Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 3rd August 2011, 17:01
sjswarts sjswarts is offline
Senior Member
 
Join Date: May 2011
Location: Australia
Posts: 135
Thanks: 17
Thanked 5 Times in 5 Posts
Default Intermittent loss of network function

Hi guys,

I have recently converted to Debian from CentOS/Fedora

Currently I have followed two guides:

http://www.howtoforge.com/perfect-se...er-ispconfig-3

http://www.howtoforge.com/extending-...ze-ispconfig-3

But my issues started to arise somewhere between the setting up of accounts on my system (emails,ftp,websites,etc) and installing virtualbox to run a headless winxp client with spiceworks installed.

Ok so now my issue(s)

- My ventrilo server loses connection repeatedly - probably alive for a hour and gone for about 30 mins.
- At this time I can't resolve dns query's
- I can't ping my gateway from my debian server
- I can ping my gateway from my laptop running win 7
- I can't dig anything but the name of my server (suggests dns is working in house)

Thats my main issue because due to that I lose my website, my mail server, my roundcube access, and my redirect to the virtual machine running spiceworks for help

Please advise???

I have been looking in the logs and I see lots of random things like:

mail postfix/smtpd[3957]: connect from localhost.localdomain[127.0.0.1]
mail postfix/smtpd[3957]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
mail postfix/smtpd[3957]: disconnect from localhost.localdomain[127.0.0.1]

i get that for mail imapd as well

pure-ftpd logs in and out every 5 mins???

Please help me this is blowing my mind... I had it working "fine" on my fedora machine never lost connection like this...

thank you
steve
Reply With Quote
Sponsored Links
  #2  
Old 3rd August 2011, 21:49
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

You're talking about more then one machine, which one is the one that's giving you problems?

Are the ventrilo, gateway, converted centos->debian server the same machine, or all different?

"pure-ftpd logs in and out every 5 mins???" That's just an ispconfig cron for the monitor in the webGUI to check if your ftpd is still running
Reply With Quote
  #3  
Old 4th August 2011, 03:57
sjswarts sjswarts is offline
Senior Member
 
Join Date: May 2011
Location: Australia
Posts: 135
Thanks: 17
Thanked 5 Times in 5 Posts
Default

Quote:
Originally Posted by Mark_NL View Post
You're talking about more then one machine, which one is the one that's giving you problems?

Are the ventrilo, gateway, converted centos->debian server the same machine, or all different?
Hi Mark

Ok so I have the made a new fresh install of debian built to utilize ISPConfig 3 - I was referring with the centOS comment that a moderator on these forums advised me to go from centOS to debian as a platform to use.

So this is what I have done:

- Debian fresh install > ISPConfig
- Also installed VirtualBox > Running headless image of xp with Spiceworks installed
- Also installed Ventrilo (voip program for my gaming buddies) on the Debian platform

The gateway is my Billion 7800n IP address

Thats about it.

Overnight I tail -f ventrilo.logs and it tells me that I lose network functionality pretty much every hour.


20110804 01:40:49 MSG_DISC: ID 7, From=8642, To=5155, Sec=3568, Name=Steve
20110804 02:40:05 MSG_CONN: ID 9, IP 192.168.1.254, Accepted. (16384,262142) (87380,262142)
20110804 02:40:10 AUTO: ID 8, IP 192.168.1.254, Client did not disconect after being kicked.
20110804 02:40:10 MSG_DISC: ID 8, From=8642, To=5177, Sec=3566, Name=Steve
20110804 03:39:23 MSG_CONN: ID 10, IP 192.168.1.254, Accepted. (16384,262142) (87380,262142)
20110804 03:39:28 AUTO: ID 9, IP 192.168.1.254, Client did not disconect after being kicked.
20110804 03:39:28 MSG_DISC: ID 9, From=8642, To=5195, Sec=3563, Name=Steve
20110804 04:38:43 MSG_CONN: ID 11, IP 192.168.1.254, Accepted. (16384,262142) (87380,262142)
20110804 04:38:49 AUTO: ID 10, IP 192.168.1.254, Client did not disconect after being kicked.
20110804 04:38:49 MSG_DISC: ID 10, From=8642, To=5133, Sec=3566, Name=Steve
20110804 05:12:14 MSG_CONN: ID 12, IP 192.168.1.254, Accepted. (16384,262142) (87380,262142)
20110804 05:12:20 AUTO: ID 11, IP 192.168.1.254, Client did not disconect after being kicked.
20110804 05:12:20 MSG_DISC: ID 11, From=3910, To=2897, Sec=2017, Name=Steve

so any help would be appreciate where would i begin??

steve
Reply With Quote
  #4  
Old 4th August 2011, 08:09
sjswarts sjswarts is offline
Senior Member
 
Join Date: May 2011
Location: Australia
Posts: 135
Thanks: 17
Thanked 5 Times in 5 Posts
Default

Ok maybe have it solved??

