FailToBan Service


I have just installed and enabled FailToBan service (module) in virtualmin, no other changes where made just install, and start the service.
Now we have reloaded the entire server and we are not able to access it via Virtualmin, and web sites are not accessible either, we have only SSH root access to it.

Any idea what needs to be checked in order to get the server back online ? Please be specific with the commands …
We are running CentOs latest ver 64 Bit…

Thank You
Best regards

Be happy ypu still have SSH root access…

Check your iptables blocking rules with:
iptables -L -n -v

Try to flush the iptables first:
iptables -F
sudo iptables -F

If that doesn’t work disable iptables:

/etc/init.d/iptables stop


service iptables stop

That should lift the firewall blocking and you can work on it.

I have just tried to stop/disable the iptables but it seems that commands does not work:

[root@mail ~]# service iptables stop
Redirecting to /bin/systemctl stop iptables.service
Failed to stop iptables.service: Unit iptables.service not loaded.
[root@mail ~]# /etc/init.d/iptables stop
-bash: /etc/init.d/iptables: No such file or directory

it seems that CentOs have changed some commands, I have stoped fail2ban now and removed it via yum:

systemctl stop fail2ban
yum remove fail2ban

But I am still not able to access the Virtualmin on port 10000 or web server on port 80 not sure what is preventing it now…
Any idea ?

have then tried to stop iptbles without success:

[root@mail ~]# systemctl stop iptables
Failed to stop iptables.service: Unit iptables.service not loaded.

so what really happened when fail2ban was installed and started via virtualmin ?
what changes it made in iptables if it`s there changes where made ?
is it possible to fix this issue now ?

Check if those ports are blocked, I never used fail2ban

everything seems to be accepted:

-A INPUT -p udp -m udp --dport ftp-data -j ACCEPT
-A INPUT -p udp -m udp --dport ftp -j ACCEPT
-A INPUT -p udp -m udp --dport domain -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10005 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10004 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10003 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10002 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10001 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport https -j ACCEPT
-A INPUT -p tcp -m tcp --dport http -j ACCEPT
-A INPUT -p tcp -m tcp --dport imaps -j ACCEPT
-A INPUT -p tcp -m tcp --dport imap -j ACCEPT
-A INPUT -p tcp -m tcp --dport pop3s -j ACCEPT
-A INPUT -p tcp -m tcp --dport pop3 -j ACCEPT
-A INPUT -p tcp -m tcp --dport ftp-data -j ACCEPT
-A INPUT -p tcp -m tcp --dport ftp -j ACCEPT
-A INPUT -p tcp -m tcp --dport domain -j ACCEPT
-A INPUT -p tcp -m tcp --dport submission -j ACCEPT
-A INPUT -p tcp -m tcp --dport smtp -j ACCEPT
-A INPUT -p tcp -m tcp --dport ssh -j ACCEPT

Have you checked if Apache/PHP is running. There seems to be zero problem with the ports

it`s running I have restarted in twice:

[root@mail ~]# sudo systemctl restart httpd.service

[root@mail ~]# apachectl status

  • httpd.service - The Apache HTTP Server
    Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
    Active: active (running) since Wed 2016-02-10 13:10:34 CET; 52s ago
    Process: 7522 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
    Main PID: 7529 (/usr/sbin/httpd)
    Status: “Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec”
    CGroup: /system.slice/httpd.service
    |-7529 /usr/sbin/httpd -DFOREGROUND
    |-7530 /usr/sbin/httpd -DFOREGROUND
    |-7532 /usr/sbin/httpd -DFOREGROUND
    |-7533 /usr/sbin/httpd -DFOREGROUND
    |-7534 /usr/sbin/httpd -DFOREGROUND
    |-7535 /usr/sbin/httpd -DFOREGROUND
    `-7536 /usr/sbin/httpd -DFOREGROUND

Feb 10 13:10:34 systemd[1]: Starting The Apache HTTP Server…
Feb 10 13:10:34 systemd[1]: Started The Apache HTTP Server.

very strange

the problem is not only to reach the web site but Virtualmin it self as well: https://xx.xx.xx.xx:10000/ is not responding via http…