search cancel

Unable to login to Enforce UI after reboot of Linux Server


Article ID: 160756


Updated On:


Data Loss Prevention Enforce


After a reboot of a Linux Enforce Server, users can no longer login to the User Interface.


If they manually enter the port by logging in through https://<machine>:8443 it works ok.


iptables restart - how to see if iptables is set to automatically start

Following those assumptions, the first step in our process is to see if this iptables script is already set to automatically start when your system is rebooted. If it is, there's nothing else you'll have to do (except configure your firewall, of course).

You can check to see if the iptables script is already configured to automatically start by running this Linux chkconfig command:

chkconfig --list iptables

If your iptables firewall script is configured to restart properly, the chkconfig command output should look like this:

iptables   0:off  1:off  2:on  3:on  4:on  5:on  6:off

The most important values are the on values for the run levels 2, 3, 4, and 5. If your values are "on" as shown, and you followed the instructions in the article I linked to above, congratulations, your firewall should start up automatically after a reboot. Of course you need to test this, but at this point, things look fine.

However, if all your values are "off", iptables will not automatically start up after a reboot, and you should keep reading this article.

Automatically start your Linux firewall after a reboot

Assuming all of your values are off, you need to turn them "on" to get iptables running after a reboot. You turn these values on by running the following two chkconfig commands.

First, run the chkconfig --add command like this:

chkconfig --add iptables

As the chkconfig man page states, this option "adds a new service for management by chkconfig. When a new service is added, chkconfig ensures that the service has either a start or a kill entry in every runlevel."

Next, you tell your Linux system that the iptables script should be run when the system gets to run levels 2 through 5 by issuing this chkconfig command:

chkconfig --level 2345 iptables on

Again, this command tells your Linux system that you want the iptables script to be run whenever the system goes into one of these runlevels. It is similar to you typing in this command manually every time your server starts up:

service iptables start

except that it's run automatically for you.

Now, if you'll run the chkconfig --list command again:

chkconfig --list iptables

your output should now look like this:

iptables   0:off  1:off  2:on  3:on  4:on  5:on  6:off

This is what you want to see, the on values in the runlevels two through five.



Linux iptables firewall - Viewing your iptables firewall settings after a reboot

Assuming that you configured your iptables firewall properly, you should now be ready to reboot your system. When you log in after the reboot and check your iptables firewall with a command like this:

iptables -L -v

you should see the expected output. (This output here will be different for different firewall configurations, so I'm not showing any output here.)

You can also run this command again to make sure you still see the same "on" results:

chkconfig --list iptables

Linux chkconfig command reference

As a quick point of reference, if you type chkconfig --help, you should see the following output:

# chkconfig --help

chkconfig version - Copyright (C) 1997-2000 Red Hat, Inc.
This may be freely redistributed under the terms of the GNU Public License.

usage:   chkconfig --list [name]
         chkconfig --add <name>
         chkconfig --del <name>
         chkconfig [--level <levels>] <name> <on|off|reset|resetpriorities>