Navigation

Thomas Jensen · #1 3rd June 2010, 17:14

Hi all

Today the phone started ringing, and then again and again. I have no clue why, but some of my users can't access my websites. They report that the browser just keeps loading forever. I've made one them do a ping, to check DNS, and nothing wrong there.

So far I've restarted apache and clamav, but still facing problems. Some users have no problems at all, and i don't either. The apache log doesn't show anything unusual.

Thanks in advance!

ivomendonca · #2 3rd June 2010, 18:28

Quote:

Originally Posted by Thomas Jensen

Hi all

Today the phone started ringing, and then again and again. I have no clue why, but some of my users can't access my websites. They report that the browser just keeps loading forever. I've made one them do a ping, to check DNS, and nothing wrong there.

So far I've restarted apache and clamav, but still facing problems. Some users have no problems at all, and i don't either. The apache log doesn't show anything unusual.

Thanks in advance!

Maybe got banned verify iptables.
Sometimes I have the same problem, from my isp(home) e see all my sites but from other isp dont resolve any domain.

Thomas Jensen · #3 3rd June 2010, 18:40

Okay.. Can you be more specific? What should i try? It's lots of users..
I've been in contact with one of them, and he had no problem reaching a FTP account.

ivomendonca · #4 3rd June 2010, 18:57

Quote:

Originally Posted by Thomas Jensen

Okay.. Can you be more specific? What should i try? It's lots of users..
I've been in contact with one of them, and he had no problem reaching a FTP account.

Cant help you, maybe change mydns to powerdns! i dont realy know maybe a problem in your resolv.conf (ip inside is blacklist)

Thomas Jensen · #5 3rd June 2010, 18:59

I use an external DNS server, but it isn't the DNS, as one of the users has already tried to make a ping and got the right IP

damir · #6 3rd June 2010, 20:36

Ask a customer to do a traceroute to your webserver IP.

*nix:

traceroute ip.add.re.ss or domain

Windows:

Start/Run, type cmd and than type:

tracert ip.add.re.ss or domain

Try to visit the sites from different ISP's, it could be a routing problem.

Thomas Jensen · #7 4th June 2010, 00:03

Okay, I've done that, but there seems to be no problem at all..

falko · #8 4th June 2010, 12:16

Maybe it's a firewall issue? What's the output of

Code:

iptables -L

? Do you use fail2ban?

Thomas Jensen · #9 4th June 2010, 14:18

The output:

Quote:

server1:~# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
DROP tcp -- anywhere loopback/8
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain PAROLE (11 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain PUB_IN (4 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:www
PAROLE tcp -- anywhere anywhere tcp dpt

op3
PAROLE tcp -- anywhere anywhere tcp dpt:imap2
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:mysql
PAROLE tcp -- anywhere anywhere tcp dpt:http-alt
PAROLE tcp -- anywhere anywhere tcp dpt:webmin
ACCEPT udp -- anywhere anywhere udp dpt:domain
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain PUB_OUT (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Yes i use fail2ban.

falko · #10 5th June 2010, 12:53

Can you switch off your firewall and fail2ban for testing purposes? Do the problems still exist then?

Navigation

Facebook

News

Recent comments

Newsletter