Intermittent loss of network function

Discussion in 'Installation/Configuration' started by sjswarts, Aug 3, 2011.

  1. sjswarts

    sjswarts New Member

    Hi guys,

    I have recently converted to Debian from CentOS/Fedora

    Currently I have followed two guides:

    www.howtoforge.com/perfect-server-debian-squeeze-with-bind-and-courier-ispconfig-3

    www.howtoforge.com/extending-perfect-server-debian-squeeze-ispconfig-3

    But my issues started to arise somewhere between the setting up of accounts on my system (emails,ftp,websites,etc) and installing virtualbox to run a headless winxp client with spiceworks installed.

    Ok so now my issue(s)

    - My ventrilo server loses connection repeatedly - probably alive for a hour and gone for about 30 mins.
    - At this time I can't resolve dns query's
    - I can't ping my gateway from my debian server
    - I can ping my gateway from my laptop running win 7
    - I can't dig anything but the name of my server (suggests dns is working in house)

    Thats my main issue because due to that I lose my website, my mail server, my roundcube access, and my redirect to the virtual machine running spiceworks for help

    Please advise???

    I have been looking in the logs and I see lots of random things like:

    mail postfix/smtpd[3957]: connect from localhost.localdomain[127.0.0.1]
    mail postfix/smtpd[3957]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
    mail postfix/smtpd[3957]: disconnect from localhost.localdomain[127.0.0.1]

    i get that for mail imapd as well

    pure-ftpd logs in and out every 5 mins???

    Please help me this is blowing my mind... I had it working "fine" on my fedora machine never lost connection like this...

    thank you
    steve
     
  2. Mark_NL

    Mark_NL New Member

    You're talking about more then one machine, which one is the one that's giving you problems?

    Are the ventrilo, gateway, converted centos->debian server the same machine, or all different?

    "pure-ftpd logs in and out every 5 mins???" That's just an ispconfig cron for the monitor in the webGUI to check if your ftpd is still running ;)
     
  3. sjswarts

    sjswarts New Member

    Hi Mark

    Ok so I have the made a new fresh install of debian built to utilize ISPConfig 3 - I was referring with the centOS comment that a moderator on these forums advised me to go from centOS to debian as a platform to use.

    So this is what I have done:

    - Debian fresh install > ISPConfig
    - Also installed VirtualBox > Running headless image of xp with Spiceworks installed
    - Also installed Ventrilo (voip program for my gaming buddies) on the Debian platform

    The gateway is my Billion 7800n IP address

    Thats about it.

    Overnight I tail -f ventrilo.logs and it tells me that I lose network functionality pretty much every hour.


    20110804 01:40:49 MSG_DISC: ID 7, From=8642, To=5155, Sec=3568, Name=Steve
    20110804 02:40:05 MSG_CONN: ID 9, IP 192.168.1.254, Accepted. (16384,262142) (87380,262142)
    20110804 02:40:10 AUTO: ID 8, IP 192.168.1.254, Client did not disconect after being kicked.
    20110804 02:40:10 MSG_DISC: ID 8, From=8642, To=5177, Sec=3566, Name=Steve
    20110804 03:39:23 MSG_CONN: ID 10, IP 192.168.1.254, Accepted. (16384,262142) (87380,262142)
    20110804 03:39:28 AUTO: ID 9, IP 192.168.1.254, Client did not disconect after being kicked.
    20110804 03:39:28 MSG_DISC: ID 9, From=8642, To=5195, Sec=3563, Name=Steve
    20110804 04:38:43 MSG_CONN: ID 11, IP 192.168.1.254, Accepted. (16384,262142) (87380,262142)
    20110804 04:38:49 AUTO: ID 10, IP 192.168.1.254, Client did not disconect after being kicked.
    20110804 04:38:49 MSG_DISC: ID 10, From=8642, To=5133, Sec=3566, Name=Steve
    20110804 05:12:14 MSG_CONN: ID 12, IP 192.168.1.254, Accepted. (16384,262142) (87380,262142)
    20110804 05:12:20 AUTO: ID 11, IP 192.168.1.254, Client did not disconect after being kicked.
    20110804 05:12:20 MSG_DISC: ID 11, From=3910, To=2897, Sec=2017, Name=Steve

    so any help would be appreciate where would i begin??

    steve
     
  4. sjswarts

    sjswarts New Member

    Ok maybe have it solved??