As I followed the extended debian setup I also installed the ddos script that runs... So I went to http://deflate.medialayer.com/ to uninstall it - also noted that a email could be sent to the root so that ip's blocked would be listed... anyway currently it is 4 hours later and not a single drop out of ventrilo... So i'm also hoping not a drop out from any of my services running (email,apache,etc)

Fingers crossed that this was the issue.

I will post back in a day or so if this fixes the problem else I'll post back sooner if it isn't

cheers,
Steve
Reply With Quote
  #5  
Old 4th August 2011, 09:32
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

Haha, so it was your own ddos scanner that kept you blocking? :P
Reply With Quote
  #6  
Old 4th August 2011, 13:32
sjswarts sjswarts is offline
Senior Member
 
Join Date: May 2011
Location: Australia
Posts: 135
Thanks: 17
Thanked 5 Times in 5 Posts
Default

Ok so I thought I had fixed the issue but at 16:23:00 and 16:35:21 my server lost resolvable services. It couldn't resolve the name and so my vent server went down...

Argh... This is just what I didn't need...

Any ideas people? Anyone know where to start looking??

Cheers
Steve
Reply With Quote
  #7  
Old 4th August 2011, 14:24
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

are you sure deflate isn't running somewhere? check user/root crontabs /etc/crontab etc ..

check for unknown lines in iptables -L
Reply With Quote
  #8  
Old 4th August 2011, 16:59
sjswarts sjswarts is offline
Senior Member
 
Join Date: May 2011
Location: Australia
Posts: 135
Thanks: 17
Thanked 5 Times in 5 Posts
Default

I have disabled the firewall in ISPConfig and iptables -L still shows up with all of fail2ban stuff... however the problem remains...

Also I followed the webpage deflate.medialayer.com so i am pretty sure that I have uninstalled everything...

I have issues with losing the gateway and so losing dns lookup or some other problem that prevents me from pinging the gateway at the time my system comes down...

Argh this is so annoying... I am ready to just scrap it and start again...

Does anyone not have any other ideas??

cheers,
steve
Reply With Quote
  #9  
Old 4th August 2011, 17:01
sjswarts sjswarts is offline
Senior Member
 
Join Date: May 2011
Location: Australia
Posts: 135
Thanks: 17
Thanked 5 Times in 5 Posts
Default

Ok here is something possibly:

this is from the fail2ban log:

2011-08-03 22:15:20,338 fail2ban.actions.action: ERROR iptables -N fail2ban-sasl
iptables -A fail2ban-sasl -j RETURN
iptables -I INPUT -p tcp -m multiport --dports smtp -j fail2ban-sasl returned 400
2011-08-03 22:15:20,347 fail2ban.actions.action: ERROR iptables -N fail2ban-courierpop3
iptables -A fail2ban-courierpop3 -j RETURN
iptables -I INPUT -p tcp -m multiport --dports pop3 -j fail2ban-courierpop3 returned 200
2011-08-03 22:15:20,347 fail2ban.actions.action: ERROR iptables -N fail2ban-ssh
iptables -A fail2ban-ssh -j RETURN
iptables -I INPUT -p tcp -m multiport --dports 50022 -j fail2ban-ssh returned 400
2011-08-04 06:35:20,332 fail2ban.filter : INFO Log rotation detected for /var/log/syslog
Reply With Quote
  #10  
Old 4th August 2011, 17:15
sjswarts sjswarts is offline
Senior Member
 
Join Date: May 2011
Location: Australia
Posts: 135
Thanks: 17
Thanked 5 Times in 5 Posts
 
Default

I fixed my last post by changing the 0.05 sleep timer in the /usr/bin/fail2ban-client to 0.1

Simple restart showed me in ISPConfig under monitor tab > fail2ban.log everything worked fine this time around
Reply With Quote
The Following User Says Thank You to sjswarts For This Useful Post:
falko (5th August 2011)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
error.log is full of notices mod_fcgid 007007 Installation/Configuration 13 8th September 2012 11:29
ISPConfig3 Debian Squeeze Crontab - Log petrichbg Installation/Configuration 5 22nd March 2011 12:25
Unable to connect to Mysql mbascombe Installation/Configuration 12 10th January 2010 22:46
cyrus-sasl won't install on my ubuntu9.04 kameelperdza Installation/Configuration 1 13th June 2009 10:28
Freebsd 6.1 support misterm Installation/Configuration 10 9th April 2009 09:29


All times are GMT +2. The time now is 21:40.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.