Unix & Linux Asked by Jademalo on December 19, 2020
I’ve just updated my old Debian Jessie server to Buster, and I’m having some issues with iptables.
I understand that the backend has been changed with the update, but I have absolutely no knowledge or experience with any of this.
Running sudo journalctl -e -u netfilter-persistent.service gives me the following error
Jul 22 16:49:35 systemd[1]: Starting netfilter persistent configuration...
Jul 22 16:49:35 netfilter-persistent[1069]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Jul 22 16:49:35 netfilter-persistent[1069]: iptables-restore v1.8.2 (nf_tables): Chain 'MASQUERADE' does not exist
Jul 22 16:49:35 netfilter-persistent[1069]: Error occurred at line: 6
Jul 22 16:49:35 netfilter-persistent[1069]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 22 16:49:35 netfilter-persistent[1069]: run-parts: /usr/share/netfilter-persistent/plugins.d/15-ip4tables exited with return code 2
Jul 22 16:49:35 netfilter-persistent[1069]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Jul 22 16:49:35 netfilter-persistent[1069]: ip6tables-restore: line 8 failed
Jul 22 16:49:35 netfilter-persistent[1069]: run-parts: /usr/share/netfilter-persistent/plugins.d/25-ip6tables exited with return code 1
Jul 22 16:49:35 systemd[1]: netfilter-persistent.service: Main process exited, code=exited, status=1/FAILURE
Jul 22 16:49:35 systemd[1]: netfilter-persistent.service: Failed with result 'exit-code'.
Jul 22 16:49:35 systemd[1]: Failed to start netfilter persistent configuration.
Below is my iptables
# Generated by iptables-save v1.4.21 on Wed Sep 12 09:39:51 2018
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o venet0 -j MASQUERADE
-A POSTROUTING -o venet0 -j MASQUERADE
COMMIT
# Completed on Wed Sep 12 09:39:51 2018
# Generated by iptables-save v1.4.21 on Wed Sep 12 09:39:51 2018
*mangle
:PREROUTING ACCEPT [5:200]
:INPUT ACCEPT [5:200]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:680]
:POSTROUTING ACCEPT [5:680]
COMMIT
# Completed on Wed Sep 12 09:39:51 2018
# Generated by iptables-save v1.4.21 on Wed Sep 12 09:39:51 2018
*raw
:PREROUTING ACCEPT [5:200]
:OUTPUT ACCEPT [5:680]
COMMIT
# Completed on Wed Sep 12 09:39:51 2018
# Generated by iptables-save v1.4.21 on Wed Sep 12 09:39:51 2018
*filter
:INPUT ACCEPT [5:200]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:680]
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Wed Sep 12 09:39:51 2018
Commenting out lines 6 and 7 results in this error
Jul 22 16:43:38 systemd[1]: Starting netfilter persistent configuration...
Jul 22 16:43:38 netfilter-persistent[663]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Jul 22 16:43:38 netfilter-persistent[663]: iptables-restore: line 8 failed
Jul 22 16:43:38 systemd[1]: netfilter-persistent.service: Main process exited, code=exited, status=1/FAILURE
Jul 22 16:43:38 netfilter-persistent[663]: run-parts: /usr/share/netfilter-persistent/plugins.d/15-ip4tables exited with return code 1
Jul 22 16:43:38 netfilter-persistent[663]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Jul 22 16:43:38 systemd[1]: netfilter-persistent.service: Failed with result 'exit-code'.
Jul 22 16:43:38 netfilter-persistent[663]: ip6tables-restore: line 8 failed
Jul 22 16:43:38 systemd[1]: Failed to start netfilter persistent configuration.
Jul 22 16:43:38 netfilter-persistent[663]: run-parts: /usr/share/netfilter-persistent/plugins.d/25-ip6tables exited with return code 1
I have also tried using update-alternatives to go back to the legacy iptables, but doing that gives me another error
Jul 22 16:52:44 systemd[1]: Starting netfilter persistent configuration...
