HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   Some users can't load any websites (http://www.howtoforge.com/forums/showthread.php?t=46326)

Thomas Jensen 3rd June 2010 17:14

Some users can't load any websites
 
Hi all :)

Today the phone started ringing, and then again and again. I have no clue why, but some of my users can't access my websites. They report that the browser just keeps loading forever. I've made one them do a ping, to check DNS, and nothing wrong there.

So far I've restarted apache and clamav, but still facing problems. Some users have no problems at all, and i don't either. The apache log doesn't show anything unusual.

Thanks in advance!

ivomendonca 3rd June 2010 18:28

Quote:

Originally Posted by Thomas Jensen (Post 230108)
Hi all :)

Today the phone started ringing, and then again and again. I have no clue why, but some of my users can't access my websites. They report that the browser just keeps loading forever. I've made one them do a ping, to check DNS, and nothing wrong there.

So far I've restarted apache and clamav, but still facing problems. Some users have no problems at all, and i don't either. The apache log doesn't show anything unusual.

Thanks in advance!

Maybe got banned verify iptables.
Sometimes I have the same problem, from my isp(home) e see all my sites but from other isp dont resolve any domain.

Thomas Jensen 3rd June 2010 18:40

Okay.. Can you be more specific? What should i try? It's lots of users..
I've been in contact with one of them, and he had no problem reaching a FTP account.

ivomendonca 3rd June 2010 18:57

Quote:

Originally Posted by Thomas Jensen (Post 230117)
Okay.. Can you be more specific? What should i try? It's lots of users..
I've been in contact with one of them, and he had no problem reaching a FTP account.

Cant help you, maybe change mydns to powerdns! i dont realy know maybe a problem in your resolv.conf (ip inside is blacklist)

Thomas Jensen 3rd June 2010 18:59

I use an external DNS server, but it isn't the DNS, as one of the users has already tried to make a ping and got the right IP :(

damir 3rd June 2010 20:36

Ask a customer to do a traceroute to your webserver IP.

*nix:

traceroute ip.add.re.ss or domain

Windows:

Start/Run, type cmd and than type:

tracert ip.add.re.ss or domain

Try to visit the sites from different ISP's, it could be a routing problem.

Thomas Jensen 4th June 2010 00:03

Okay, I've done that, but there seems to be no problem at all..

falko 4th June 2010 12:16

Maybe it's a firewall issue? What's the output of
Code:

iptables -L
? Do you use fail2ban?

Thomas Jensen 4th June 2010 14:18

The output:
Quote:

server1:~# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
DROP tcp -- anywhere loopback/8
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain PAROLE (11 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain PUB_IN (4 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:www
PAROLE tcp -- anywhere anywhere tcp dpt:pop3
PAROLE tcp -- anywhere anywhere tcp dpt:imap2
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:mysql
PAROLE tcp -- anywhere anywhere tcp dpt:http-alt
PAROLE tcp -- anywhere anywhere tcp dpt:webmin
ACCEPT udp -- anywhere anywhere udp dpt:domain
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain PUB_OUT (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Yes i use fail2ban.

falko 5th June 2010 12:53

Can you switch off your firewall and fail2ban for testing purposes? Do the problems still exist then?


All times are GMT +2. The time now is 15:16.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.