Ubuntu 11.10 With Nginx [ISPConfig 3] port problem

Discussion in 'Installation/Configuration' started by tbctr, Dec 6, 2011.

  1. tbctr

    tbctr Member

    http://www.howtoforge.com/perfect-server-ubuntu-11.10-with-nginx-ispconfig-3 installed 2 different machine. Local network access ok. adsl modem port forwarding okey (21,22,23,53,80,110,143,443,587,3306,8080). Debian 6 installed other server running no problem. Ubuntu nginx server restrict access on internet. mxtoolbox.com my ip port scan results 23,53,80 success and 21,22,25,110,143..... and other port error "No connection could be made because the target machine actively refused it"

    What is the solution ?
     
  2. falko

    falko Super Moderator ISPConfig Developer

    What are the outputs of
    Code:
    netstat -tap
    and
    Code:
    iptables -L
    on the Ubuntu server?

    Does your router forward the ports to the correct server?
     
  3. tbctr

    tbctr Member

    netstat
    Code:
    root@sunucu:~# netstat -tap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 localhost.localdom:9000 *:*                     LISTEN      1938/php-fpm.conf)
    tcp        0      0 localhost.localdo:10024 *:*                     LISTEN      1050/amavisd (maste
    tcp        0      0 localhost.localdo:10025 *:*                     LISTEN      2406/master
    tcp        0      0 *:mysql                 *:*                     LISTEN      939/mysqld
    tcp        0      0 *:http-alt              *:*                     LISTEN      1896/nginx
    tcp        0      0 *:www                   *:*                     LISTEN      1896/nginx
    tcp        0      0 *:tproxy                *:*                     LISTEN      1896/nginx
    tcp        0      0 localhost.localdom:9010 *:*                     LISTEN      1938/php-fpm.conf)
    tcp        0      0 localhost.localdom:9011 *:*                     LISTEN      1938/php-fpm.conf)
    tcp        0      0 localhost.localdom:9012 *:*                     LISTEN      1938/php-fpm.conf)
    tcp        0      0 *:ftp                   *:*                     LISTEN      2091/pure-ftpd (SER
    tcp        0      0 localhost.localdom:9013 *:*                     LISTEN      1938/php-fpm.conf)
    tcp        0      0 sunucu.siberbilg:domain *:*                     LISTEN      1070/named
    tcp        0      0 sunucu.siberbilg:domain *:*                     LISTEN      1070/named
    tcp        0      0 localhost.locald:domain *:*                     LISTEN      1070/named
    tcp        0      0 localhost.localdom:9014 *:*                     LISTEN      1938/php-fpm.conf)
    tcp        0      0 *:ssh                   *:*                     LISTEN      757/sshd
    tcp        0      0 localhost.localdom:9015 *:*                     LISTEN      1938/php-fpm.conf)
    tcp        0      0 *:smtp                  *:*                     LISTEN      2406/master
    tcp        0      0 localhost.localdoma:953 *:*                     LISTEN      1070/named
    tcp        0      0 localhost.localdo:47143 localhost.localdo:mysql ESTABLISHED 28850/amavisd (ch7-
    tcp        0      0 localhost.localdo:47129 localhost.localdo:mysql ESTABLISHED 28695/amavisd (ch8-
    tcp        0    248 sunucu.siberbilgisa:ssh 192.168.2.138:52647     ESTABLISHED 30669/0
    tcp        0      0 localhost.localdo:mysql localhost.localdo:47143 ESTABLISHED 939/mysqld
    tcp        0      0 localhost.localdo:mysql localhost.localdo:47129 ESTABLISHED 939/mysqld
    tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      1721/couriertcpd
    tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      1771/couriertcpd
    tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      1743/couriertcpd
    tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      1688/couriertcpd
    tcp6       0      0 [::]:ftp                [::]:*                  LISTEN      2091/pure-ftpd (SER
    tcp6       0      0 [::]:domain             [::]:*                  LISTEN      1070/named
    tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      757/sshd
    tcp6       0      0 ip6-localhost:953       [::]:*                  LISTEN      1070/named
    
    
    iptables
    Code:
    root@sunucu:~# iptables -L
    Chain INPUT (policy DROP)
    target     prot opt source               destination
    DROP       tcp  --  anywhere             127.0.0.0/8
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
    ACCEPT     all  --  anywhere             anywhere
    DROP       all  --  base-address.mcast.net/4  anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
    DROP       all  --  anywhere             anywhere
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    
    Chain INT_IN (0 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain INT_OUT (0 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    
    Chain PAROLE (15 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    
    Chain PUB_IN (4 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable
    ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
    ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
    ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp-data
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ssh
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:www
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imap2
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imaps
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3s
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:mysql
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:http-alt
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:tproxy
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:webmin
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:mysql
    DROP       icmp --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain PUB_OUT (4 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    
    Chain fail2ban-courierimap (0 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Chain fail2ban-courierpop3 (0 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Chain fail2ban-courierpop3s (0 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Chain fail2ban-sasl (0 references)
    target     prot opt source               destination
    
    Chain fail2ban-ssh (0 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    
    1- on the Ubuntu server?

    2- Does your router forward the ports to the correct server?

    1- Yes Ubuntu server.
    2- Yes correct server
     
  4. tbctr

    tbctr Member

    tcp 0 248 sunucu.siberbilgisa:ssh 192.168.2.138:52647 ESTABLISHED 30669/0 . I could not understand it

    Ubuntu server local ip : 192.168.2.250

    Other server debian : 192.168.2.200 no problem port.


    add : 192.168.2.138 my pc ip :D
     
    Last edited: Dec 7, 2011
  5. tbctr

    tbctr Member

    System information as of Wed Dec 7 17:52:54 EET 2011

    System load: 1.49 Processes: 292
    Usage of /: 4.5% of 145.50GB Users logged in: 0
    Memory usage: 46% IP address for eth0: 192.168.2.250
    Swap usage: 0%
    --------------------------------------------------------------------------
    vi /etc/network/interfaces

    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).

    # The loopback network interface
    auto lo
    iface lo inet loopback

    # The primary network interface
    auto eth0
    iface eth0 inet static
    address 192.168.2.250
    netmask 255.255.255.0
    network 192.168.2.0
    broadcast 192.168.2.255
    gateway 192.168.2.1
    ~

    ---------------------------------------------------
    vi /etc/hosts

    127.0.0.1 localhost.localdomain localhost
    192.168.2.250 sunucu.siberbilgxxxxx sunucu

    # The following lines are desirable for IPv6 capable hosts
    ::1 ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
     
    Last edited by a moderator: Dec 11, 2011
  6. falko

    falko Super Moderator ISPConfig Developer

    Can you turn off the firewall for testing purposes? Does it work then?
     
  7. tbctr

    tbctr Member

    Which firewall ?
     
  8. falko

    falko Super Moderator ISPConfig Developer

    On the Ubuntu server. You can use ISPConfig to switch it off.
     
  9. tbctr

    tbctr Member

    Firewall - Basic - Add Firewall record --- testing and problem in progress. Remove firewall record again problem in progress. No change :confused:
     
  10. falko

    falko Super Moderator ISPConfig Developer

    So the problem must be your router or your ISP that blocks some ports. Please check.
     
  11. tbctr

    tbctr Member

    I have two servers at the same place. Different cable and router port try and no change. Other server debian 6 no problem.
     
  12. tbctr

    tbctr Member

  13. tbctr

    tbctr Member

    Open suse installed and worked. After installed ubuntu again. I could not understand but is working now. running smoothly :p :D. Thanks again.
     

Share This Page