Jul 22 16:52:44 netfilter-persistent[1130]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Jul 22 16:52:44 netfilter-persistent[1130]: iptables-restore v1.8.2 (legacy): iptables-restore: unable to initialize table 'nat'
Jul 22 16:52:44 netfilter-persistent[1130]: Error occurred at line: 2
Jul 22 16:52:44 netfilter-persistent[1130]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 22 16:52:44 netfilter-persistent[1130]: run-parts: /usr/share/netfilter-persistent/plugins.d/15-ip4tables exited with return code 2
Jul 22 16:52:44 netfilter-persistent[1130]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Jul 22 16:52:44 netfilter-persistent[1130]: ip6tables-restore: line 8 failed
Jul 22 16:52:44 netfilter-persistent[1130]: run-parts: /usr/share/netfilter-persistent/plugins.d/25-ip6tables exited with return code 1
Jul 22 16:52:44 systemd[1]: netfilter-persistent.service: Main process exited, code=exited, status=1/FAILURE
Jul 22 16:52:44 systemd[1]: netfilter-persistent.service: Failed with result 'exit-code'.
Jul 22 16:52:44 systemd[1]: Failed to start netfilter persistent configuration.
Trying to run sudo apt-get upgrade gives me the following error
sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Setting up netfilter-persistent (1.0.11) ...
Job for netfilter-persistent.service failed because the control process exited with error code.
See "systemctl status netfilter-persistent.service" and "journalctl -xe" for details.
invoke-rc.d: initscript netfilter-persistent, action "restart" failed.
● netfilter-persistent.service - netfilter persistent configuration
Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2020-07-22 16:57:09 CEST; 13ms ago
Process: 1498 ExecStart=/usr/sbin/netfilter-persistent start (code=exited, status=1/FAILURE)
Main PID: 1498 (code=exited, status=1/FAILURE)
Jul 22 16:57:09 netfilter-persistent[1498]: iptables-restore v1.8.2 (legacy): iptables-restore: unable to initialize table 'nat'
Jul 22 16:57:09 netfilter-persistent[1498]: Error occurred at line: 2
Jul 22 16:57:09 netfilter-persistent[1498]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 22 16:57:09 systemd[1]: netfilter-persistent.service: Main process exited, code=exited, status=1/FAILURE
Jul 22 16:57:09 netfilter-persistent[1498]: run-parts: /usr/share/netfilter-persistent/plugins.d/15-ip4tables exited with return code 2
Jul 22 16:57:09 netfilter-persistent[1498]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Jul 22 16:57:09 systemd[1]: netfilter-persistent.service: Failed with result 'exit-code'.
Jul 22 16:57:09 netfilter-persistent[1498]: ip6tables-restore: line 8 failed
Jul 22 16:57:09 netfilter-persistent[1498]: run-parts: /usr/share/netfilter-persistent/plugins.d/25-ip6tables exited with return code 1
Jul 22 16:57:09 systemd[1]: Failed to start netfilter persistent configuration.
dpkg: error processing package netfilter-persistent (--configure):
installed netfilter-persistent package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of iptables-persistent:
iptables-persistent depends on netfilter-persistent (= 1.0.11); however:
Package netfilter-persistent is not configured yet.
dpkg: error processing package iptables-persistent (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
netfilter-persistent
iptables-persistent
E: Sub-process /usr/bin/dpkg returned an error code (1)
I have no idea what I’m doing in here, and the research I’ve done says to either "fix the rules.v4 file" or to revert to the legacy alternative. Neither seems to work, and I don’t know enough to understand what’s going on in rules.v4 enough to fix it.
Thanks
EDIT: apt-cache policy on request
Package files:
100 /var/lib/dpkg/status
release a=now
500 http://ftp.us.debian.org/debian buster-updates/main amd64 Packages
