Restart /Start not working for some services: iptables and fail2ban

hello!

I have installed fresh Hestiacp with this data:
Hestiacp version: v1.3.1
VPS: Oraclecloud free tier with Ubuntu 20.04 Minimal.

After fresh install I review service status and iptables and fail2ban are OFF by default
When clicking the Start or Restart icon they simply don’t restart. Restart or Start button refreshes the page but without the service restarting or start.

I am very amateur with this. This is the code that I have inserted to perform the installation:

sudo apt-get update && apt-get upgrade && apt-get dist-upgrade

Then add 1GB Swap Space

wget https://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install.sh

sudo bash hst-install.sh --apache yes --nginx yes --phpfpm yes --multiphp no --vsftpd yes --proftpd no --named yes --mysql yes --postgresql no --exim yes --dovecot yes --clamav no --spamassassin no --iptables yes --fail2ban yes --quota no --api yes --force no --interactive yes --port 8083 --hostname panel.mydomain.com --email [email protected] --password 123456 --lang en

Please run from command line:

iptables -L

To check if ip tables is running

systemctl status fail2ban

Then run:

v-start-service iptables
v-start-service fail2ban

Thanks for quicky response!

When iptables -L in command line the system said:

[email protected]:~$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all – vpsdomi-472343.sub123456.dominetwork.oraclevcn.com anywhere
ACCEPT all – localhost anywhere
ACCEPT tcp – anywhere anywhere tcp dpt:ssh
ACCEPT tcp – anywhere anywhere multiport dports http,https
ACCEPT tcp – anywhere anywhere multiport dports ftp,12000:12100
ACCEPT udp – anywhere anywhere udp dpt:domain
ACCEPT tcp – anywhere anywhere tcp dpt:domain
ACCEPT tcp – anywhere anywhere multiport dports smtp,submissions,submission
ACCEPT tcp – anywhere anywhere multiport dports pop3,pop3s
ACCEPT tcp – anywhere anywhere multiport dports imap2,imaps
ACCEPT tcp – anywhere anywhere tcp dpt:8083
ACCEPT icmp – anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all – anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
InstanceServices all – anywhere link-local/16
and more…

Then with: > systemctl status fail2ban

[email protected]:~$ systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Mon 2020-12-14 10:10:10 UTC; 34min ago
       Docs: man:fail2ban(1)
    Process: 631 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
    Process: 688 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
   Main PID: 688 (code=exited, status=255/EXCEPTION)

Ip tables is in deed not loading what happens when you run:

v-start-service iptables
v-start-service fail2ban

(Or use the full path)
/usr/local/hestia/bin/v-start-service iptables
/usr/local/hestia/bin/v-start-service fail2ban

Hi eris!
Sorry in am big amateur with this…

when go with: v-start-service iptables

[email protected]:~$ v-start-service iptables
/usr/local/hestia/bin/v-update-firewall: line 24: /usr/local/hestia/conf/hestia.conf: Permission denied
Error: FIREWALL_SYSTEM is not enabled
/usr/local/hestia/func/main.sh: line 92: /usr/local/hestia/log/error.log: Permission denied
Error: ERROR: iptables start failed
/usr/local/hestia/func/main.sh: line 92: /usr/local/hestia/log/error.log: Permission denied

when go with: v-start-service fail2ban

[email protected]:~$ v-start-service fail2ban
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start ‘fail2ban.service’.
Authenticating as: Ubuntu (ubuntu)
Password:
polkit-agent-helper-1: pam_authenticate failed: Authentication failure
==== AUTHENTICATION FAILED ===
Error: ERROR: fail2ban start failed
/usr/local/hestia/func/main.sh: line 92: /usr/local/hestia/log/error.log: Permission denied
[email protected]:~$

The password in my ubuntu is only ENTER KEY. But it´s strange

sudo -s to become root and then try again

Thanks but with sudo -s not found

[email protected]:~$ sudo -s

[email protected]:/home/ubuntu# v-start-service iptables
bash: v-start-service: command not found
[email protected]:/home/ubuntu# v-start-service fail2ban
bash: v-start-service: command not found

I think go to new fresh install… maybe I have some data wrong.

/usr/local/hestia/bin/v-start-service iptables
/usr/local/hestia/bin/v-start-service fail2ban

[email protected]:~$ sudo -s
[email protected]:/home/ubuntu# /usr/local/hestia/bin/v-start-service iptables
[email protected]:/home/ubuntu# /usr/local/hestia/bin/v-start-service fail2ban
[email protected]:/home/ubuntu#

Sorry, not view any change in the system:
In panel the two service are off.

Format VPS and install Ubuntu 20.04. All working perfect, iptables and fail2ban.
The problem stay with Ubuntu 20.04 minimal.

always try to use debian if you want stability,

1 Like

Thanks for advice but in oraclecloud no have Debian repro direct to install.

Using Ubuntu since 12.04 LTS, never had stability issues to be honest :slight_smile:.

using ubuntu 20.04 LTS, update messed up many thing over time like in my previous topic ipv6 is not connecting because networking service have some issues need to restart it after each server reboot (although service is running) to get it fixed.

moved to debian and problems are gone.

Using netplan? Never had issues with it, doesnt matter if lxc under proxmox, kvm or physical hosts. All is working as it should.

SolusVM is creating the network script, as networking override is always defaulted after some updates.

Well, then it can’t work - Ubuntu 20.04 sticks on netplan, so I suggest to use it. This also would explain your issues you got.

Just to show up that there is no stability problem, if you configure it “properly”.

I know u r ubuntu fan :D, but configs should retain as no one wants to do the same configs after updates, and ubuntu also enable apache2 after some updates which is not needed. And it was disabled previously. What you say about it?

Usualy, config stays the same - with that amount of informations, I can’t analyze or say anything about your issues. Just noted, that 20.04 uses netplan.

Also if ubuntu enables apache2, you probaly got a package that added it as dependency. A os, doesnt matter if centos, debian or ubuntu, does not install an apache2 webserver during upgrades without any reason… Just my thoughts and completly not interested in Debian vs. Ubuntu discussion. There was just no reason to declare ubuntu as instable :slight_smile:.

Yeahhh for most users they dont able to notice such issues… And yes ubuntu is great and stable, but debian is one step more stable in my opinion.