nginx ipv6 WAN stops responding

Discussion in 'Installation/Configuration' started by naproxes, Aug 6, 2018.

Tags:
  1. naproxes

    naproxes New Member

    after setting up the system with all the needed hardening (pfs etc.) my server stops to awnser http(s) requests over ipv6 originating from WAN after 10-20 minutes, but other local servers have no problems reaching him.
    the server os is debian 9.5 and all the software is up to date. there are some other servers (debian 9.0) "behind" my sophos utm with nginx and ispconfig with no problems but i can't pinpoint the differences.

    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] ISPConfig is installed.

    ##### ISPCONFIG #####
    ISPConfig version is 3.1.12


    ##### VERSION CHECK #####

    [INFO] php (cli) version is 7.0.30-0+deb9u1

    ##### PORT CHECK #####


    ##### MAIL SERVER CHECK #####

    [WARN] I found no "submission" entry in your postfix master.cf
    [INFO] this is not critical, but if you want to offer port 587 for smtp connections you have to enable this.

    ##### RUNNING SERVER PROCESSES #####

    [INFO] I found the following web server(s):
    Unknown process (nginx:) (PID 892)
    [INFO] I found the following mail server(s):
    Postfix (PID 1060)
    [INFO] I found the following pop3 server(s):
    Dovecot (PID 716)
    [INFO] I found the following imap server(s):
    Dovecot (PID 716)
    [INFO] I found the following ftp server(s):
    PureFTP (PID 1232)

    ##### LISTENING PORTS #####
    (only ()
    Local (Address)
    [anywhere]:110 (716/dovecot)
    [anywhere]:143 (716/dovecot)
    [anywhere]:80 (892/nginx:)
    [anywhere]:8080 (892/nginx:)
    [anywhere]:465 (1060/master)
    [anywhere]:8081 (892/nginx:)
    [anywhere]:21 (1232/pure-ftpd)
    ***.***.***.***:53 (586/named)
    [localhost]:53 (586/named)
    [anywhere]:22 (709/sshd)
    [anywhere]:25 (1060/master)
    [localhost]:953 (586/named)
    [anywhere]:443 (892/nginx:)
    [anywhere]:993 (716/dovecot)
    [anywhere]:995 (716/dovecot)
    [localhost]:10023 (840/postgrey)
    [localhost]:10024 (1230/amavisd-new)
    [localhost]:10025 (1060/master)
    [localhost]:10026 (1230/amavisd-new)
    [localhost]:10027 (1060/master)
    [localhost]:11211 (590/memcached)
    [localhost]10 (716/dovecot)
    [localhost]43 (716/dovecot)
    *:*:*:*::*5:80 (892/nginx:)
    *:*:*:*::*:8080 (892/nginx:)
    *:*:*:*::*:465 (1060/master)
    *:*:*:*::*:21 (1232/pure-ftpd)
    *:*:*:*::*:53 (586/named)
    *:*:*:*::*:22 (709/sshd)
    *:*:*:*::*:25 (1060/master)
    *:*:*:*::*:953 (586/named)
    *:*:*:*::*5:443 (892/nginx:)
    *:*:*:*::*:993 (716/dovecot)
    *:*:*:*::*:995 (716/dovecot)
    *:*:*:*::*:10023 (840/postgrey)
    *:*:*:*::*:10024 (1230/amavisd-new)
    *:*:*:*::*:10026 (1230/amavisd-new)
    *:*:*:*::*:3306 (838/mysqld)




    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25
    f2b-dovecot tcp -- [anywhere]/0 [anywhere]/0 multiport dports 110,995,143,993,587,465,4190
    f2b-pure-ftpd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 21
    f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22
    ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0
    ufw-before-input all -- [anywhere]/0 [anywhere]/0
    ufw-after-input all -- [anywhere]/0 [anywhere]/0
    ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0
    ufw-reject-input all -- [anywhere]/0 [anywhere]/0
    ufw-track-input all -- [anywhere]/0 [anywhere]/0

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0
    ufw-before-forward all -- [anywhere]/0 [anywhere]/0
    ufw-after-forward all -- [anywhere]/0 [anywhere]/0
    ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0
    ufw-reject-forward all -- [anywhere]/0 [anywhere]/0
    ufw-track-forward all -- [anywhere]/0 [anywhere]/0

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0
    ufw-before-output all -- [anywhere]/0 [anywhere]/0
    ufw-after-output all -- [anywhere]/0 [anywhere]/0
    ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0
    ufw-reject-output all -- [anywhere]/0 [anywhere]/0
    ufw-track-output all -- [anywhere]/0 [anywhere]/0

    Chain f2b-dovecot (1 references)
    target prot opt source destination
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain f2b-postfix-sasl (1 references)
    target prot opt source destination
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain f2b-pure-ftpd (1 references)
    target prot opt source destination
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain f2b-sshd (1 references)
    target prot opt source destination
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain ufw-after-forward (1 references)
    target prot opt source destination

    Chain ufw-after-input (1 references)
    target prot opt source destination

    Chain ufw-after-logging-forward (1 references)
    target prot opt source destination

    Chain ufw-after-logging-input (1 references)
    target prot opt source destination

    Chain ufw-after-logging-output (1 references)
    target prot opt source destination

    Chain ufw-after-output (1 references)
    target prot opt source destination

    Chain ufw-before-forward (1 references)
    target prot opt source destination

    Chain ufw-before-input (1 references)
    target prot opt source destination

    Chain ufw-before-logging-forward (1 references)
    target prot opt source destination

    Chain ufw-before-logging-input (1 references)
    target prot opt source destination

    Chain ufw-before-logging-output (1 references)
    target prot opt source destination

    Chain ufw-before-output (1 references)
    target prot opt source destination

    Chain ufw-reject-forward (1 references)
    target prot opt source destination

    Chain ufw-reject-input (1 references)
    target prot opt source destination

    Chain ufw-reject-output (1 references)
    target prot opt source destination

    Chain ufw-track-forward (1 references)
    target prot opt source destination

    Chain ufw-track-input (1 references)
    target prot opt source destination

    Chain ufw-track-output (1 references)
    target prot opt source destination
     
    Last edited: Aug 6, 2018
  2. naproxes

    naproxes New Member

    ok, there must be somthing stange... i set the ipv4 address to static and now the server runs stable for 45+ minutes.
     
  3. naproxes

    naproxes New Member

    still going strong. can't belive that a change to ipv4 helps to stabilize ngninx on ipv6...
     
  4. ahrasis

    ahrasis Well-Known Member

    Same here. I also disabled ipv6 for stability in my Ubuntu servers.
     
  5. naproxes

    naproxes New Member

    i did not disable ipv6...
     
  6. ahrasis

    ahrasis Well-Known Member

    Noted that. Local IPV4 is always set static in ISPConfig server. My public ip is dynamic though.
     

Share This Page