release o=Debian,a=stable-updates,n=buster-updates,l=Debian,c=main,b=amd64
origin ftp.us.debian.org
500 http://security.debian.org buster/updates/main amd64 Packages
release v=10,o=Debian,a=stable,n=buster,l=Debian-Security,c=main,b=amd64
origin security.debian.org
500 http://ftp.us.debian.org/debian buster/main amd64 Packages
release v=10.4,o=Debian,a=stable,n=buster,l=Debian,c=main,b=amd64
origin ftp.us.debian.org
Pinned packages:
Output of dpkg -l | egrep -v '^ii'
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-===============================-====================================-============-===============================================================================
rc acl 2.2.53-4 amd64 access control list - utilities
rc avahi-daemon 0.6.31-5 amd64 Avahi mDNS/DNS-SD daemon
rc dpkg-dev 1.19.7 all Debian package development tools
rc libapt-inst1.5:amd64 1.0.9.8.4 amd64 deb package format runtime library
rc libass5:amd64 0.10.2-3 amd64 library for SSA/ASS subtitles rendering
rc libav-tools 6:11.12-1~deb8u1 amd64 Multimedia player, encoder and transcoder
rc libavahi-compat-libdnssd1:amd64 0.6.31-5 amd64 Avahi Apple Bonjour compatibility library
rc libavahi-core7:amd64 0.6.31-5 amd64 Avahi's embeddable mDNS/DNS-SD library
rc libavcodec53:amd64 6:0.8.21-0+deb7u1 amd64 Libav codec library
rc libavcodec56:amd64 6:11.12-1~deb8u1 amd64 Libav codec library
rc libavdevice53:amd64 6:0.8.21-0+deb7u1 amd64 Libav device handling library
rc libavdevice55:amd64 6:11.12-1~deb8u1 amd64 Libav device handling library
rc libavfilter2:amd64 6:0.8.21-0+deb7u1 amd64 Libav video filtering library
rc libavfilter5:amd64 6:11.12-1~deb8u1 amd64 Libav video filtering library
rc libavformat53:amd64 6:0.8.21-0+deb7u1 amd64 Libav file format library
rc libavformat56:amd64 6:11.12-1~deb8u1 amd64 Libav file format library
rc libavresample2:amd64 6:11.12-1~deb8u1 amd64 Libav audio resampling library
rc libavutil51:amd64 6:0.8.21-0+deb7u1 amd64 Libav utility library
rc libavutil54:amd64 6:11.12-1~deb8u1 amd64 Libav utility library
rc libbind9-80 1:9.8.4.dfsg.P1-6+nmu2+deb7u20 amd64 BIND9 Shared Library used by BIND
rc libbind9-90 1:9.9.5.dfsg-9+deb8u16 amd64 BIND9 Shared Library used by BIND
rc libbluray1:amd64 1:0.6.2-1 amd64 Blu-ray disc playback support library (shared library)
rc libcdio-cdda1 0.83-4.2 amd64 library to read and control digital audio CDs
rc libcdio-paranoia1 0.83-4.2 amd64 library to read digital audio CDs with error correction
rc libcdio13 0.83-4.2 amd64 library to read and control CD-ROM
rc libcryptsetup4:amd64 2:1.6.6-5 amd64 disk encryption support - shared library
rc libdaemon0:amd64 0.14-6 amd64 lightweight C library for daemons - runtime library
rc libdirac-encoder0:amd64 1.0.2-7.1 amd64 open and royalty free high quality video codec - encoder library
rc libdirectfb-1.2-9:amd64 1.2.10.0-5.1 amd64 direct frame buffer graphics - shared libraries
rc libdns-export100 1:9.9.5.dfsg-9+deb8u16 amd64 Exported DNS Shared Library
rc libdns100 1:9.9.5.dfsg-9+deb8u16 amd64 DNS Shared Library used by BIND
rc libdns88 1:9.8.4.dfsg.P1-6+nmu2+deb7u20 amd64 DNS Shared Library used by BIND
rc libevent-2.0-5:amd64 2.0.21-stable-2+deb8u1 amd64 Asynchronous event notification library
rc libfakeroot:amd64 1.23-1 amd64 tool for simulating superuser privileges - shared libraries
rc libffi5:amd64 3.0.10-3+deb7u2 amd64 Foreign Function Interface library runtime
rc libgcrypt11:amd64 1.5.0-5+deb7u6 amd64 LGPL Crypto library - runtime library
rc libgdbm3:amd64 1.8.3-13.1 amd64 GNU dbm database routines (runtime version)
rc libgeoip1:amd64 1.6.2-4 amd64 non-DNS IP-to-country resolver library
rc libgnutls-deb0-28:amd64 3.3.30-0+deb8u1 amd64 GNU TLS library - main runtime library
