HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Intermittent loss of network function (http://www.howtoforge.com/forums/showthread.php?t=53648)

sjswarts 3rd August 2011 18:01

Intermittent loss of network function
 
Hi guys,

I have recently converted to Debian from CentOS/Fedora

Currently I have followed two guides:

http://www.howtoforge.com/perfect-se...er-ispconfig-3

http://www.howtoforge.com/extending-...ze-ispconfig-3

But my issues started to arise somewhere between the setting up of accounts on my system (emails,ftp,websites,etc) and installing virtualbox to run a headless winxp client with spiceworks installed.

Ok so now my issue(s)

- My ventrilo server loses connection repeatedly - probably alive for a hour and gone for about 30 mins.
- At this time I can't resolve dns query's
- I can't ping my gateway from my debian server
- I can ping my gateway from my laptop running win 7
- I can't dig anything but the name of my server (suggests dns is working in house)

Thats my main issue because due to that I lose my website, my mail server, my roundcube access, and my redirect to the virtual machine running spiceworks for help

Please advise???

I have been looking in the logs and I see lots of random things like:

mail postfix/smtpd[3957]: connect from localhost.localdomain[127.0.0.1]
mail postfix/smtpd[3957]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
mail postfix/smtpd[3957]: disconnect from localhost.localdomain[127.0.0.1]

i get that for mail imapd as well

pure-ftpd logs in and out every 5 mins???

Please help me this is blowing my mind... I had it working "fine" on my fedora machine never lost connection like this...

thank you
steve

Mark_NL 3rd August 2011 22:49

You're talking about more then one machine, which one is the one that's giving you problems?

Are the ventrilo, gateway, converted centos->debian server the same machine, or all different?

"pure-ftpd logs in and out every 5 mins???" That's just an ispconfig cron for the monitor in the webGUI to check if your ftpd is still running ;)

sjswarts 4th August 2011 04:57

Quote:

Originally Posted by Mark_NL (Post 260897)
You're talking about more then one machine, which one is the one that's giving you problems?

Are the ventrilo, gateway, converted centos->debian server the same machine, or all different?

Hi Mark

Ok so I have the made a new fresh install of debian built to utilize ISPConfig 3 - I was referring with the centOS comment that a moderator on these forums advised me to go from centOS to debian as a platform to use.

So this is what I have done:

- Debian fresh install > ISPConfig
- Also installed VirtualBox > Running headless image of xp with Spiceworks installed
- Also installed Ventrilo (voip program for my gaming buddies) on the Debian platform

The gateway is my Billion 7800n IP address

Thats about it.

Overnight I tail -f ventrilo.logs and it tells me that I lose network functionality pretty much every hour.


20110804 01:40:49 MSG_DISC: ID 7, From=8642, To=5155, Sec=3568, Name=Steve
20110804 02:40:05 MSG_CONN: ID 9, IP 192.168.1.254, Accepted. (16384,262142) (87380,262142)
20110804 02:40:10 AUTO: ID 8, IP 192.168.1.254, Client did not disconect after being kicked.
20110804 02:40:10 MSG_DISC: ID 8, From=8642, To=5177, Sec=3566, Name=Steve
20110804 03:39:23 MSG_CONN: ID 10, IP 192.168.1.254, Accepted. (16384,262142) (87380,262142)
20110804 03:39:28 AUTO: ID 9, IP 192.168.1.254, Client did not disconect after being kicked.
20110804 03:39:28 MSG_DISC: ID 9, From=8642, To=5195, Sec=3563, Name=Steve
20110804 04:38:43 MSG_CONN: ID 11, IP 192.168.1.254, Accepted. (16384,262142) (87380,262142)
20110804 04:38:49 AUTO: ID 10, IP 192.168.1.254, Client did not disconect after being kicked.
20110804 04:38:49 MSG_DISC: ID 10, From=8642, To=5133, Sec=3566, Name=Steve
20110804 05:12:14 MSG_CONN: ID 12, IP 192.168.1.254, Accepted. (16384,262142) (87380,262142)
20110804 05:12:20 AUTO: ID 11, IP 192.168.1.254, Client did not disconect after being kicked.
20110804 05:12:20 MSG_DISC: ID 11, From=3910, To=2897, Sec=2017, Name=Steve

so any help would be appreciate where would i begin??

steve

sjswarts 4th August 2011 09:09

Ok maybe have it solved??

As I followed the extended debian setup I also installed the ddos script that runs... So I went to http://deflate.medialayer.com/ to uninstall it - also noted that a email could be sent to the root so that ip's blocked would be listed... anyway currently it is 4 hours later and not a single drop out of ventrilo... So i'm also hoping not a drop out from any of my services running (email,apache,etc)

Fingers crossed that this was the issue.

I will post back in a day or so if this fixes the problem else I'll post back sooner if it isn't ;)

cheers,
Steve

Mark_NL 4th August 2011 10:32

Haha, so it was your own ddos scanner that kept you blocking? :P

sjswarts 4th August 2011 14:32

Ok so I thought I had fixed the issue but at 16:23:00 and 16:35:21 my server lost resolvable services. It couldn't resolve the name and so my vent server went down...

Argh... This is just what I didn't need...

Any ideas people? Anyone know where to start looking??

Cheers
Steve

Mark_NL 4th August 2011 15:24

are you sure deflate isn't running somewhere? check user/root crontabs /etc/crontab etc ..

check for unknown lines in iptables -L

sjswarts 4th August 2011 17:59

I have disabled the firewall in ISPConfig and iptables -L still shows up with all of fail2ban stuff... however the problem remains...

Also I followed the webpage deflate.medialayer.com so i am pretty sure that I have uninstalled everything...

I have issues with losing the gateway and so losing dns lookup or some other problem that prevents me from pinging the gateway at the time my system comes down...

Argh this is so annoying... I am ready to just scrap it and start again...

Does anyone not have any other ideas??

cheers,
steve

sjswarts 4th August 2011 18:01

Ok here is something possibly:

this is from the fail2ban log:

2011-08-03 22:15:20,338 fail2ban.actions.action: ERROR iptables -N fail2ban-sasl
iptables -A fail2ban-sasl -j RETURN
iptables -I INPUT -p tcp -m multiport --dports smtp -j fail2ban-sasl returned 400
2011-08-03 22:15:20,347 fail2ban.actions.action: ERROR iptables -N fail2ban-courierpop3
iptables -A fail2ban-courierpop3 -j RETURN
iptables -I INPUT -p tcp -m multiport --dports pop3 -j fail2ban-courierpop3 returned 200
2011-08-03 22:15:20,347 fail2ban.actions.action: ERROR iptables -N fail2ban-ssh
iptables -A fail2ban-ssh -j RETURN
iptables -I INPUT -p tcp -m multiport --dports 50022 -j fail2ban-ssh returned 400
2011-08-04 06:35:20,332 fail2ban.filter : INFO Log rotation detected for /var/log/syslog

sjswarts 4th August 2011 18:15

I fixed my last post by changing the 0.05 sleep timer in the /usr/bin/fail2ban-client to 0.1

Simple restart showed me in ISPConfig under monitor tab > fail2ban.log everything worked fine this time around


All times are GMT +2. The time now is 01:47.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.