Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Ogłoszenie
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
Strony: 1
- Forum Debian Users Gang
- » Sieci i serwery
- » Failed to start netfilter persistent configuration
#1 2017-01-13 14:25:12
Novi-cjusz - 
Użytkownik
- Novi-cjusz
- Użytkownik
- Zarejestrowany: 2013-03-05
Failed to start netfilter persistent configuration
Wylaczylem IPv6.
Kod:
➜ robin sysctl -a 2>/dev/null | grep ipv6 | grep disable net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.eth0.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 net.ipv6.conf.virbr1.disable_ipv6 = 1 net.ipv6.conf.virbr1-nic.disable_ipv6 = 1
Dostaje regularnie komunikat przy starcie:
Failed to start netfilter persistent configuration
Znaczy, ze moj firewall iptables - nie dziala.
Sprawdzam, i tu niespodzianka:
Kod:
➜ robin systemctl status netfilter-persistent.service ● netfilter-persistent.service - netfilter persistent configuration Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; enabled) Active: active (exited) since Fri 2017-01-13 11:20:40 GMT; 1h 54min ago Process: 807 ExecStart=/usr/sbin/netfilter-persistent start (code=exited, status=0/SUCCESS) Main PID: 807 (code=exited, status=0/SUCCESS) CGroup: /system.slice/netfilter-persistent.service Jan 13 11:20:39 debian systemd[1]: Starting netfilter persistent configurat..... Jan 13 11:20:39 debian netfilter-persistent[807]: run-parts: executing /usr/s... Jan 13 11:20:40 debian netfilter-persistent[807]: run-parts: executing /usr/s... Jan 13 11:20:40 debian systemd[1]: Started netfilter persistent configuration. Hint: Some lines were ellipsized, use -l to show in full.
Logi:
Kod:
➜ robin journalctl -xn -- Logs begin at Fri 2017-01-13 11:20:31 GMT, end at Fri 2017-01-13 13:15:06 GMT Jan 13 13:13:27 debian systemd[1]: Started Hostname Service. -- Subject: Unit systemd-hostnamed.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit systemd-hostnamed.service has finished starting up. -- -- The start-up result is done. Jan 13 13:13:41 debian gnome-session[1936]: (process:7387): GLib-CRITICAL **: g_ Jan 13 13:13:41 debian org.gnome.zeitgeist.SimpleIndexer[1981]: ** (zeitgeist-ft Jan 13 13:13:43 debian gnome-session[1936]: ** (zeitgeist-datahub:2258): WARNING Jan 13 13:13:43 debian gnome-session[1936]: ** (zeitgeist-datahub:2258): WARNING Jan 13 13:15:01 debian CRON[7429]: pam_unix(cron:session): session opened for us Jan 13 13:15:01 debian CRON[7430]: (root) CMD (/nsm/bro/bin/broctl cron) Jan 13 13:15:01 debian kernel: device eth0 entered promiscuous mode Jan 13 13:15:06 debian kernel: device eth0 left promiscuous mode Jan 13 13:15:06 debian CRON[7429]: pam_unix(cron:session): session closed for us
Kod:
➜ robin locate netfilter-persistent.service /cgroup/devices/system.slice/netfilter-persistent.service /cgroup/devices/system.slice/netfilter-persistent.service/cgroup.clone_children /cgroup/devices/system.slice/netfilter-persistent.service/cgroup.procs /cgroup/devices/system.slice/netfilter-persistent.service/devices.allow /cgroup/devices/system.slice/netfilter-persistent.service/devices.deny /cgroup/devices/system.slice/netfilter-persistent.service/devices.list /cgroup/devices/system.slice/netfilter-persistent.service/notify_on_release /cgroup/devices/system.slice/netfilter-persistent.service/tasks /etc/systemd/system/multi-user.target.wants/netfilter-persistent.service /lib/systemd/system/netfilter-persistent.service /var/lib/systemd/deb-systemd-helper-enabled/netfilter-persistent.service.dsh-also /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/netfilter-persistent.service
Plik konfigu uslugi persistent.service:
Kod:
➜ robin cat /lib/systemd/system/netfilter-persistent.service [Unit] Description=netfilter persistent configuration DefaultDependencies=no Before=network.target Requires=systemd-modules-load.service local-fs.target After=systemd-modules-load.service local-fs.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/sbin/netfilter-persistent start ExecStop=/usr/sbin/netfilter-persistent stop [Install] WantedBy=multi-user.target
chkconfig twierdzi, ze netfilter-persistent.service jest "off"
Kod:
➜ robin sudo chkconfig --list acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off alsa-utils 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off apache-htcacheclean 0:off 1:off 2:off 3:off 4:off 5:off 6:off apache2 0:off 1:off 2:on 3:on 4:on 5:on 6:off atd 0:off 1:off 2:on 3:on 4:on 5:on 6:off avahi-daemon 0:off 1:off 2:on 3:on 4:on 5:on 6:off binfmt-support 0:off 1:off 2:on 3:on 4:on 5:on 6:off bluetooth 0:off 1:off 2:off 3:off 4:off 5:off 6:off bootlogd 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on bootlogs 0:off 1:on 2:on 3:on 4:on 5:on 6:off bootmisc.sh 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on cgconf 0:off 1:off 2:off 3:off 4:off 5:off 6:off cgrulesngd 0:off 1:off 2:on 3:on 4:on 5:on 6:off checkfs.sh 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on checkroot-bootclean.sh 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on checkroot.sh 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on conntrackd 0:off 1:off 2:on 3:on 4:on 5:on 6:off console-setup 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on cron 0:off 1:off 2:on 3:on 4:on 5:on 6:off cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off cups-browsed 0:off 1:off 2:on 3:on 4:on 5:on 6:off dbus 0:off 1:off 2:on 3:on 4:on 5:on 6:off ebtables 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on exim4 0:off 1:off 2:on 3:on 4:on 5:on 6:off gdm3 0:off 1:off 2:on 3:on 4:on 5:on 6:off gdomap 0:off 1:off 2:on 3:on 4:on 5:on 6:off glances 0:off 1:off 2:on 3:on 4:on 5:on 6:off hddtemp 0:off 1:off 2:on 3:on 4:on 5:on 6:off hdparm 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on hostname.sh 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on hwclock.sh 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on ifplugd 0:off 1:off 2:on 3:on 4:on 5:on 6:off irqbalance 0:off 1:off 2:on 3:on 4:on 5:on 6:off kbd 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on keyboard-setup 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on kibana 0:off 1:off 2:off 3:off 4:off 5:off 6:off killprocs 0:off 1:on 2:off 3:off 4:off 5:off 6:off kmod 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on libvirt-guests 0:off 1:off 2:on 3:on 4:on 5:on 6:off libvirtd 0:off 1:off 2:on 3:on 4:on 5:on 6:off lm-sensors 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on lvm2 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on lxc 0:off 1:off 2:on 3:on 4:on 5:on 6:off minissdpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off motd 0:off 1:on 2:on 3:on 4:on 5:on 6:off mountall-bootclean.sh 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on mountall.sh 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on mountdevsubfs.sh 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on mountkernfs.sh 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on mountnfs-bootclean.sh 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on mountnfs.sh 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on mysql 0:off 1:off 2:on 3:on 4:on 5:on 6:off netfilter-persistent 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on network-manager 0:off 1:off 2:on 3:on 4:on 5:on 6:off networking 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on nfs-common 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on nscd 0:off 1:off 2:on 3:on 4:on 5:on 6:off pgl 0:off 1:off 2:on 3:on 4:on 5:on 6:off pppd-dns 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on procps 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on qemu-system-x86 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on rc.local 0:off 1:off 2:on 3:on 4:on 5:on 6:off rcS 0:off 1:off 2:off 3:off 4:off 5:off 6:off redis-server 0:off 1:off 2:on 3:on 4:on 5:on 6:off rmnologin 0:off 1:off 2:on 3:on 4:on 5:on 6:off rpcbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off rsync 0:off 1:off 2:on 3:on 4:on 5:on 6:off rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off saned 0:off 1:off 2:on 3:on 4:on 5:on 6:off sendsigs 0:off 1:off 2:off 3:off 4:off 5:off 6:off smartmontools 0:off 1:off 2:on 3:on 4:on 5:on 6:off snmpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off speech-dispatcher 0:off 1:off 2:on 3:on 4:on 5:on 6:off stop-bootlogd 0:off 1:off 2:on 3:on 4:on 5:on 6:off stop-bootlogd-single 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on sudo 0:off 1:off 2:off 3:off 4:off 5:off 6:off udev 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on udev-finish 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on ulogd2 0:off 1:off 2:on 3:on 4:on 5:on 6:off umountfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off umountnfs.sh 0:off 1:off 2:off 3:off 4:off 5:off 6:off umountroot 0:off 1:off 2:off 3:off 4:off 5:off 6:off urandom 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on uuidd 0:off 1:off 2:on 3:on 4:on 5:on 6:off vnstat 0:off 1:off 2:on 3:on 4:on 5:on 6:off wicd 0:off 1:off 2:on 3:on 4:on 5:on 6:off x11-common 0:off 1:off 2:off 3:off 4:off 5:off 6:off S:on zabbix-agent 0:off 1:off 2:on 3:on 4:on 5:on 6:off zabbix-server.dpkg-new 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Na koniec usluga i jej stan:
Kod:
systemctl list-units -t service --no-legend --all
Kod:
netfilter-persistent.service loaded active exited netfilter persistent configu
To jak jest netfilter persistent czy tez nie?