rc libgnutls26:amd64 2.12.20-8+deb7u5 amd64 GNU TLS library - runtime library
rc libhogweed2:amd64 2.7.1-5+deb8u2 amd64 low level cryptographic library (public-key cryptos)
rc libiceutil34 3.4.2-8.2 amd64 Ice for C++ misc utility library
rc libiceutil35:amd64 3.5.1-6+b3 amd64 Ice for C++ misc utility library
rc libicu52:amd64 52.1-8+deb8u7 amd64 International Components for Unicode
rc libirs-export91 1:9.9.5.dfsg-9+deb8u16 amd64 Exported IRS Shared Library
rc libisc-export95 1:9.9.5.dfsg-9+deb8u16 amd64 Exported ISC Shared Library
rc libisc84 1:9.8.4.dfsg.P1-6+nmu2+deb7u20 amd64 ISC Shared Library used by BIND
rc libisc95 1:9.9.5.dfsg-9+deb8u16 amd64 ISC Shared Library used by BIND
rc libisccc80 1:9.8.4.dfsg.P1-6+nmu2+deb7u20 amd64 Command Channel Library used by BIND
rc libisccc90 1:9.9.5.dfsg-9+deb8u16 amd64 Command Channel Library used by BIND
rc libisccfg-export90 1:9.9.5.dfsg-9+deb8u16 amd64 Exported ISC CFG Shared Library
rc libisccfg82 1:9.8.4.dfsg.P1-6+nmu2+deb7u20 amd64 Config File Handling Library used by BIND
rc libisccfg90 1:9.9.5.dfsg-9+deb8u16 amd64 Config File Handling Library used by BIND
rc libjasper1:amd64 1.900.1-debian1-2.4+deb8u5 amd64 JasPer JPEG-2000 runtime library
rc libjson-c2:amd64 0.11-4 amd64 JSON manipulation library - shared library
rc libllvm3.5:amd64 1:3.5-10 amd64 Modular compiler and toolchain technologies, runtime library
rc liblogging-stdlog0:amd64 1.0.4-1 amd64 easy to use and lightweight logging library
rc liblognorm1:amd64 1.0.1-3 amd64 Log normalizing library
rc liblwres80 1:9.8.4.dfsg.P1-6+nmu2+deb7u20 amd64 Lightweight Resolver Library used by BIND
rc liblwres90 1:9.9.5.dfsg-9+deb8u16 amd64 Lightweight Resolver Library used by BIND
rc libmodule-build-perl 0.422400-1 all framework for building and installing Perl modules
rc libmpc2:amd64 0.9-4 amd64 multiple precision complex floating-point library
rc libmysqlclient18:amd64 5.5.60-0+deb8u1 amd64 MySQL database client library
rc libnettle4:amd64 2.7.1-5+deb8u2 amd64 low level cryptographic library (symmetric and one-way cryptos)
rc libnss-mdns:amd64 0.10-6 amd64 NSS module for Multicast DNS name resolution
rc libopencv-core2.3 2.3.1-11+deb7u4 amd64 computer vision core library
rc libopencv-core2.4:amd64 2.4.9.1+dfsg-1+deb8u2 amd64 computer vision core library
rc libopencv-imgproc2.3 2.3.1-11+deb7u4 amd64 computer vision Image Processing library
rc libopencv-imgproc2.4:amd64 2.4.9.1+dfsg-1+deb8u2 amd64 computer vision Image Processing library
rc libopenjpeg2:amd64 1.3+dfsg-4.8 amd64 JPEG 2000 image compression/decompression library
rc libopenjpeg5:amd64 1:1.5.2-3 amd64 JPEG 2000 image compression/decompression library - runtime
rc libopenvg1-mesa:amd64 10.3.2-1+deb8u1 amd64 free implementation of the OpenVG API -- runtime
rc liborc-0.4-0:amd64 1:0.4.22-1 amd64 Library of Optimized Inner Loops Runtime Compiler
rc libpgm-5.1-0 5.1.118-1~dfsg-1 amd64 OpenPGM shared library
rc libpng12-0:amd64 1.2.50-2+deb8u3 amd64 PNG library - runtime
rc libpod-latex-perl 0.61-2 all module to convert Pod data to formatted LaTeX
rc libpostproc52 6:0.git20120821-4 amd64 FFmpeg derived postprocessing library
rc libprocps0:amd64 1:3.3.3-3+deb7u1 amd64 library for accessing process information from /proc
rc libprocps3:amd64 2:3.3.9-9+deb8u1 amd64 library for accessing process information from /proc
rc libprotobuf7 2.4.1-3 amd64 protocol buffers C++ library
rc libprotobuf9:amd64 2.6.1-1 amd64 protocol buffers C++ library
rc libpsl0:amd64 0.5.1-1 amd64 Library for Public Suffix List (shared libraries)
rc libqt4-network:amd64 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 amd64 Qt 4 network module
rc libqt4-sql:amd64 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 amd64 Qt 4 SQL module
