Intermittent loss of network function
I have recently converted to Debian from CentOS/Fedora
Currently I have followed two guides:
But my issues started to arise somewhere between the setting up of accounts on my system (emails,ftp,websites,etc) and installing virtualbox to run a headless winxp client with spiceworks installed.
Ok so now my issue(s)
- My ventrilo server loses connection repeatedly - probably alive for a hour and gone for about 30 mins.
- At this time I can't resolve dns query's
- I can't ping my gateway from my debian server
- I can ping my gateway from my laptop running win 7
- I can't dig anything but the name of my server (suggests dns is working in house)
Thats my main issue because due to that I lose my website, my mail server, my roundcube access, and my redirect to the virtual machine running spiceworks for help
I have been looking in the logs and I see lots of random things like:
mail postfix/smtpd: connect from localhost.localdomain[127.0.0.1]
mail postfix/smtpd: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
mail postfix/smtpd: disconnect from localhost.localdomain[127.0.0.1]
i get that for mail imapd as well
pure-ftpd logs in and out every 5 mins???
Please help me this is blowing my mind... I had it working "fine" on my fedora machine never lost connection like this...
You're talking about more then one machine, which one is the one that's giving you problems?
Are the ventrilo, gateway, converted centos->debian server the same machine, or all different?
"pure-ftpd logs in and out every 5 mins???" That's just an ispconfig cron for the monitor in the webGUI to check if your ftpd is still running ;)
Ok so I have the made a new fresh install of debian built to utilize ISPConfig 3 - I was referring with the centOS comment that a moderator on these forums advised me to go from centOS to debian as a platform to use.
So this is what I have done:
- Debian fresh install > ISPConfig
- Also installed VirtualBox > Running headless image of xp with Spiceworks installed
- Also installed Ventrilo (voip program for my gaming buddies) on the Debian platform
The gateway is my Billion 7800n IP address
Thats about it.
Overnight I tail -f ventrilo.logs and it tells me that I lose network functionality pretty much every hour.
20110804 01:40:49 MSG_DISC: ID 7, From=8642, To=5155, Sec=3568, Name=Steve
20110804 02:40:05 MSG_CONN: ID 9, IP 192.168.1.254, Accepted. (16384,262142) (87380,262142)
20110804 02:40:10 AUTO: ID 8, IP 192.168.1.254, Client did not disconect after being kicked.
20110804 02:40:10 MSG_DISC: ID 8, From=8642, To=5177, Sec=3566, Name=Steve
20110804 03:39:23 MSG_CONN: ID 10, IP 192.168.1.254, Accepted. (16384,262142) (87380,262142)
20110804 03:39:28 AUTO: ID 9, IP 192.168.1.254, Client did not disconect after being kicked.
20110804 03:39:28 MSG_DISC: ID 9, From=8642, To=5195, Sec=3563, Name=Steve
20110804 04:38:43 MSG_CONN: ID 11, IP 192.168.1.254, Accepted. (16384,262142) (87380,262142)
20110804 04:38:49 AUTO: ID 10, IP 192.168.1.254, Client did not disconect after being kicked.
20110804 04:38:49 MSG_DISC: ID 10, From=8642, To=5133, Sec=3566, Name=Steve
20110804 05:12:14 MSG_CONN: ID 12, IP 192.168.1.254, Accepted. (16384,262142) (87380,262142)
20110804 05:12:20 AUTO: ID 11, IP 192.168.1.254, Client did not disconect after being kicked.
20110804 05:12:20 MSG_DISC: ID 11, From=3910, To=2897, Sec=2017, Name=Steve
so any help would be appreciate where would i begin??
Ok maybe have it solved??
As I followed the extended debian setup I also installed the ddos script that runs... So I went to http://deflate.medialayer.com/ to uninstall it - also noted that a email could be sent to the root so that ip's blocked would be listed... anyway currently it is 4 hours later and not a single drop out of ventrilo... So i'm also hoping not a drop out from any of my services running (email,apache,etc)
Fingers crossed that this was the issue.
I will post back in a day or so if this fixes the problem else I'll post back sooner if it isn't ;)
Haha, so it was your own ddos scanner that kept you blocking? :P
Ok so I thought I had fixed the issue but at 16:23:00 and 16:35:21 my server lost resolvable services. It couldn't resolve the name and so my vent server went down...
Argh... This is just what I didn't need...
Any ideas people? Anyone know where to start looking??
are you sure deflate isn't running somewhere? check user/root crontabs /etc/crontab etc ..
check for unknown lines in iptables -L
I have disabled the firewall in ISPConfig and iptables -L still shows up with all of fail2ban stuff... however the problem remains...
Also I followed the webpage deflate.medialayer.com so i am pretty sure that I have uninstalled everything...
I have issues with losing the gateway and so losing dns lookup or some other problem that prevents me from pinging the gateway at the time my system comes down...
Argh this is so annoying... I am ready to just scrap it and start again...
Does anyone not have any other ideas??
Ok here is something possibly:
this is from the fail2ban log:
2011-08-03 22:15:20,338 fail2ban.actions.action: ERROR iptables -N fail2ban-sasl
iptables -A fail2ban-sasl -j RETURN
iptables -I INPUT -p tcp -m multiport --dports smtp -j fail2ban-sasl returned 400
2011-08-03 22:15:20,347 fail2ban.actions.action: ERROR iptables -N fail2ban-courierpop3
iptables -A fail2ban-courierpop3 -j RETURN
iptables -I INPUT -p tcp -m multiport --dports pop3 -j fail2ban-courierpop3 returned 200
2011-08-03 22:15:20,347 fail2ban.actions.action: ERROR iptables -N fail2ban-ssh
iptables -A fail2ban-ssh -j RETURN
iptables -I INPUT -p tcp -m multiport --dports 50022 -j fail2ban-ssh returned 400
2011-08-04 06:35:20,332 fail2ban.filter : INFO Log rotation detected for /var/log/syslog
I fixed my last post by changing the 0.05 sleep timer in the /usr/bin/fail2ban-client to 0.1
Simple restart showed me in ISPConfig under monitor tab > fail2ban.log everything worked fine this time around
|All times are GMT +2. The time now is 06:05.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.