Skad bierze sie ten komunukat startowy o nieudanym starcie uslugi?
Ostatnio edytowany przez Novi-cjusz (2017-01-13 14:39:36)
------------------------------------------------------------------------------------
"Inveniam viam aut faciam" : I will either find a way, or I shall make one
"Złoto to pieniądz królów, srebro to pieniądz dżentelmenów, barter to pieniądz chłopów ale dług to pieniądz niewolników."
Offline
#2 2017-01-13 16:36:49
wikingagressor - Użytkownik
- wikingagressor
- Użytkownik
- Skąd: Józefów k.Błonia, mazowieck
- Zarejestrowany: 2015-02-03
Re: Failed to start netfilter persistent configuration
Nie jestem specjalista od spraw sieciowych, ale na moje oko pewnie masz gdzies w ustawieniach dla iptables jakies wpisy odnosnie ipv6. Podczas wstawania firewalla szuka interfejsu ipv6 zeby zaladowac reguly, a tu klops. Nie wiem czy powoduje to wywalenie sie wszystkiego, czy reguly dotyczace ipv4 dzialaja dalej, musisz to sam przeszukac w logach.
Peace, Love and Debian for the World!!!
Offline
#3 2017-01-13 17:19:31
Novi-cjusz - Użytkownik
- Novi-cjusz
- Użytkownik
- Zarejestrowany: 2013-03-05
Re: Failed to start netfilter persistent configuration
Moj konfig netfiltera dla IPv6 jest minimalistyczny.
Kod:
*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
Zainstalowalem sobie GUI dla systemd z tej strony: https://forums.bunsenlabs.org/viewtopic.php?id=2180
Taki wynik:
http://imgur.com/a/sd21W
Albo netfilter jest poza kontrola albo systemd.
Zeby za duzo nie kombinowac skorzystalem ze swietnej strony Morfitronik
Ale ciagle cos nie tak:
Kod:
➜ filtr ls -al /etc/filtr/ total 28 drwxr-xr-x 2 root root 4096 Jan 13 18:04 . drwxrwxrwx 174 root root 12288 Jan 13 18:10 .. -rw-r--r-- 1 root root 1368 Jan 13 18:04 base.sh -rw-r--r-- 1 root root 766 Jan 13 18:03 ip6tables_filter.sh -rwxr-xr-x 1 root root 1275 Jan 13 18:00 iptables_filter.sh ➜ filtr ls -al /etc/systemd/system/firewall.service -rw-rw-r-- 1 root root 422 Jan 13 18:33 /etc/systemd/system/firewall.service ➜ filtr cat /etc/systemd/system/firewall.service Unit] Description=firewall Documentation=man:iptables DefaultDependencies=no Wants=network-pre.target systemd-modules-load.service Before=network-pre.target After=systemd-modules-load.service [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/sh -c "/etc/filtr/iptables_filter.sh" ExecStart=/bin/sh -c "/etc/filtr/ip6tables_filter.sh" ExecStop=/bin/sh -c "/etc/filtr/base.sh" [Install] WantedBy=multi-user.target ➜ filtr systemctl daemon-reload ➜ filtr systemctl enable firewall.service Failed to execute operation: Bad message ➜ filtr systemctl start firewall.service Job for firewall.service failed. See 'systemctl status firewall.service' and 'journalctl -xn' for details. ➜ filtr systemctl status firewall.service ● firewall.service Loaded: loaded (/etc/systemd/system/firewall.service; enabled) Active: failed (Result: exit-code) since Fri 2017-01-13 18:51:15 GMT; 13s ago Process: 4258 ExecStart=/bin/sh -c /etc/filtr/ip6tables_filter.sh (code=exited, status=126) Process: 4226 ExecStart=/bin/sh -c /etc/filtr/iptables_filter.sh (code=exited, status=0/SUCCESS) Main PID: 4258 (code=exited, status=126) Jan 13 18:51:15 debian sh[4258]: /bin/sh: 1: /etc/filtr/ip6tables_filter.sh: Permis...ied Jan 13 18:51:15 debian systemd[1]: firewall.service: main process exited, code=exit...n/a Jan 13 18:51:15 debian systemd[1]: Failed to start firewall.service. Jan 13 18:51:15 debian systemd[1]: Unit firewall.service entered failed state. Hint: Some lines were ellipsized, use -l to show in full. ➜ filtr journalctl -xn -- Logs begin at Fri 2017-01-13 18:10:07 GMT, end at Fri 2017-01-13 18:51:15 GMT. -- Jan 13 18:50:52 debian systemd[1]: Started ACPI event daemon. -- Subject: Unit acpid.