[SharedIP] Server will not serve sites?

Discussion in 'General' started by giganet, May 25, 2009.

  1. giganet

    giganet New Member

    Hello group...

    This morning I have found that one of my servers will not serve sites as it was doing faithfully previously.

    No matter what I try ISPConfig continues to return the Shared IP screen on hosted sites.

    The command 'ifconfig' returns
    Code:
    eth1      Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.3  Bcast:65.197.209.255  Mask:255.255.255.0
              inet6 addr: fe80::200:24ff:fec4:5ea4/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:63573 errors:0 dropped:0 overruns:0 frame:0
              TX packets:54775 errors:15 dropped:0 overruns:15 carrier:15
              collisions:0 txqueuelen:1000
              RX bytes:64693991 (61.6 MB)  TX bytes:32885430 (31.3 MB)
              Interrupt:18 Base address:0xa000
    
    eth1:1    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.4  Bcast:65.197.209.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:18 Base address:0xa000
    
    eth1:2    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.6  Bcast:65.197.209.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:18 Base address:0xa000
    
    eth1:3    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.7  Bcast:65.197.209.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:18 Base address:0xa000
    
    eth1:4    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.8  Bcast:65.197.209.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:18 Base address:0xa000
    
    eth1:5    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.9  Bcast:65.197.209.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:18 Base address:0xa000
    
    eth1:6    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.11  Bcast:65.197.209.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:18 Base address:0xa000
    
    eth1:7    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.12  Bcast:65.197.209.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:18 Base address:0xa000
    
    eth1:8    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.13  Bcast:65.197.209.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:18 Base address:0xa000
    
    eth1:9    Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.14  Bcast:65.197.209.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:18 Base address:0xa000
    
    eth1:10   Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.15  Bcast:65.197.209.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:18 Base address:0xa000
    
    eth1:11   Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.16  Bcast:65.197.209.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:18 Base address:0xa000
    
    eth1:12   Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.17  Bcast:65.197.209.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:18 Base address:0xa000
    
    eth1:13   Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.18  Bcast:65.197.209.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:18 Base address:0xa000
    
    eth1:14   Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.19  Bcast:65.197.209.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:18 Base address:0xa000
    
    eth1:15   Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.20  Bcast:65.197.209.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:18 Base address:0xa000
    
    eth1:16   Link encap:Ethernet  HWaddr 00:00:24:C4:5E:A4
              inet addr:65.197.209.21  Bcast:65.197.209.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:18 Base address:0xa000
    
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:252 errors:0 dropped:0 overruns:0 frame:0
              TX packets:252 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:26007 (25.3 KB)  TX bytes:26007 (25.3 KB)
    
    
    If I attempt to restart networking I receive the following
    Code:
     * Reconfiguring network interfaces...                                                                                                                       SIOCSIFFLAGS: Cannot assign requested address
    SIOCSIFFLAGS: Cannot assign requested address
    SIOCSIFFLAGS: Cannot assign requested address
    SIOCSIFFLAGS: Cannot assign requested address
    SIOCSIFFLAGS: Cannot assign requested address
    SIOCSIFFLAGS: Cannot assign requested address
    SIOCSIFFLAGS: Cannot assign requested address
    SIOCSIFFLAGS: Cannot assign requested address
    SIOCSIFFLAGS: Cannot assign requested address
    SIOCSIFFLAGS: Cannot assign requested address
    SIOCSIFFLAGS: Cannot assign requested address
    SIOCSIFFLAGS: Cannot assign requested address
    SIOCSIFFLAGS: Cannot assign requested address
    SIOCSIFFLAGS: Cannot assign requested address
    SIOCSIFFLAGS: Cannot assign requested address
    SIOCSIFFLAGS: Cannot assign requested address
                                                                                                                                                          [ OK ]
    I have also tried stopping & starting apache2, and shorewall then running iptables -F but no matter what I try I can not manage to get ISPConfig to serve sites again.

    I am able to access the ISPC Control Panel successfully and all looks to be alright there too.

    Thanking you in advance for your help with this matter.

    Best Regards
    Pat Taylor
     
  2. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Take a look in the Vhosts_ispconfig.conf file, are the vhosts for the sites configured correctly there? Did you install any linux updates that may have changed the apache2.conf or httpd.conf file?
     
  3. giganet

    giganet New Member

    Hi Till

    Thank you very much for the reply...

    I did look into 'Vhosts_ispconfig.conf' and all appeared to be fine.
    No Unix updates or the like were installed/updated.

    This machine at random completely takes down all Internet connectivity for ALL devices connected forcing me to disconnect it's Ethernet cable to remove it from the network all together.
    Most often I have to go through a series of stopping and starting 'shorewall' in addition to running 'iptables -F' and in a lot of cases I must reboot the server all together before being able to reintroduce it to the network?...

