0
Fixed

Firewall function crashes - Ubuntu Server

Carl Medley 7 years ago updated by Eugene Pankov (Project coordinator) 7 years ago 6

Ajenti 0.99.7 bug report

--------------------

Detected platform: debian / ubuntu / Ubuntu 12.04.2 LTS

Python: 2.7.3

Installation: 27849470

Debug: False

Loaded plugins:

main dashboard services plugins configurator resolv fstab db_common fm power ajenti_org codemirror notepad terminal scripts cron resources network hosts webserver_common apache iptables packages taskmgr mysql sensors logs users test

Traceback (most recent call last):

  File "/usr/lib/pymodules/python2.7/ajenti/plugins/main/main.py", line 98, in on_message

    self.ui.dispatch_event(update['uid'], update['event'], update['params'])

  File "/usr/lib/pymodules/python2.7/ajenti/ui/__init__.py", line 64, in dispatch_event

    self.root.dispatch_event(uid, event, params)

  File "/usr/lib/pymodules/python2.7/ajenti/ui/element.py", line 306, in dispatch_event

    if child.dispatch_event(uid, event, params):

  File "/usr/lib/pymodules/python2.7/ajenti/ui/element.py", line 302, in dispatch_event

    self.event(event, params)

  File "/usr/lib/pymodules/python2.7/ajenti/ui/element.py", line 320, in event

    getattr(self, 'on_%s' % event)(**(params or {}))

  File "/usr/lib/pymodules/python2.7/ajenti/plugins/main/main.py", line 266, in on_switch

    child.broadcast('on_page_load')

  File "/usr/lib/pymodules/python2.7/ajenti/ui/element.py", line 292, in broadcast

    getattr(self, method)(*args, **kwargs)

  File "/usr/lib/pymodules/python2.7/ajenti/plugins/iptables/main.py", line 109, in on_page_load

    self.refresh()

  File "/usr/lib/pymodules/python2.7/ajenti/plugins/iptables/main.py", line 121, in refresh

    self.binder.autodiscover().populate()

  File "/usr/lib/pymodules/python2.7/ajenti/ui/binder.py", line 410, in populate

    binding.populate()

  File "/usr/lib/pymodules/python2.7/ajenti/ui/binder.py", line 293, in populate

    binder.populate()

  File "/usr/lib/pymodules/python2.7/ajenti/ui/binder.py", line 410, in populate

    binding.populate()

  File "/usr/lib/pymodules/python2.7/ajenti/ui/binder.py", line 293, in populate

    binder.populate()

  File "/usr/lib/pymodules/python2.7/ajenti/ui/binder.py", line 410, in populate

    binding.populate()

  File "/usr/lib/pymodules/python2.7/ajenti/ui/binder.py", line 293, in populate

    binder.populate()

  File "/usr/lib/pymodules/python2.7/ajenti/ui/binder.py", line 410, in populate

    binding.populate()

  File "/usr/lib/pymodules/python2.7/ajenti/ui/binder.py", line 293, in populate

    binder.populate()

  File "/usr/lib/pymodules/python2.7/ajenti/ui/binder.py", line 410, in populate

    binding.populate()

  File "/usr/lib/pymodules/python2.7/ajenti/ui/binder.py", line 130, in populate

    template = self.ui.children[index]

IndexError: list index out of range

Log:

2013-06-26 12:48:12,782 INFO     registry.register_crypt_handler(): registered crypt handler 'sha512_crypt': <class 'passlib.handlers.sha2_crypt.sha512_crypt'>

2013-06-26 12:48:12,826 INFO     core.run(): Ajenti 0.99.7 running on platform: debian

2013-06-26 12:48:12,826 DEBUG    __init__.load(): Loading plugin services

2013-06-26 12:48:12,826 DEBUG    __init__.load():   == Services 

2013-06-26 12:48:12,826 DEBUG    __init__.load_recursive(): Preloading plugin dependency: main