    As I followed the extended debian setup I also installed the ddos script that runs... So I went to http://deflate.medialayer.com/ to uninstall it - also noted that a email could be sent to the root so that ip's blocked would be listed... anyway currently it is 4 hours later and not a single drop out of ventrilo... So i'm also hoping not a drop out from any of my services running (email,apache,etc)

    Fingers crossed that this was the issue.

    I will post back in a day or so if this fixes the problem else I'll post back sooner if it isn't ;)

    cheers,
    Steve
     
  5. Mark_NL

    Mark_NL New Member

    Haha, so it was your own ddos scanner that kept you blocking? :p
     
  6. sjswarts

    sjswarts New Member

    Ok so I thought I had fixed the issue but at 16:23:00 and 16:35:21 my server lost resolvable services. It couldn't resolve the name and so my vent server went down...

    Argh... This is just what I didn't need...

    Any ideas people? Anyone know where to start looking??

    Cheers
    Steve
     
  7. Mark_NL

    Mark_NL New Member

    are you sure deflate isn't running somewhere? check user/root crontabs /etc/crontab etc ..

    check for unknown lines in iptables -L
     
  8. sjswarts

    sjswarts New Member

    I have disabled the firewall in ISPConfig and iptables -L still shows up with all of fail2ban stuff... however the problem remains...

    Also I followed the webpage deflate.medialayer.com so i am pretty sure that I have uninstalled everything...

    I have issues with losing the gateway and so losing dns lookup or some other problem that prevents me from pinging the gateway at the time my system comes down...

    Argh this is so annoying... I am ready to just scrap it and start again...

    Does anyone not have any other ideas??

    cheers,
    steve
     
  9. sjswarts

    sjswarts New Member

    Ok here is something possibly:

    this is from the fail2ban log:

    2011-08-03 22:15:20,338 fail2ban.actions.action: ERROR iptables -N fail2ban-sasl
    iptables -A fail2ban-sasl -j RETURN
    iptables -I INPUT -p tcp -m multiport --dports smtp -j fail2ban-sasl returned 400
    2011-08-03 22:15:20,347 fail2ban.actions.action: ERROR iptables -N fail2ban-courierpop3
    iptables -A fail2ban-courierpop3 -j RETURN
    iptables -I INPUT -p tcp -m multiport --dports pop3 -j fail2ban-courierpop3 returned 200
    2011-08-03 22:15:20,347 fail2ban.actions.action: ERROR iptables -N fail2ban-ssh
    iptables -A fail2ban-ssh -j RETURN
    iptables -I INPUT -p tcp -m multiport --dports 50022 -j fail2ban-ssh returned 400
    2011-08-04 06:35:20,332 fail2ban.filter : INFO Log rotation detected for /var/log/syslog
     
  10. sjswarts

    sjswarts New Member

    I fixed my last post by changing the 0.05 sleep timer in the /usr/bin/fail2ban-client to 0.1

    Simple restart showed me in ISPConfig under monitor tab > fail2ban.log everything worked fine this time around
     
  11. sjswarts

    sjswarts New Member

    Well sorry people I can't work it out... have looked high and low in logs and things all round, tried different network cables different switch ports, shy of a different computer... I just can't figure it out...

    So i'm off to try CentOS flavor ...

    Hopefully the same problem doesn't resurface :D
     
  12. Mark_NL

    Mark_NL New Member

    Sorry to hear it's not resolved and that we where not able to help you .. some problems aren't as easy solvable through a forum, shell access would help greatly, but in these situations i understand that people won't give it to you.

    All in all, to bad .. and good luck with the CentOS install, they released it today if i'm not mistaken!!
     

Share This Page