BUG iptables-persistent: unrecognized service

wa4zlw

Member
Joined
Feb 14, 2008
Messages
845
Reaction score
22
on my incredible 13-12 on digital ocean. havent checked the bare metal one yet

how do I fix please?

Thanks leon
 

wa4zlw

Member
Joined
Feb 14, 2008
Messages
845
Reaction score
22
Enter the services desired by number. Separate entries with commas.
For example: 1,4 would activate standard UDP SIP plus web access.

1,2

The following whitelisted services were requested for 66.x.y.z/16:
SIP (UDP)
SIP (TCP)
iptables-persistent: unrecognized service <<<<<<-------- ??? seems the sip services not recognized
IP address successfully added to WhiteList.

To display current iptables rules in effect for this IP address, press Enter.
The following iptables rules now are in effect for 66.z.y.z/16:
WARNING: Always run Incredible PBX behind a secure hardware-based firewall.
root@pbx:~ $
 

wa4zlw

Member
Joined
Feb 14, 2008
Messages
845
Reaction score
22
The following services are available for activation with 66.87.0.0/16:
0 - ALL Services
1 - SIP (UDP)
2 - SIP (TCP)
3 - IAX
4 - Web
5 - WebMin
6 - FTP
7 - t*f*t*p
8 - SSH
9 - FOP
Enter the services desired by number. Separate entries with commas.
For example: 1,4 would activate standard UDP SIP plus web access.

0

The following whitelisted services were requested for 66.x.y.z/16:
ALL Services
iptables-persistent: unrecognized service <<=== doesn't like ALL either
IP address successfully added to WhiteList.

To display current iptables rules in effect for this IP address, press Enter.
The following iptables rules now are in effect for 66.x.y.z/16:
WARNING: Always run Incredible PBX behind a secure hardware-based firewall.
root@pbx:~ $
 

wa4zlw

Member
Joined
Feb 14, 2008
Messages
845
Reaction score
22
doing the following manually made it work so it lokos like the scripts have a bug

iptables -A INPUT -p udp -s 66.x.y.z/16 --dport 5060:5069 -j ACCEPT
iptables -A INPUT -p tcp -s 66.x.y.z/16 --dport 5060:5069 -j ACCEPT


iptables -L

root@pbx:~ $ chkconfig --list | grep iptables iptables 0:eek:ff 1:eek:ff 2:eek:n 3:eek:n 4:eek:n 5:eek:n 6:eek:ff
WARNING: Always run Incredible PBX behind a secure hardware-based firewall.
root@pbx:~ $ chkconfig iptables on WARNING: Always run Incredible PBX behind a secure hardware-based firewall.
root@pbx:~ $ service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
WARNING: Always run Incredible PBX behind a secure hardware-based firewall.
root@pbx:~ $
 

wa4zlw

Member
Joined
Feb 14, 2008
Messages
845
Reaction score
22
bare metal does same thing had to manually do what I did above to make it get added
 

wa4zlw

Member
Joined
Feb 14, 2008
Messages
845
Reaction score
22
hi ward!

my pbx --

Incredible PBX/FAX 13-12.2 for CentOS 6

Asterisk: UP Apache: UP MySQL: UP
SendMail: UP IPtables: UP SSH: UP
LAN port: UP Fail2Ban: UP Webmin: UP
GV OAUTH: DN PortKnock: DN NR VPN: UP
FaxGetty: UP IAX Modem: UP HylaFax: UP

RAM:156MB CentOS release 6.7 Disk:22GB

Asterisk 13.6.0 Incredible GUI 12.0.30

Private IP: 45.x.y.z 10.17.0.5

Public Info: 45.x.y.z

System Time: Wed Jan 13 15:13:29 EST 2016

< OK >


shul pbx --

Incredible PBX 13-12.2 for Scientific Linux

Asterisk: UP Apache: UP MySQL: UP
SendMail: UP IPtables: UP SSH: UP
LAN port: UP Fail2Ban: UP Webmin: UP
GV OAUTH: DN PortKnock: DN NR VPN: UP
FaxGetty: UP IAX Modem: UP HylaFax: UP

RAM:2912MB Scientific Linux 6.7 Disk:47GB

Asterisk 13.6.0 Incredible GUI 12.0.30

Private IP: 10.161.51.8 10.195.13.8

Public Info: 70.x.y.z

System Time: Wed Jan 13 15:14:31 EST 2016

< OK >

I believe it's on the ubuntu one too my friend indicated similar problems.

Need anything else?

thanks leon
 

wa4zlw

Member
Joined
Feb 14, 2008
Messages
845
Reaction score
22
ward ... fyi LENNY doesnt work either. I can make a list of things that don't if you want?

leon
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,170
Reaction score
5,199
Have you tried: add-ip someip 66.x.y.z

without /16??
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,170
Reaction score
5,199
I tried your first example with 1,2 and it added a single IP address correctly despite the (harmless) error message about iptables-persistent. Ditto with 0 option.
 

wa4zlw

Member
Joined
Feb 14, 2008
Messages
845
Reaction score
22
hey ward i finally gave up and did it manually and it seems webmin works now that it seems there might have been some straggler rules hanging around that I may have gotten cleaned out.