2013-06-26 12:48:12,827 DEBUG    __init__.load(): Loading plugin main

2013-06-26 12:48:12,827 DEBUG    __init__.load():   == Core 

2013-06-26 12:48:12,844 DEBUG    __init__.load(): Loading plugin services

2013-06-26 12:48:12,844 DEBUG    __init__.load():   == Services 

2013-06-26 12:48:12,844 DEBUG    __init__.load_recursive(): Preloading plugin dependency: dashboard

2013-06-26 12:48:12,844 DEBUG    __init__.load(): Loading plugin dashboard

2013-06-26 12:48:12,844 DEBUG    __init__.load():   == Dashboard 

2013-06-26 12:48:12,845 DEBUG    __init__.load(): Loading plugin services

2013-06-26 12:48:12,845 DEBUG    __init__.load():   == Services 

2013-06-26 12:48:12,853 DEBUG    __init__.load(): Loading plugin plugins

2013-06-26 12:48:12,854 DEBUG    __init__.load():   == Plugins 

2013-06-26 12:48:12,854 DEBUG    __init__.load(): Loading plugin configurator

2013-06-26 12:48:12,854 DEBUG    __init__.load():   == Ajenti Configurator 

2013-06-26 12:48:12,855 DEBUG    __init__.load(): Loading plugin supervisor

2013-06-26 12:48:12,855 DEBUG    __init__.load():   == Supervisor 

2013-06-26 12:48:12,859 WARNING  __init__.load():  *** [supervisor] Plugin failed to load: BinaryDependency (supervisord)

2013-06-26 12:48:12,859 DEBUG    __init__.load(): Loading plugin resolv

2013-06-26 12:48:12,859 DEBUG    __init__.load():   == Nameservers 

2013-06-26 12:48:12,860 DEBUG    __init__.load(): Loading plugin fstab

2013-06-26 12:48:12,860 DEBUG    __init__.load():   == Filesystems 

2013-06-26 12:48:12,882 DEBUG    __init__.load(): Loading plugin squid

2013-06-26 12:48:12,882 DEBUG    __init__.load():   == Squid 

2013-06-26 12:48:12,885 WARNING  __init__.load():  *** [squid] Plugin failed to load: BinaryDependency (squid3)

2013-06-26 12:48:12,886 DEBUG    __init__.load(): Loading plugin db_common

2013-06-26 12:48:12,886 DEBUG    __init__.load():   == Database Commons 

2013-06-26 12:48:12,887 DEBUG    __init__.load(): Loading plugin hddtemp

2013-06-26 12:48:12,887 DEBUG    __init__.load():   == HDD temperature 

2013-06-26 12:48:12,890 WARNING  __init__.load():  *** [hddtemp] Plugin failed to load: BinaryDependency (hddtemp)

2013-06-26 12:48:12,890 DEBUG    __init__.load(): Loading plugin lm-sensors

2013-06-26 12:48:12,890 DEBUG    __init__.load():   == LM-Sensors 

2013-06-26 12:48:12,894 WARNING  __init__.load():  *** [lm-sensors] Plugin failed to load: BinaryDependency (sensors)

2013-06-26 12:48:12,895 DEBUG    __init__.load(): Loading plugin fm

2013-06-26 12:48:12,895 DEBUG    __init__.load():   == File Manager 

2013-06-26 12:48:12,897 DEBUG    __init__.load(): Loading plugin exports

2013-06-26 12:48:12,897 DEBUG    __init__.load():   == NFS Exports 

2013-06-26 12:48:12,901 WARNING  __init__.load():  *** [exports] Plugin failed to load: BinaryDependency (nfsstat)

