PDA

View Full Version : [SharedIP] Server will not serve sites?

giganet
25th May 2009, 22:18
Hello group...

This morning I have found that one of my servers will not serve sites as it was doing faithfully previously.

No matter what I try ISPConfig continues to return the Shared IP screen on hosted sites.

The command 'ifconfig' returns
eth1 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.3 Bcast:65.197.209.255 Mask:255.255.255.0
inet6 addr: fe80::200:24ff:fec4:5ea4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:63573 errors:0 dropped:0 overruns:0 frame:0
TX packets:54775 errors:15 dropped:0 overruns:15 carrier:15
collisions:0 txqueuelen:1000
RX bytes:64693991 (61.6 MB) TX bytes:32885430 (31.3 MB)
Interrupt:18 Base address:0xa000

eth1:1 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.4 Bcast:65.197.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xa000

eth1:2 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.6 Bcast:65.197.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xa000

eth1:3 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.7 Bcast:65.197.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xa000

eth1:4 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.8 Bcast:65.197.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xa000

eth1:5 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.9 Bcast:65.197.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xa000

eth1:6 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.11 Bcast:65.197.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xa000

eth1:7 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.12 Bcast:65.197.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xa000

eth1:8 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.13 Bcast:65.197.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xa000

eth1:9 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.14 Bcast:65.197.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xa000

eth1:10 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.15 Bcast:65.197.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xa000

eth1:11 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.16 Bcast:65.197.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xa000

eth1:12 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.17 Bcast:65.197.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xa000

eth1:13 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.18 Bcast:65.197.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xa000

eth1:14 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.19 Bcast:65.197.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xa000

eth1:15 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.20 Bcast:65.197.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xa000

eth1:16 Link encap:Ethernet HWaddr 00:00:24:C4:5E:A4
inet addr:65.197.209.21 Bcast:65.197.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xa000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:252 errors:0 dropped:0 overruns:0 frame:0
TX packets:252 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:26007 (25.3 KB) TX bytes:26007 (25.3 KB)


If I attempt to restart networking I receive the following
* Reconfiguring network interfaces... SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
[ OK ]
I have also tried stopping & starting apache2, and shorewall then running iptables -F but no matter what I try I can not manage to get ISPConfig to serve sites again.

I am able to access the ISPC Control Panel successfully and all looks to be alright there too.

Thanking you in advance for your help with this matter.

Best Regards
Pat Taylor
till
26th May 2009, 14:43
Take a look in the Vhosts_ispconfig.conf file, are the vhosts for the sites configured correctly there? Did you install any linux updates that may have changed the apache2.conf or httpd.conf file?
giganet
27th May 2009, 19:53
Hi Till

Thank you very much for the reply...

I did look into 'Vhosts_ispconfig.conf' and all appeared to be fine.
No Unix updates or the like were installed/updated.

This machine at random completely takes down all Internet connectivity for ALL devices connected forcing me to disconnect it's Ethernet cable to remove it from the network all together.
Most often I have to go through a series of stopping and starting 'shorewall' in addition to running 'iptables -F' and in a lot of cases I must reboot the server all together before being able to reintroduce it to the network?...

Strangely enough the box just began to serve the domains when requested last night out of the blue.

Thanks Till
Have a great day

Best Regards
falko
28th May 2009, 12:58
Do you use any other firewalls besides Shorewall (e.g. ISPConfig's firewall)? In this case they might interfere with each other.
giganet
28th May 2009, 19:47
Good day Falko

Thank you for the reply and input...

As it turns up I am utilizing Shorewall, IPTables and the ISPConfig FW, I didn't even consider that as a potential cause of network connectivity failure :)

I removed all FW rules possible from ISPConfig including POP, SMTP, HTTP & DNS.

After doing this I found that I had to add rules back to the ISPConfig FW for HTTP, SMTP, & SSH which I runs on :54000.
This was to re-enable access to these services.

Below are my current ISPConfig FW rules applied
Name Port Type Active
SSH (http://javascript%3Cb%3E%3C/b%3E:editDoc%2825,%27doc%27%29) 22 tcp yes
ISPConfig (http://javascript%3Cb%3E%3C/b%3E:editDoc%2830,%27doc%27%29) 81 tcp yes
HTTP (http://javascript%3Cb%3E%3C/b%3E:editDoc%2865,%27doc%27%29) 80 tcp yes
SMTP (http://javascript%3Cb%3E%3C/b%3E:editDoc%2866,%27doc%27%29) 25 tcp yes
POP3 (http://javascript%3Cb%3E%3C/b%3E:editDoc%2867,%27doc%27%29) 110 tcp yes
SSH (http://javascript%3Cb%3E%3C/b%3E:editDoc%2868,%27doc%27%29) 54000 tcp yes My question will now come to what would be a best practice in the FW rules of Shorewall & IPTables.

Should I remove any similar rules from Shorewall and IPTables to avoid conflict with the FW of ISPConfig?
Alike in Shorewall wouldn't I need to modify '/etc/shorewall/rules' ?

Below are Shorewall' /etc/shorewall/rules from this box...

################################################## ################################################## #########
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
# PORT PORT(S) DEST LIMIT GROUP

ACCEPT net $FW tcp - - - -
ACCEPT net:65.197.209.3 $FW tcp 80 - - 20/sec:24
ACCEPT net all tcp 21 - - -
ACCEPT net $FW tcp 23 - - -
ACCEPT net $FW tcp 25 - - -
ACCEPT $FW net udp 53 - - -
ACCEPT net $FW udp 53 - - -
ACCEPT $FW net tcp 53 - - -
ACCEPT net $FW tcp 53 - - -
ACCEPT net:65.197.209.0 $FW tcp 69 - - -
ACCEPT net:65.197.209.0 $FW udp 69 - - -
ACCEPT net $FW tcp 80 - - 20/sec:24
ACCEPT net $FW tcp 81 - - 20/sec:24
ACCEPT net $FW tcp 110 - - -
ACCEPT net $FW tcp 143 - - -
ACCEPT net $FW udp 143 - - -
ACCEPT net $FW tcp 161 - - -
ACCEPT net $FW udp 161 - - -
ACCEPT net $FW tcp 443 - - 20/sec:24
Ping/ACCEPT net $FW - - - - 5/sec:8
ACCEPT net $FW tcp 3306 - - -
ACCEPT net $FW tcp 54000 - - -
ACCEPT net:65.197.209.0/24 $FW tcp 54000 - - -
ACCEPT net:~00-03-25-21-FA-23 $FW tcp 54000 - - -
Web/DNAT net $FW:65.197.209.3 tcp - - -

Thanking you in advance for your time and support Falko.

Best Regards
falko
29th May 2009, 19:46
Please use just one firewall. If you're using Shorewall, please disable the ISPConfig firewall.
giganet
30th May 2009, 18:54
Thank you once again Falko.

I will utilize only Shorewall disabling the FW within ISPConfig

Best Regards