Change iptables to use iptables-legacy instead of iptables-nft:
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives --set arptables /usr/sbin/arptables-legacy
update-alternatives --set ebtables /usr/sbin/ebtables-legacy
v-update-firewall
iptables -S
root@p726589:~# update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in manual mode
root@p726589:~# update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives: using /usr/sbin/ip6tables-legacy to provide /usr/sbin/ip6tables (ip6tables) in manual mode
root@p726589:~# update-alternatives --set arptables /usr/sbin/arptables-legacy
update-alternatives: error: alternative /usr/sbin/arptables-legacy for arptables not registered; not setting
root@p726589:~# update-alternatives --set ebtables /usr/sbin/ebtables-legacy
update-alternatives: error: alternative /usr/sbin/ebtables-legacy for ebtables not registered; not setting
root@p726589:~# v-update-firewall
root@p726589:~# iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-FTP
-N fail2ban-HESTIA
-N fail2ban-MAIL
-N fail2ban-RECIDIVE
-N fail2ban-SSH
-N fail2ban-WEB
-N hestia
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-WEB
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-HESTIA
-A INPUT -p tcp -m multiport --dports 25,465,587,110,995,143,993 -j fail2ban-MAIL
-A INPUT -p tcp -m tcp --dport 21 -j fail2ban-FTP
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m multiport --dports 1:65535 -j fail2ban-RECIDIVE
-A INPUT -s 92.182.224.85/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A fail2ban-FTP -j RETURN
-A fail2ban-HESTIA -j RETURN
-A fail2ban-MAIL -j RETURN
-A fail2ban-RECIDIVE -j RETURN
-A fail2ban-SSH -j RETURN
-A fail2ban-WEB -j RETURN
root@p726589:~# ping google.com
ping: google.com: Temporary failure in name resolution
Still doesnât work (
Sorry for SO MANY replies.
Thank you, man!
Check if conntrack module is installed:
modprobe conntrack
If no output is good, if you get an error, install the module and update again the firewall.
apt install conntrack
v-update-firewall
iptables -S | grep -i related
Try this and show the result
dig google.com +short
Guys, it looks like I solved it!
And it was quite easy:
I just unchecked âiptablesâ on install page )))
And after that system installed once again and I have no problems with the ping.
Thank you all for your patience and willgness to help!
Youâre amazing!
Iâm sorry but you didnât fix it, just didnât install the firewallâŚ
What I donât understand is why I have this problems.
As far as I understand, I have a pretty standard Ubuntu version and it should come with a modern firewall or not?
Why donât I have ufw or new iptables?
It looks like itâs a good idea to try installing ufw and configure it, right?
That machine is a Linux Container (LXC)?
Keep in mind that ufw is a wrapper to iptables but yes, if you donât plan to integrate iptables with Hestia you can use ufw but maybe you will have the same issuesâŚ
They said that they use Virtuozzo technology. And they also mentioned that nat conntrack is turned off globally.
So, is it the issue maybe?
I previously installed Vesta CP several times without any issues at all.
All I needed is Ubuntu 20 or 22.
And there is only one option - Hestia.
Actually, I like it, it fits my requirements.
They should enable it for your server.
I wrote them.
And they replied that everything should work.
They also tried to resolve this issue and told me the following:
By default Hestia adds a rule âINPUT DROPâ for all queries. Therefore, it disrupts serverâs functionality. In previous versions (Vesta), it was allow all rule by default. Thatâs why it worked.
If they donât enable conntrack youâll have the same issues.
Thatâs how a firewall works, if you allow all traffic⌠then there is no need to use the firewall. Sorry, but that answer isâŚ
Yeah, I know.
I think that Iâm going to try a new server!
Thank you again for your help!
If it helps you. The same thing happened to me and I solved by changing the DNS settings to Googleâs:
Edit nano /etc/resolv.conf and change it to:
nameserver 8.8.8.8
nameserver 8.8.4.4
Edit nano /etc/nginx/nginx.conf and change this line:
resolver 127.0.0.53 valid=300s ipv6=off;
Then I restarted the machine, and the outgoing and incoming connections worked.
@elsevi , hello!
I tried it, thank you!
Actually, I started from resolv.conf but it doesnât work in my case.
Hello guys!
As I promised, I ordered another VPS (from another provider).
Itâs Ubuntu 22.04, I installed Hestia and it seems that everything just works like a charm!
Thank you all! I think that this is a solution 
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.