Navigation

giganet · #1 25th May 2009, 21:18

Hello group...

This morning I have found that one of my servers will not serve sites as it was doing faithfully previously.

No matter what I try ISPConfig continues to return the Shared IP screen on hosted sites.

The command 'ifconfig' returns

Code:

eth1      Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.3  Bcast:65.197.209.255  Mask:255.255.255.0
          inet6 addr: fe80::200:24ff:fec4:5ea4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:63573 errors:0 dropped:0 overruns:0 frame:0
          TX packets:54775 errors:15 dropped:0 overruns:15 carrier:15
          collisions:0 txqueuelen:1000
          RX bytes:64693991 (61.6 MB)  TX bytes:32885430 (31.3 MB)
          Interrupt:18 Base address:0xa000

eth1:1    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.4  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:2    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.6  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:3    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.7  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:4    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.8  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:5    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.9  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:6    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.11  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:7    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.12  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:8    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.13  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:9    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.14  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:10   Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.15  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:11   Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.16  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:12   Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.17  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:13   Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.18  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:14   Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.19  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:15   Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.20  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

eth1:16   Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
          inet addr:65.197.209.21  Bcast:65.197.209.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xa000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:252 errors:0 dropped:0 overruns:0 frame:0
          TX packets:252 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:26007 (25.3 KB)  TX bytes:26007 (25.3 KB)

If I attempt to restart networking I receive the following

Code:

 * Reconfiguring network interfaces...                                                                                                                       SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
                                                                                                                                                      [ OK ]

I have also tried stopping & starting apache2, and shorewall then running iptables -F but no matter what I try I can not manage to get ISPConfig to serve sites again.

I am able to access the ISPC Control Panel successfully and all looks to be alright there too.

Thanking you in advance for your help with this matter.

Best Regards
Pat Taylor

till · #2 26th May 2009, 13:43

Take a look in the Vhosts_ispconfig.conf file, are the vhosts for the sites configured correctly there? Did you install any linux updates that may have changed the apache2.conf or httpd.conf file?

giganet · #3 27th May 2009, 18:53

Hi Till

Thank you very much for the reply...

I did look into 'Vhosts_ispconfig.conf' and all appeared to be fine.
No Unix updates or the like were installed/updated.

This machine at random completely takes down all Internet connectivity for ALL devices connected forcing me to disconnect it's Ethernet cable to remove it from the network all together.
Most often I have to go through a series of stopping and starting 'shorewall' in addition to running 'iptables -F' and in a lot of cases I must reboot the server all together before being able to reintroduce it to the network?...

Strangely enough the box just began to serve the domains when requested last night out of the blue.

Thanks Till
Have a great day

Best Regards

falko · #4 28th May 2009, 11:58

Do you use any other firewalls besides Shorewall (e.g. ISPConfig's firewall)? In this case they might interfere with each other.

giganet · #5 28th May 2009, 18:47

Good day Falko

Thank you for the reply and input...

As it turns up I am utilizing Shorewall, IPTables and the ISPConfig FW, I didn't even consider that as a potential cause of network connectivity failure

I removed all FW rules possible from ISPConfig including POP, SMTP, HTTP & DNS.

After doing this I found that I had to add rules back to the ISPConfig FW for HTTP, SMTP, & SSH which I runs on :54000.
This was to re-enable access to these services.

Below are my current ISPConfig FW rules applied

Code:

Name    Port    Type    Active    
SSH    22    tcp    yes   
ISPConfig    81    tcp    yes    
HTTP    80    tcp    yes    
SMTP    25    tcp    yes    
POP3    110    tcp    yes    
SSH    54000    tcp    yes

My question will now come to what would be a best practice in the FW rules of Shorewall & IPTables.

Should I remove any similar rules from Shorewall and IPTables to avoid conflict with the FW of ISPConfig?
Alike in Shorewall wouldn't I need to modify '/etc/shorewall/rules' ?

Below are Shorewall' /etc/shorewall/rules from this box...

Code:

#############################################################################################################
#ACTION            SOURCE       DEST    PROTO   DEST    SOURCE  ORIGINAL        RATE            USER/
#                                                       PORT    PORT(S)         DEST            LIMIT           GROUP

ACCEPT               net        $FW     tcp       -         -         -           -
ACCEPT               net:65.197.209.3   $FW       tcp       80        -           -           20/sec:24
ACCEPT               net        all     tcp       21        -         -           -
ACCEPT               net        $FW     tcp       23        -         -           -
ACCEPT               net        $FW     tcp       25        -         -           -
ACCEPT               $FW        net     udp       53        -         -           -
ACCEPT               net        $FW     udp       53        -         -           -
ACCEPT               $FW        net     tcp       53        -         -           -
ACCEPT               net        $FW     tcp       53        -         -           -
ACCEPT               net:65.197.209.0   $FW       tcp       69        -           -           -
ACCEPT               net:65.197.209.0   $FW       udp       69        -           -           -
ACCEPT               net        $FW     tcp       80        -         -           20/sec:24
ACCEPT               net        $FW     tcp       81        -         -           20/sec:24
ACCEPT               net        $FW     tcp       110       -         -           -
ACCEPT               net        $FW     tcp       143       -         -           -
ACCEPT               net        $FW     udp       143       -         -           -
ACCEPT               net        $FW     tcp       161       -         -           -
ACCEPT               net        $FW     udp       161       -         -           -
ACCEPT               net        $FW     tcp       443       -         -           20/sec:24
Ping/ACCEPT          net        $FW     -         -         -         -           5/sec:8
ACCEPT               net        $FW     tcp       3306      -         -           -
ACCEPT               net        $FW     tcp       54000     -         -           -
ACCEPT               net:65.197.209.0/24 $FW tcp 54000      -         -           -
ACCEPT               net:~00-03-25-21-FA-23 $FW tcp 54000   -         -           -
Web/DNAT             net        $FW:65.197.209.3     tcp    -         -           -

Thanking you in advance for your time and support Falko.

Best Regards

falko · #6 29th May 2009, 18:46

Please use just one firewall. If you're using Shorewall, please disable the ISPConfig firewall.

Navigation

Facebook

News

Recent comments

Newsletter