rc libqt4-xml:amd64 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 amd64 Qt 4 XML module
rc libqtcore4:amd64 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 amd64 Qt 4 core module
rc libqtdbus4:amd64 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 amd64 Qt 4 D-Bus module library
rc librtmp0:amd64 2.4+20111222.git4e06e21-1+deb7u1 amd64 toolkit for RTMP streams (shared library)
rc libschroedinger-1.0-0:amd64 1.0.11-2.1 amd64 library for encoding/decoding of Dirac video streams
rc libsdl1.2debian:amd64 1.2.15-10+b1 amd64 Simple DirectMedia Layer
rc libsnappy1 1.1.2-3 amd64 fast compression/decompression library
rc libsodium13:amd64 1.0.0-1 amd64 Network communication, cryptography and signaturing library
rc libswscale2:amd64 6:0.8.21-0+deb7u1 amd64 Libav video scaling library
rc libswscale3:amd64 6:11.12-1~deb8u1 amd64 Libav video scaling library
rc libsystemd-login0:amd64 215-17+deb8u7 amd64 systemd login utility library (deprecated)
rc libtasn1-3:amd64 2.13-2+deb7u5 amd64 Manage ASN.1 structures (runtime)
rc libtcl8.5:amd64 8.5.17-1 amd64 Tcl (the Tool Command Language) v8.5 - run-time library files
rc libtiff4:amd64 3.9.6-11+deb7u11 amd64 Tag Image File Format (TIFF) library (old version)
rc libts-0.0-0:amd64 1.0-11 amd64 touch screen library
rc libtxc-dxtn-s2tc0:amd64 0~git20131104-1.1 amd64 Texture compression library for Mesa
rc libva-drm1:amd64 1.4.1-1 amd64 Video Acceleration (VA) API for Linux -- DRM runtime
rc libva-x11-1:amd64 1.4.1-1 amd64 Video Acceleration (VA) API for Linux -- X11 runtime
rc libva1:amd64 1.4.1-1 amd64 Video Acceleration (VA) API for Linux -- runtime
rc libvpx1:amd64 1.3.0-3+deb8u1 amd64 VP8 and VP9 video codec (shared library)
rc libwebp5:amd64 0.4.1-1.2+b2 amd64 Lossy compression of digital photographic images.
rc libx264-123:amd64 2:0.123.2189+git35cf912-1 amd64 x264 video coding library
rc libx264-142:amd64 2:0.142.2431+gita5831aa-1+b2 amd64 x264 video coding library
rc libxtables10 1.4.21-2+b1 amd64 netfilter xtables library
rc libzeroc-ice34 3.4.2-8.2 amd64 Ice for C++ runtime library
rc libzeroc-ice35:amd64 3.5.1-6+b3 amd64 Ice for C++ runtime library
rc libzmq3:amd64 4.0.5+dfsg-2+deb8u1 amd64 lightweight messaging kernel (shared library)
rc mumble-server 1.2.8-2 amd64 Low latency encrypted VoIP server
rc mysql-common 5.5.60-0+deb8u1 all MySQL database common files, e.g. /etc/mysql/my.cnf
rc perl-modules 5.20.2-3+deb8u12 all Core Perl modules
rc proftpd-basic 1.3.4a-5+deb7u1 amd64 Versatile, virtual-hosting FTP daemon - binaries
rc rsync 3.1.3-6 amd64 fast, versatile, remote (and local) file-copying tool
rc sgml-base 1.29 all SGML infrastructure and SGML catalog file support
rc tcl8.5 8.5.17-1 amd64 Tcl (the Tool Command Language) v8.5 - shell
rc tsconf 1.0-11 all touch screen library common files
rc udev 241-7~deb10u4 amd64 /dev/ and hotplug management daemon
rc update-inetd 4.43 all inetd configuration file updater
rc xml-core 0.18+nmu1 all XML infrastructure and XML catalog file support
How did you loose udev and acl? Backup your important date first.
mkdir $HOME/apt-download && cd $HOME/apt-download
Then we draw the packages with wget
wget -c http://ftp.us.debian.org/debian/pool/main/s/systemd/udev_241-7~deb10u4_amd64.deb
and
wget -c http://ftp.us.debian.org/debian/pool/main/i/iptables-persistent/netfilter-persistent_1.0.11_all.deb
and
wget -c http://ftp.us.debian.org/debian/pool/main/a/acl/acl_2.2.53-4_amd64.deb
Install all with
sudo dpkg -i netfilter-persistent_1.0.11_all.deb udev_241-7~deb10u4_amd64.deb acl_2.2.53-4_amd64.deb
Only if no errors
sudo dpkg --configure -a && sudo apt -f install
when apt and dpkg are free
sudo apt update && sudo apt full-upgrade
Answered by nobody on December 19, 2020
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP