Problem with Iptables.

What is the process for a solution for Centos 7? Looks like I was in panic mode when I posted this question. I did correct the issue by injecting the new kernel from the management section and powered down and back up. Evidently the kernel is independently managed and I did not know that.

The problem still exists in the latest version of the kernel selected for a dropbox with Ubuntu 16.04: “Ubuntu 16.04 x64 vmlinuz 4.4.0-28-generic”, kernel modules becoming somehow “ephemeral” (disappearing after the reboot) + making the floating IP not working anymore:

# iptables -nvL
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.4.0-28-generic
iptables v1.6.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
# uname -a
Linux do1 4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:09:13 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

Also I tryed to reinstall the packages linux-image-4.4.0-28-generic & linux-headers-4.4.0-28-generic, but after a reboot (or a cold restart of the droplet), the kernel modules needed for iptables are missing again, having to reinstall them by hand again.

Also, this effect somehow negatively affects the Floating IP, making not forwarding any more packets to the real IP of the droplet, than after I tried to reassing the IP (even with unassing & assing) only syn-packets are seen by the droplet:

# tcpdump -ni ens3 tcp port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
01:09:12.412367 IP 46.229.168.74.13662 > 10.19.0.5.80: Flags [S], seq 4276730076, win 29200, options [mss 1460,sackOK,TS val 2958302465 ecr 0,nop,wscale 7], length 0
01:09:12.476775 IP 54.36.149.72.22052 > 10.19.0.5.80: Flags [SEW], seq 3676365313, win 29200, options [mss 1460,sackOK,TS val 523651869 ecr 0,nop,wscale 7], length 0
01:09:12.976502 IP 46.229.168.65.18120 > 10.19.0.5.80: Flags [S], seq 2115694078, win 29200, options [mss 1460,nop,wscale 8], length 0
01:09:13.478790 IP 54.36.149.72.22052 > 10.19.0.5.80: Flags [S], seq 3676365313, win 29200, options [mss 1460,sackOK,TS val 523652120 ecr 0,nop,wscale 7], length 0
01:09:13.997644 IP 46.229.168.65.18120 > 10.19.0.5.80: Flags [S], seq 2115694078, win 29200, options [mss 1460,nop,wscale 8], length 0
01:09:14.656615 IP 46.229.168.79.41028 > 10.19.0.5.80: Flags [S], seq 2031893919, win 29200, options [mss 1460,sackOK,TS val 1861357496 ecr 0,nop,wscale 7], length 0
01:09:15.498728 IP 54.36.149.72.22052 > 10.19.0.5.80: Flags [S], seq 3676365313, win 29200, options [mss 1460,sackOK,TS val 523652625 ecr 0,nop,wscale 7], length 0

Than after a while, these packages are not seen anymore.

There’s no firewall configured (after reinstalling the kernel modules by hand, there are no rules):

# apt-get install --reinstall linux-image-generic linux-headers-generic linux-image-`uname -r` linux-headers-`uname -r`
...
# iptables-save 
# Generated by iptables-save v1.6.0 on Tue Jan 16 01:18:13 2018
*raw
:PREROUTING ACCEPT [409:29597]
:OUTPUT ACCEPT [279:41334]
COMMIT
# Completed on Tue Jan 16 01:18:13 2018
# Generated by iptables-save v1.6.0 on Tue Jan 16 01:18:13 2018
*mangle
:PREROUTING ACCEPT [409:29597]
:INPUT ACCEPT [409:29597]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [281:42238]
:POSTROUTING ACCEPT [281:42238]
COMMIT
# Completed on Tue Jan 16 01:18:13 2018
# Generated by iptables-save v1.6.0 on Tue Jan 16 01:18:13 2018
*nat
:PREROUTING ACCEPT [15:753]
:INPUT ACCEPT [15:753]
:OUTPUT ACCEPT [10:886]
:POSTROUTING ACCEPT [10:886]
COMMIT
# Completed on Tue Jan 16 01:18:13 2018
# Generated by iptables-save v1.6.0 on Tue Jan 16 01:18:13 2018
*filter
:INPUT ACCEPT [1460:132563]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1196:222500]
COMMIT
# Completed on Tue Jan 16 01:18:13 2018

Kamal Nasser, Thank you for the no hassle solution. It worked, ufw started working again after a reboot.