I did not try the 66 without the /16 but I believe I did have /32 addresses I had earlier added. it seemed like it was "hung up" because it couldnt apply something. I believe I wasnt the only one having this problem. My friend bryan in australia has a DO image using ubu (new) and was having similar issues.

it seemed like things didnt synchronize for some real reason.

Leon
 

Dan Hole

New Member
Joined
Jan 20, 2016
Messages
3
Reaction score
1
i'm having the same issue
i try the following but it doesnt get added.
it creates a blank providerrtp2 file in /root but the ip isnt added to iptables.
Code:
./add-ip providerrtp2 217.x.x.2
add-ip (c) Copyright 2012-2014, Ward Mundy & Associates, LLC
This script modifies critical security files on your server.
This script opens complete SIP and IAX server access to your
server for this IP address: 217.x.x.2
SIP or IAX activity from this address may damage your server!

BY PROCEEDING, YOU AGREE TO ASSUME ALL RISKS FROM PROPER OR
IMPROPER FUNCTIONING OF THIS SOFTWARE, WHETHER INTENTIONAL OR NOT.
ABSOLUTELY NO WARRANTIES, EXPRESS OR IMPLIED, ARE PROVIDED
INCLUDING FITNESS FOR PARTICULAR USE AND MERCHANTABILITY.
YOU ALONE ARE RESPONSIBLE FOR DETERMINING WHETHER THIS
IPTABLES SECURITY SOFTWARE WILL MEET YOUR NEEDS AND EXPECTATIONS!
THE SOFTWARE IS PROVIDED AS IS. EXAMINE THE SCRIPT CAREFULLY BEFORE
PROCEEDING! PROCEED ONLY IF YOUR AGREE TO ALL OF THESE TERMS OF USE.

To proceed at your own risk, press Enter. Otherwise, Ctrl-C to abort.
IP: 217.x.x.2
The following services are available for activation with 217.x.x.2:
0 - ALL Services
1 - SIP (UDP)
2 - SIP (TCP)
3 - IAX
4 - Web
5 - WebMin
6 - FTP
7 - t*f*t*p
8 - SSH
9 - FOP
Enter the services desired by number. Separate entries with commas.
For example: 1,4 would activate standard UDP SIP plus web access.

2

The following whitelisted services were requested for 217.x.x.2:
SIP (TCP)
iptables-persistent: unrecognized service
IP address successfully added to WhiteList.

To display current iptables rules in effect for this IP address,  press Enter.
The following iptables rules now are in effect for 217.x.x.2:

is there a way to reset iptables to the inital config, so i can see if that fixes it?

my server is a new build this week.
Code:
 Incredible PBX 13.7.0 for CentOS/SL 7

                                Asterisk: UP      Apache: UP  MariaDB: UP
                                SendMail: UP    IPtables: UP      SSH: UP
                                LAN port: UP    Fail2Ban: UP   Webmin: UP

                                RAM: 6.6G    RH-Compat Linux   Disk:47G

                                Asterisk 13.7.0    Incredible GUI 12.0.30

                                Private IP: 10.x.x.250

                                 Public IP: 77.x.x.27

                                System Time: Sat Jan 23 01:15:40 GMT 2016
 

wa4zlw

Member
Joined
Feb 14, 2008
Messages
845
Reaction score
22
i ended up adding them in manually THEN I was able to use WEBMIN to manage it. prior any changes I made with WebMin didn't stick.

Ward looked at this but he didnt see a problem? I predict something esoteric and hidden.


Leon
 

Deucedude

New Member
Joined
Jan 21, 2016
Messages
2
Reaction score
0
Why is this listed as SOLVED?
I don't see adding them manually as a solution...
 

wa4zlw

Member
Joined
Feb 14, 2008
Messages
845
Reaction score
22
agreed i may have changed it to solved since it was a bandaid
 

wa4zlw

Member
Joined
Feb 14, 2008
Messages
845
Reaction score
22
@Nerduno -- any info on this please?

thanks leon
 

wa4zlw

Member
Joined
Feb 14, 2008
Messages
845
Reaction score
22
I've marked this as bug as I haven't heard if this was officially fixed.

ldz
 

wa4zlw

Member
Joined
Feb 14, 2008
Messages
845
Reaction score
22
I tried this again this morning on two pbxes and still get the same errors and iptables doesn't get updated.

Used webmin again :-(

Leon
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,170
Reaction score
5,199
Try running this command and then try add-ip again. Let me know if it fixes things:

Code:
ln -s /etc/rc.d/init.d/iptables /etc/rc.d/init.d/iptables-persistent
 

wa4zlw

Member
Joined
Feb 14, 2008
Messages
845
Reaction score
22
check other thread Ward....didnt work...leon
 

Members online

Forum statistics

Threads
25,783
Messages
167,515
Members
19,203
Latest member
frapu
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top