    Strangely enough the box just began to serve the domains when requested last night out of the blue.

    Thanks Till
    Have a great day

    Best Regards
     
  4. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Do you use any other firewalls besides Shorewall (e.g. ISPConfig's firewall)? In this case they might interfere with each other.
     
  5. giganet

    giganet New Member

    Good day Falko

    Thank you for the reply and input...

    As it turns up I am utilizing Shorewall, IPTables and the ISPConfig FW, I didn't even consider that as a potential cause of network connectivity failure :)

    I removed all FW rules possible from ISPConfig including POP, SMTP, HTTP & DNS.

    After doing this I found that I had to add rules back to the ISPConfig FW for HTTP, SMTP, & SSH which I runs on :54000.
    This was to re-enable access to these services.

    Below are my current ISPConfig FW rules applied

    Code:
    [B]Name  [/B][B]  Port  [/B][B]  Type  [/B][B]  Active  [/B]  
    [URL="http://javascript%3Cb%3E%3C/b%3E:editDoc%2825,%27doc%27%29"]SSH[/URL]    22    tcp    yes   
    [URL="http://javascript%3Cb%3E%3C/b%3E:editDoc%2830,%27doc%27%29"]ISPConfig[/URL]    81    tcp    yes    
    [URL="http://javascript%3Cb%3E%3C/b%3E:editDoc%2865,%27doc%27%29"]HTTP[/URL]    80    tcp    yes    
    [URL="http://javascript%3Cb%3E%3C/b%3E:editDoc%2866,%27doc%27%29"]SMTP[/URL]    25    tcp    yes    
    [URL="http://javascript%3Cb%3E%3C/b%3E:editDoc%2867,%27doc%27%29"]POP3[/URL]    110    tcp    yes    
    [URL="http://javascript%3Cb%3E%3C/b%3E:editDoc%2868,%27doc%27%29"]SSH[/URL]    54000    tcp    yes  
    My question will now come to what would be a best practice in the FW rules of Shorewall & IPTables.

    Should I remove any similar rules from Shorewall and IPTables to avoid conflict with the FW of ISPConfig?
    Alike in Shorewall wouldn't I need to modify '/etc/shorewall/rules' ?

    Below are Shorewall' /etc/shorewall/rules from this box...
    Code:
    #############################################################################################################
    #ACTION            SOURCE       DEST    PROTO   DEST    SOURCE  ORIGINAL        RATE            USER/
    #                                                       PORT    PORT(S)         DEST            LIMIT           GROUP
    
    ACCEPT               net        $FW     tcp       -         -         -           -
    ACCEPT               net:65.197.209.3   $FW       tcp       80        -           -           20/sec:24
    ACCEPT               net        all     tcp       21        -         -           -
    ACCEPT               net        $FW     tcp       23        -         -           -
    ACCEPT               net        $FW     tcp       25        -         -           -
    ACCEPT               $FW        net     udp       53        -         -           -
    ACCEPT               net        $FW     udp       53        -         -           -
    ACCEPT               $FW        net     tcp       53        -         -           -
    ACCEPT               net        $FW     tcp       53        -         -           -
    ACCEPT               net:65.197.209.0   $FW       tcp       69        -           -           -
    ACCEPT               net:65.197.209.0   $FW       udp       69        -           -           -
    ACCEPT               net        $FW     tcp       80        -         -           20/sec:24
    ACCEPT               net        $FW     tcp       81        -         -           20/sec:24
    ACCEPT               net        $FW     tcp       110       -         -           -
    ACCEPT               net        $FW     tcp       143       -         -           -
    ACCEPT               net        $FW     udp       143       -         -           -
    ACCEPT               net        $FW     tcp       161       -         -           -
    ACCEPT               net        $FW     udp       161       -         -           -
    ACCEPT               net        $FW     tcp       443       -         -           20/sec:24
    Ping/ACCEPT          net        $FW     -         -         -         -           5/sec:8
    ACCEPT               net        $FW     tcp       3306      -         -           -
    ACCEPT               net        $FW     tcp       54000     -         -           -
    ACCEPT               net:65.197.209.0/24 $FW tcp 54000      -         -           -
    ACCEPT               net:~00-03-25-21-FA-23 $FW tcp 54000   -         -           -
    Web/DNAT             net        $FW:65.197.209.3     tcp    -         -           -
    
    Thanking you in advance for your time and support Falko.

    Best Regards
     
  6. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Please use just one firewall. If you're using Shorewall, please disable the ISPConfig firewall.
     
  7. giganet

    giganet New Member

    Thank you once again Falko.

    I will utilize only Shorewall disabling the FW within ISPConfig

    Best Regards
     

Share This Page