__ANON__ - Error restarting service: Can't locate object method "STANDALONE_MODE" via package "EBox::UsersAndGroups" at /usr/share/perl5/EBox/Squid.pm line 1314.
Again.
I don't understand. Why would the latest updates NOT include what already seems to have been fixed in the source, or is this new?
All I can say is that my clients have lost connectivity to the internet since squid rules don't get added.
Any ideas? Anyone experience something similar?