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit acpid.service has finished starting up. -- -- The start-up result is done. Jan 13 18:50:52 debian systemd[1]: Listening on ACPID Listen Socket. -- Subject: Unit acpid.socket has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit acpid.socket has finished starting up. -- -- The start-up result is done. Jan 13 18:50:52 debian systemd[1]: Mounted /. -- Subject: Unit -.mount has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit -.mount has finished starting up. -- -- The start-up result is done. Jan 13 18:51:04 debian systemd[1]: [/etc/systemd/system/firewall.service:1] Missing '='. Jan 13 18:51:15 debian systemd[1]: Cannot add dependency job for unit cgconfig.service, i Jan 13 18:51:15 debian systemd[1]: Starting firewall.service... -- Subject: Unit firewall.service has begun with start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit firewall.service has begun starting up. Jan 13 18:51:15 debian sh[4258]: /bin/sh: 1: /etc/filtr/ip6tables_filter.sh: Permission d Jan 13 18:51:15 debian systemd[1]: firewall.service: main process exited, code=exited, st Jan 13 18:51:15 debian systemd[1]: Failed to start firewall.service. -- Subject: Unit firewall.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit firewall.service has failed. -- -- The result is failed. Jan 13 18:51:15 debian systemd[1]: Unit firewall.service entered failed state.
Teraz dla odmiany, netfilter-persistent service dziala:
Kod:
● netfilter-persistent.service - netfilter persistent configuration Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; enabled) Active: active (exited) since Fri 2017-01-13 19:35:58 GMT; 52min ago Process: 783 ExecStart=/usr/sbin/netfilter-persistent start (code=exited, status=0/SUCCESS) Main PID: 783 (code=exited, status=0/SUCCESS) CGroup: /system.slice/netfilter-persistent.service Jan 13 19:35:57 debian systemd[1]: Starting netfilter persistent configurat..... Jan 13 19:35:58 debian netfilter-persistent[783]: run-parts: executing /usr/s... Jan 13 19:35:58 debian netfilter-persistent[783]: run-parts: executing /usr/s... Jan 13 19:35:58 debian systemd[1]: Started netfilter persistent configuration.
Natomiast firewall.service nie i juz:
Co przeoczylem?
Rano wyczyscilem firewalla ze zbednych plikow konfiguracyjnych i zabangala, ze milo.
Kod:
➜ ~ systemctl daemon-reload
➜ ~ systemctl enable firewall.service
➜ ~ systemctl start firewall.service
➜ ~ systemctl status firewall.service
● firewall.service - firewall
Loaded: loaded (/etc/systemd/system/firewall.service; enabled)
Active: active (exited) since Sat 2017-01-14 12:33:07 GMT; 13s ago
Docs: man:iptables
Process: 8501 ExecStart=/bin/sh -c /etc/filtr/iptables_filter.sh (code=exited, status=0/SUCCESS)
Main PID: 8501 (code=exited, status=0/SUCCESS)Trzymac porzadek, taki wniosek.
Pozdro.
Ostatnio edytowany przez Novi-cjusz (2017-01-14 14:11:54)
------------------------------------------------------------------------------------
"Inveniam viam aut faciam" : I will either find a way, or I shall make one
"Złoto to pieniądz królów, srebro to pieniądz dżentelmenów, barter to pieniądz chłopów ale dług to pieniądz niewolników."
Offline
Strony: 1
- Forum Debian Users Gang
- » Sieci i serwery
- » Failed to start netfilter persistent configuration