Not working after reboot [Centos 7 x64]

[ardipa]

Hi,

I'm using Leaseweb VPS(KVM) running Centos 7. I reinstall Centos 7(completely a fresh OS) and then installed Wireguard and I didn't reboot vps so everything works as expected. But after rebooting vps, wireguard connects but no data received, nothing!!

Also there is no firewall set manually by me and I'm sure that leaseweb firewall is off.

What should I do?

[l-n-s]

Do firewall rules persist after reboot? Post output of sudo iptables -L -n -v

[l-n-s]

Also, check if you can ping the gateway from your client "ping 10.9.0.1"

[ardipa]

Ping before reboot: [root@centos7 ~]# ping 10.9.0.1 PING 10.9.0.1 (10.9.0.1) 56(84) bytes of data. 64 bytes from 10.9.0.1: icmp_seq=1 ttl=64 time=0.067 ms 64 bytes from 10.9.0.1: icmp_seq=2 ttl=64 time=0.043 ms 64 bytes from 10.9.0.1: icmp_seq=3 ttl=64 time=0.053 ms 64 bytes from 10.9.0.1: icmp_seq=4 ttl=64 time=0.053 ms 64 bytes from 10.9.0.1: icmp_seq=5 ttl=64 time=0.070 ms 64 bytes from 10.9.0.1: icmp_seq=6 ttl=64 time=0.088 ms 64 bytes from 10.9.0.1: icmp_seq=7 ttl=64 time=0.082 ms 64 bytes from 10.9.0.1: icmp_seq=8 ttl=64 time=0.064 ms 64 bytes from 10.9.0.1: icmp_seq=9 ttl=64 time=0.063 ms 64 bytes from 10.9.0.1: icmp_seq=10 ttl=64 time=0.069 ms

"sudo iptables -L -n -v" before reboot: [root@centos7 ~]# sudo iptables -L -n -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 291 34700 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 1 84 ACCEPT all -- lo 0.0.0.0/0 0.0.0.0/0 6 417 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 6 417 INPUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 6 417 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 5 241 REJECT all -- * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 140 50537 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- lo 0.0.0.0/0 0.0.0.0/0 10 570 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 10 570 FORWARD_IN_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_OUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 0 0 REJECT all -- * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 329 packets, 76305 bytes) pkts bytes target prot opt in out source destination 330 76409 OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD_IN_ZONES (1 references) pkts bytes target prot opt in out source destination 0 0 FWDI_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination 10 570 FWDI_trusted all -- 10.9.0.0/24 0.0.0.0/0

Chain FORWARD_OUT_ZONES (1 references) pkts bytes target prot opt in out source destination 0 0 FWDO_public all -- * + 0.0.0.0/0 0.0.0.0/0 [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination 0 0 FWDO_trusted all -- 0.0.0.0/0 10.9.0.0/24

Chain FORWARD_direct (1 references) pkts bytes target prot opt in out source destination

Chain FWDI_public (1 references) pkts bytes target prot opt in out source destination 0 0 FWDI_public_log all -- 0.0.0.0/0 0.0.0.0/0 0 0 FWDI_public_deny all -- 0.0.0.0/0 0.0.0.0/0 0 0 FWDI_public_allow all -- 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0

Chain FWDI_public_allow (1 references) pkts bytes target prot opt in out source destination

Chain FWDI_public_deny (1 references) pkts bytes target prot opt in out source destination

Chain FWDI_public_log (1 references) pkts bytes target prot opt in out source destination

Chain FWDI_trusted (1 references) pkts bytes target prot opt in out source destination 10 570 FWDI_trusted_log all -- 0.0.0.0/0 0.0.0.0/0 10 570 FWDI_trusted_deny all -- 0.0.0.0/0 0.0.0.0/0 10 570 FWDI_trusted_allow all -- 0.0.0.0/0 0.0.0.0/0 10 570 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain FWDI_trusted_allow (1 references) pkts bytes target prot opt in out source destination

Chain FWDI_trusted_deny (1 references) pkts bytes target prot opt in out source destination

Chain FWDI_trusted_log (1 references) pkts bytes target prot opt in out source destination

Chain FWDO_public (1 references) pkts bytes target prot opt in out source destination 0 0 FWDO_public_log all -- 0.0.0.0/0 0.0.0.0/0 0 0 FWDO_public_deny all -- 0.0.0.0/0 0.0.0.0/0 0 0 FWDO_public_allow all -- 0.0.0.0/0 0.0.0.0/0

Chain FWDO_public_allow (1 references) pkts bytes target prot opt in out source destination

Chain FWDO_public_deny (1 references) pkts bytes target prot opt in out source destination

Chain FWDO_public_log (1 references) pkts bytes target prot opt in out source destination

Chain FWDO_trusted (1 references) pkts bytes target prot opt in out source destination 0 0 FWDO_trusted_log all -- 0.0.0.0/0 0.0.0.0/0 0 0 FWDO_trusted_deny all -- 0.0.0.0/0 0.0.0.0/0 0 0 FWDO_trusted_allow all -- 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain FWDO_trusted_allow (1 references) pkts bytes target prot opt in out source destination

Chain FWDO_trusted_deny (1 references) pkts bytes target prot opt in out source destination

Chain FWDO_trusted_log (1 references) pkts bytes target prot opt in out source destination

Chain INPUT_ZONES (1 references) pkts bytes target prot opt in out source destination 6 417 IN_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]

Chain INPUT_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination 0 0 IN_trusted all -- 10.9.0.0/24 0.0.0.0/0

Chain INPUT_direct (1 references) pkts bytes target prot opt in out source destination

Chain IN_public (1 references) pkts bytes target prot opt in out source destination 6 417 IN_public_log all -- 0.0.0.0/0 0.0.0.0/0 6 417 IN_public_deny all -- 0.0.0.0/0 0.0.0.0/0 6 417 IN_public_allow all -- 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0

Chain IN_public_allow (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW 1 176 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:16955 ctstate NEW

Chain IN_public_deny (1 references) pkts bytes target prot opt in out source destination

Chain IN_public_log (1 references) pkts bytes target prot opt in out source destination

Chain IN_trusted (1 references) pkts bytes target prot opt in out source destination 0 0 IN_trusted_log all -- 0.0.0.0/0 0.0.0.0/0 0 0 IN_trusted_deny all -- 0.0.0.0/0 0.0.0.0/0 0 0 IN_trusted_allow all -- 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain IN_trusted_allow (1 references) pkts bytes target prot opt in out source destination

Chain IN_trusted_deny (1 references) pkts bytes target prot opt in out source destination

Chain IN_trusted_log (1 references) pkts bytes target prot opt in out source destination

Chain OUTPUT_direct (1 references) pkts bytes target prot opt in out source destination

[ardipa]

Ping after reboot: [root@centos7 ~]# ping 10.9.0.1 PING 10.9.0.1 (10.9.0.1) 56(84) bytes of data. 64 bytes from 10.9.0.1: icmp_seq=1 ttl=64 time=0.023 ms 64 bytes from 10.9.0.1: icmp_seq=2 ttl=64 time=0.028 ms 64 bytes from 10.9.0.1: icmp_seq=3 ttl=64 time=0.052 ms 64 bytes from 10.9.0.1: icmp_seq=4 ttl=64 time=0.038 ms 64 bytes from 10.9.0.1: icmp_seq=5 ttl=64 time=0.037 ms 64 bytes from 10.9.0.1: icmp_seq=6 ttl=64 time=0.038 ms 64 bytes from 10.9.0.1: icmp_seq=7 ttl=64 time=0.038 ms ^C --- 10.9.0.1 ping statistics --- 7 packets transmitted, 7 received, 0% packet loss, time 5999ms rtt min/avg/max/mdev = 0.023/0.036/0.052/0.009 ms

"sudo iptables -L -n -v" after reboot: [root@centos7 ~]# sudo iptables -L -n -v Chain INPUT (policy ACCEPT 22 packets, 1552 bytes) pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 19 packets, 2232 bytes) pkts bytes target prot opt in out source destination

[ardipa]

I appreciate you; Well I'm not very familar with firewall and linux, but I can guess something is wrong with iptables after reboot but don't know what it is!

[l-n-s]

@ardipa try doing systemctl enable firewalld && systemctl start firewalld and see if firewall rules persist

[ardipa]

@ardipa try doing systemctl enable firewalld && systemctl start firewalld and see if firewall rules persist

YEEES, Working like a charm even after reboot. THANK YOU SO MUCH :)

[l-n-s]

cool :)

[thawri1]

I had the same issue on Ubuntu 18.04. installing as root (su root) work for me.