2013-06-26 12:48:12,901 DEBUG    __init__.load(): Loading plugin power

2013-06-26 12:48:12,901 DEBUG    __init__.load():   == Power 

2013-06-26 12:48:12,902 DEBUG    __init__.load(): Loading plugin ajenti_org

2013-06-26 12:48:12,902 DEBUG    __init__.load():   == ajenti.org integration 

2013-06-26 12:48:12,903 DEBUG    __init__.load(): Loading plugin notepad

2013-06-26 12:48:12,903 DEBUG    __init__.load():   == Notepad 

2013-06-26 12:48:12,903 DEBUG    __init__.load_recursive(): Preloading plugin dependency: codemirror

2013-06-26 12:48:12,903 DEBUG    __init__.load(): Loading plugin codemirror

2013-06-26 12:48:12,903 DEBUG    __init__.load():   == CodeMirror code editor 

2013-06-26 12:48:12,904 DEBUG    __init__.load(): Loading plugin notepad

2013-06-26 12:48:12,904 DEBUG    __init__.load():   == Notepad 

2013-06-26 12:48:12,904 DEBUG    __init__.load(): Loading plugin netatalk

2013-06-26 12:48:12,904 DEBUG    __init__.load():   == Netatalk 

2013-06-26 12:48:12,908 WARNING  __init__.load():  *** [netatalk] Plugin failed to load: BinaryDependency (afpd)

2013-06-26 12:48:12,908 DEBUG    __init__.load(): Loading plugin scripts

2013-06-26 12:48:12,908 DEBUG    __init__.load():   == Scripts 

2013-06-26 12:48:12,908 DEBUG    __init__.load_recursive(): Preloading plugin dependency: terminal

2013-06-26 12:48:12,908 DEBUG    __init__.load(): Loading plugin terminal

2013-06-26 12:48:12,909 DEBUG    __init__.load():   == Terminal 

2013-06-26 12:48:12,921 DEBUG    __init__.load(): Loading plugin scripts

2013-06-26 12:48:12,922 DEBUG    __init__.load():   == Scripts 

2013-06-26 12:48:12,922 DEBUG    __init__.load(): Loading plugin cron

2013-06-26 12:48:12,922 DEBUG    __init__.load():   == Cron 

2013-06-26 12:48:12,927 DEBUG    __init__.load(): Loading plugin resources

2013-06-26 12:48:12,927 DEBUG    __init__.load():   == Resource Manager 

2013-06-26 12:48:12,929 DEBUG    __init__.load(): Loading plugin raid

2013-06-26 12:48:12,929 DEBUG    __init__.load():   == RAID 

2013-06-26 12:48:12,933 WARNING  __init__.load():  *** [raid] Plugin failed to load: BinaryDependency (mdadm)

2013-06-26 12:48:12,934 DEBUG    __init__.load(): Loading plugin psql

2013-06-26 12:48:12,934 DEBUG    __init__.load():   == PostgreSQL 

2013-06-26 12:48:12,938 WARNING  __init__.load():  *** [psql] Plugin failed to load: BinaryDependency (psql)

2013-06-26 12:48:12,938 DEBUG    __init__.load(): Loading plugin network

2013-06-26 12:48:12,938 DEBUG    __init__.load():   == Network 

2013-06-26 12:48:12,939 DEBUG    __init__.load(): Loading plugin hosts

2013-06-26 12:48:12,939 DEBUG    __init__.load():   == Hosts 

2013-06-26 12:48:12,940 DEBUG    __init__.load(): Loading plugin apache

2013-06-26 12:48:12,940 DEBUG    __init__.load():   == Apache 

2013-06-26 12:48:12,940 DEBUG    __init__.load_recursive(): Preloading plugin dependency: webserver_common

2013-06-26 12:48:12,940 DEBUG    __init__.load(): Loading plugin webserver_common

2013-06-26 12:48:12,940 DEBUG    __init__.load():   == Webserver Commons 

2013-06-26 12:48:12,940 DEBUG    __init__.load(): Loading plugin apache

2013-06-26 12:48:12,941 DEBUG    __init__.load():   == Apache 

2013-06-26 12:48:12,945 DEBUG    __init__.load(): Loading plugin iptables

2013-06-26 12:48:12,945 DEBUG    __init__.load():   == Firewall 

2013-06-26 12:48:12,946 DEBUG    __init__.load(): Loading plugin ctdb

2013-06-26 12:48:12,946 DEBUG    __init__.load():   == CTDB 

2013-06-26 12:48:12,950 WARNING  __init__.load():  *** [ctdb] Plugin failed to load: BinaryDependency (ctdb)

2013-06-26 12:48:12,950 DEBUG    __init__.load(): Loading plugin packages

2013-06-26 12:48:12,950 DEBUG    __init__.load():   == Package manager 

2013-06-26 12:48:12,952 DEBUG    __init__.load(): Loading plugin taskmgr

2013-06-26 12:48:12,952 DEBUG    __init__.load():   == Processes 

2013-06-26 12:48:12,953 DEBUG    __init__.load(): Loading plugin mysql

2013-06-26 12:48:12,953 DEBUG    __init__.load():   == MySQL 

2013-06-26 12:48:12,957 DEBUG    __init__.load(): Loading plugin sensors

2013-06-26 12:48:12,958 DEBUG    __init__.load():   == Sensors 

2013-06-26 12:48:12,959 DEBUG    __init__.load(): Loading plugin logs

2013-06-26 12:48:12,959 DEBUG    __init__.load():   == Logs 

2013-06-26 12:48:12,960 DEBUG    __init__.load(): Loading plugin munin

2013-06-26 12:48:12,960 DEBUG    __init__.load():   == Munin 

2013-06-26 12:48:12,964 WARNING  __init__.load():  *** [munin] Plugin failed to load: BinaryDependency (munin-cron)

2013-06-26 12:48:12,964 DEBUG    __init__.load(): Loading plugin nginx

2013-06-26 12:48:12,964 DEBUG    __init__.load():   == NGINX 

2013-06-26 12:48:12,968 WARNING  __init__.load():  *** [nginx] Plugin failed to load: BinaryDependency (nginx)

2013-06-26 12:48:12,968 DEBUG    __init__.load(): Loading plugin users

2013-06-26 12:48:12,969 DEBUG    __init__.load():   == Users 

2013-06-26 12:48:12,969 DEBUG    __init__.load(): Loading plugin samba

2013-06-26 12:48:12,970 DEBUG    __init__.load():   == Samba 

2013-06-26 12:48:12,973 WARNING  __init__.load():  *** [samba] Plugin failed to load: BinaryDependency (smbd)

2013-06-26 12:48:12,974 DEBUG    __init__.load(): Loading plugin smartctl

2013-06-26 12:48:12,974 DEBUG    __init__.load():   == S.M.A.R.T. 

2013-06-26 12:48:12,978 WARNING  __init__.load():  *** [smartctl] Plugin failed to load: BinaryDependency (smartctl)

2013-06-26 12:48:12,978 DEBUG    __init__.load(): Loading plugin test

2013-06-26 12:48:12,978 DEBUG    __init__.load():   == Test 

2013-06-26 12:48:12,985 INFO     core.start(): Starting SSL tunnel for port 47520

2013-06-26 12:48:13,694 INFO     core.run(): SSL tunnel running fine

2013-06-26 12:48:13,694 INFO     core.run(): Starting server on (u'127.0.0.1', 47520)

2013-06-26 12:48:13,695 DEBUG    feedback.send(): Feedback >> ping ({'id': 261})

2013-06-26 12:48:13,699 INFO     connectionpool._new_conn(): Starting new HTTP connection (1): meta.ajenti.org

2013-06-26 12:48:28,715 WARNING  connectionpool.urlopen(): Retrying (0 attempts remain) after connection broken by 'DNSError(67, 'request timed out')': /api/v2/ping


Answer

Answer
Fixed

Hi Carl! Could you please attach your iptables config file?

Under review

Hi Carl! Could you please attach your iptables config file?

Hi Eugeny,

   The only "config" file I'm seeing is the "Iptables.up.rules" file. Is there a different file you need, or is that the one?

CentOS6.4 + 0.99-15 - issue fixed

Answer
Fixed

Hi Carl! Could you please attach your iptables config file?

Here is my files content. Unfortunately I had to remove Ajenti from the box in lieu of something that had network config functionality. I need to add a post to the suggestion side and comment that we'd benefit from functionality similar to what Webmin currently has. I know some may feel Webmin is overkill, but more is better in my world. Adding more functionality to Ajenti like that would be wonderful!

# Generated by iptables-save v1.4.12 on Wed Jun 26 12:38:45 2013
*raw
:PREROUTING ACCEPT [1828412:95858484]
:OUTPUT ACCEPT [2039245:127205995]
COMMIT
# Completed on Wed Jun 26 12:38:45 2013
# Generated by iptables-save v1.4.12 on Wed Jun 26 12:38:45 2013
*nat
:PREROUTING ACCEPT [527:121466]
:INPUT ACCEPT [523:120550]
:OUTPUT ACCEPT [61:3703]
:POSTROUTING ACCEPT [61:3703]
COMMIT
# Completed on Wed Jun 26 12:38:45 2013
# Generated by iptables-save v1.4.12 on Wed Jun 26 12:38:45 2013
*mangle
:PREROUTING ACCEPT [1828412:95858484]
:INPUT ACCEPT [1828408:95857568]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2039245:127205995]
:POSTROUTING ACCEPT [2039245:127205995]
:tcfor - [0:0]
:tcin - [0:0]
:tcout - [0:0]
:tcpost - [0:0]
:tcpre - [0:0]
-A PREROUTING -j tcpre
-A INPUT -j tcin
-A FORWARD -j MARK --set-xmark 0x0/0xff
-A FORWARD -j tcfor
-A OUTPUT -j tcout
-A POSTROUTING -j tcpost
COMMIT
# Completed on Wed Jun 26 12:38:45 2013
# Generated by iptables-save v1.4.12 on Wed Jun 26 12:38:45 2013
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:Broadcast - [0:0]
:Drop - [0:0]
:Invalid - [0:0]
:NotSyn - [0:0]
:Reject - [0:0]
:dynamic - [0:0]
:fw2loc - [0:0]
:fw2net - [0:0]
:loc2fw - [0:0]
:loc2net - [0:0]
:logdrop - [0:0]
:logreject - [0:0]
:net2fw - [0:0]
:net2loc - [0:0]
:reject - [0:0]
:shorewall - [0:0]
-A INPUT -m conntrack --ctstate INVALID,NEW -j dynamic
-A INPUT -i eth0 -j net2fw
-A INPUT -i eth1 -j loc2fw
-A INPUT -i lo -j ACCEPT
-A INPUT -j Reject
-A INPUT -j LOG --log-prefix "Shorewall:INPUT:REJECT:" --log-level 6
-A INPUT -g reject
-A FORWARD -i eth0 -o eth1 -j net2loc
-A FORWARD -i eth1 -o eth0 -j loc2net
-A FORWARD -j Reject
-A FORWARD -j LOG --log-prefix "Shorewall:FORWARD:REJECT:" --log-level 6
-A FORWARD -g reject
-A OUTPUT -o eth0 -j fw2net
-A OUTPUT -o eth1 -j fw2loc
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j Reject
-A OUTPUT -j LOG --log-prefix "Shorewall:OUTPUT:REJECT:" --log-level 6
-A OUTPUT -g reject
-A Broadcast -m addrtype --dst-type BROADCAST -j DROP
-A Broadcast -m addrtype --dst-type MULTICAST -j DROP
-A Broadcast -m addrtype --dst-type ANYCAST -j DROP
-A Broadcast -d 224.0.0.0/4 -j DROP
-A Drop
-A Drop -p tcp -m tcp --dport 113 -m comment --comment Auth -j reject
-A Drop -j Broadcast
-A Drop -p icmp -m icmp --icmp-type 3/4 -m comment --comment "Needed ICMP types" -j ACCEPT
-A Drop -p icmp -m icmp --icmp-type 11 -m comment --comment "Needed ICMP types" -j ACCEPT
-A Drop -j Invalid
-A Drop -p udp -m multiport --dports 135,445 -m comment --comment SMB -j DROP
-A Drop -p udp -m udp --dport 137:139 -m comment --comment SMB -j DROP
-A Drop -p udp -m udp --sport 137 --dport 1024:65535 -m comment --comment SMB -j DROP
-A Drop -p tcp -m multiport --dports 135,139,445 -m comment --comment SMB -j DROP
-A Drop -p udp -m udp --dport 1900 -m comment --comment UPnP -j DROP
-A Drop -p tcp -j NotSyn
-A Drop -p udp -m udp --sport 53 -m comment --comment "Late DNS Replies" -j DROP
-A Invalid -m conntrack --ctstate INVALID -j DROP
-A NotSyn -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A Reject
-A Reject -p tcp -m tcp --dport 113 -m comment --comment Auth -j reject
-A Reject -j Broadcast
-A Reject -p icmp -m icmp --icmp-type 3/4 -m comment --comment "Needed ICMP types" -j ACCEPT
-A Reject -p icmp -m icmp --icmp-type 11 -m comment --comment "Needed ICMP types" -j ACCEPT
-A Reject -j Invalid
-A Reject -p udp -m multiport --dports 135,445 -m comment --comment SMB -j reject
-A Reject -p udp -m udp --dport 137:139 -m comment --comment SMB -j reject
-A Reject -p udp -m udp --sport 137 --dport 1024:65535 -m comment --comment SMB -j reject
-A Reject -p tcp -m multiport --dports 135,139,445 -m comment --comment SMB -j reject
-A Reject -p udp -m udp --dport 1900 -m comment --comment UPnP -j DROP
-A Reject -p tcp -j NotSyn
-A Reject -p udp -m udp --sport 53 -m comment --comment "Late DNS Replies" -j DROP
-A fw2loc -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A fw2loc -j ACCEPT
-A fw2loc -j ACCEPT
-A fw2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A fw2net -j ACCEPT
-A fw2net -j ACCEPT
-A loc2fw -m conntrack --ctstate INVALID,NEW -j dynamic
-A loc2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A loc2fw -j ACCEPT
-A loc2fw -j ACCEPT
-A loc2net -m conntrack --ctstate INVALID,NEW -j dynamic
-A loc2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A loc2net -j Drop
-A loc2net -j DROP
-A logdrop -j DROP
-A logreject -j reject
-A net2fw -m conntrack --ctstate INVALID,NEW -j dynamic
-A net2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A net2fw -j reject
-A net2fw -j Drop
-A net2fw -j LOG --log-prefix "Shorewall:net2fw:DROP:" --log-level 6
-A net2fw -j DROP
-A net2loc -m conntrack --ctstate INVALID,NEW -j dynamic
-A net2loc -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A net2loc -j reject
-A net2loc -j Drop
-A net2loc -j LOG --log-prefix "Shorewall:net2loc:DROP:" --log-level 6
-A net2loc -j DROP
-A reject -m addrtype --src-type BROADCAST -j DROP
-A reject -s 224.0.0.0/4 -j DROP
-A reject -p igmp -j DROP
-A reject -p tcp -j REJECT --reject-with tcp-reset
-A reject -p udp -j REJECT --reject-with icmp-port-unreachable
-A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
-A reject -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Jun 26 12:38:45 2013