HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=15)
-   -   [SharedIP] Server will not serve sites? (http://www.howtoforge.com/forums/showthread.php?t=35479)

giganet 25th May 2009 22:18

[SharedIP] Server will not serve sites?
 
Hello group...

This morning I have found that one of my servers will not serve sites as it was doing faithfully previously.

No matter what I try ISPConfig continues to return the Shared IP screen on hosted sites.

The command 'ifconfig' returns
Code:

eth1      Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.3  Bcast:65.197.209.255  Mask:255.255.255.0
          inet6 addr: fe80::200:24ff:fec4:5ea4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:63573 errors:0 dropped:0 overruns:0 frame:0
          TX packets:54775 errors:15 dropped:0 overruns:15 carrier:15
          collisions:0 txqueuelen:1000
          RX bytes:64693991 (61.6 MB)  TX bytes:32885430 (31.3 MB)
          Interrupt:18 Base address:0xa000

eth1:1    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.4  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:2    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.6  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:3    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.7  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:4    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.8  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:5    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.9  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:6    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.11  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:7    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.12  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:8    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.13  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:9    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.14  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:10  Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.15  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:11  Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.16  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:12  Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.17  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:13  Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.18  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:14  Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.19  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:15  Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.20  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:16  Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.21  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:252 errors:0 dropped:0 overruns:0 frame:0
          TX packets:252 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:26007 (25.3 KB)  TX bytes:26007 (25.3 KB)

If I attempt to restart networking I receive the following
Code:

* Reconfiguring network interfaces...                                                                                                                      SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
                                                                                                                                                      [ OK ]

I have also tried stopping & starting apache2, and shorewall then running iptables -F but no matter what I try I can not manage to get ISPConfig to serve sites again.

I am able to access the ISPC Control Panel successfully and all looks to be alright there too.

Thanking you in advance for your help with this matter.

Best Regards
Pat Taylor

till 26th May 2009 14:43

Take a look in the Vhosts_ispconfig.conf file, are the vhosts for the sites configured correctly there? Did you install any linux updates that may have changed the apache2.conf or httpd.conf file?

giganet 27th May 2009 19:53

Hi Till

Thank you very much for the reply...

I did look into 'Vhosts_ispconfig.conf' and all appeared to be fine.
No Unix updates or the like were installed/updated.

This machine at random completely takes down all Internet connectivity for ALL devices connected forcing me to disconnect it's Ethernet cable to remove it from the network all together.
Most often I have to go through a series of stopping and starting 'shorewall' in addition to running 'iptables -F' and in a lot of cases I must reboot the server all together before being able to reintroduce it to the network?...

Strangely enough the box just began to serve the domains when requested last night out of the blue.

Thanks Till
Have a great day

Best Regards

falko 28th May 2009 12:58

Do you use any other firewalls besides Shorewall (e.g. ISPConfig's firewall)? In this case they might interfere with each other.

giganet 28th May 2009 19:47

Good day Falko

Thank you for the reply and input...

As it turns up I am utilizing Shorewall, IPTables and the ISPConfig FW, I didn't even consider that as a potential cause of network connectivity failure :)

I removed all FW rules possible from ISPConfig including POP, SMTP, HTTP & DNS.

After doing this I found that I had to add rules back to the ISPConfig FW for HTTP, SMTP, & SSH which I runs on :54000.
This was to re-enable access to these services.

Below are my current ISPConfig FW rules applied

Code:

Name    Port    Type    Active   
SSH    22    tcp    yes 
ISPConfig    81    tcp    yes   
HTTP    80    tcp    yes   
SMTP    25    tcp    yes   
POP3    110    tcp    yes   
SSH    54000    tcp    yes

My question will now come to what would be a best practice in the FW rules of Shorewall & IPTables.

Should I remove any similar rules from Shorewall and IPTables to avoid conflict with the FW of ISPConfig?
Alike in Shorewall wouldn't I need to modify '/etc/shorewall/rules' ?

Below are Shorewall' /etc/shorewall/rules from this box...
Code:

#############################################################################################################
#ACTION            SOURCE      DEST    PROTO  DEST    SOURCE  ORIGINAL        RATE            USER/
#                                                      PORT    PORT(S)        DEST            LIMIT          GROUP

ACCEPT              net        $FW    tcp      -        -        -          -
ACCEPT              net:65.197.209.3  $FW      tcp      80        -          -          20/sec:24
ACCEPT              net        all    tcp      21        -        -          -
ACCEPT              net        $FW    tcp      23        -        -          -
ACCEPT              net        $FW    tcp      25        -        -          -
ACCEPT              $FW        net    udp      53        -        -          -
ACCEPT              net        $FW    udp      53        -        -          -
ACCEPT              $FW        net    tcp      53        -        -          -
ACCEPT              net        $FW    tcp      53        -        -          -
ACCEPT              net:65.197.209.0  $FW      tcp      69        -          -          -
ACCEPT              net:65.197.209.0  $FW      udp      69        -          -          -
ACCEPT              net        $FW    tcp      80        -        -          20/sec:24
ACCEPT              net        $FW    tcp      81        -        -          20/sec:24
ACCEPT              net        $FW    tcp      110      -        -          -
ACCEPT              net        $FW    tcp      143      -        -          -
ACCEPT              net        $FW    udp      143      -        -          -
ACCEPT              net        $FW    tcp      161      -        -          -
ACCEPT              net        $FW    udp      161      -        -          -
ACCEPT              net        $FW    tcp      443      -        -          20/sec:24
Ping/ACCEPT          net        $FW    -        -        -        -          5/sec:8
ACCEPT              net        $FW    tcp      3306      -        -          -
ACCEPT              net        $FW    tcp      54000    -        -          -
ACCEPT              net:65.197.209.0/24 $FW tcp 54000      -        -          -
ACCEPT              net:~00-03-25-21-FA-23 $FW tcp 54000  -        -          -
Web/DNAT            net        $FW:65.197.209.3    tcp    -        -          -

Thanking you in advance for your time and support Falko.

Best Regards

falko 29th May 2009 19:46

Please use just one firewall. If you're using Shorewall, please disable the ISPConfig firewall.

giganet 30th May 2009 18:54

Thank you once again Falko.

I will utilize only Shorewall disabling the FW within ISPConfig

Best Regards


All times are GMT +2. The time now is 10:46.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.