sever not accepting connexon !!!

Post Reply
activa
Junior Member
Posts: 2
Joined: 14 Jun 2013, 23:36

sever not accepting connexon !!!

Post by activa »

Hello All

i have a server with openvz kernel , and i have a vps with cpanel .

when i activating the csf , no access to the vps . i should disable csf to get it work again .

i have followed all the tips that i should do in the host node and in the vps conf .

i have applied the suggestion from the sticky thread , i have changed the port to the "venet0+" and no success . all test give me ok .

Code: Select all

root@server [/etc/csf]# perl csftest . pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server
i get the error socket connexion

Code: Select all

root@server [/etc/csf]#  tail /var/log/lfd.log
Jun 14 23:29:47 server lfd[8584]: Watching /var/log/maillog...
Jun 14 23:29:47 server lfd[8584]: Watching /var/log/exim_mainlog...
Jun 14 23:29:47 server lfd[8584]: Watching /var/log/messages...
Jun 14 23:29:47 server lfd[8584]: Watching /var/log/secure...
Jun 14 23:29:47 server lfd[8584]: Watching /usr/local/cpanel/logs/login_log...
Jun 14 23:29:47 server lfd[8584]: Watching /usr/local/apache/logs/error_log...
Jun 14 23:29:47 server lfd[8584]: Watching /usr/local/cpanel/logs/access_log...
Jun 14 23:29:47 server lfd[8589]: CCL: Retrieving GeoLite Country database [http://geolite. maxmind .com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz]
Jun 14 23:30:55 server lfd[8589]: CCL Error: Unable to retrieve GeoLite Country database [http://geolite. maxmind .com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz] - Unable to download: 599 - Could not connect to 'geolite.maxmind .com:80': IO::Socket::INET: connect: Connection timed out
also when i want to wget something i get the error

Code: Select all

root@server [/var/log]# wget http://pecl.php .net/get/htscanner-1.0.1.tgz
--2013-06-14 23:50:15--  http://pecl.php .net/get/htscanner-1.0.1.tgz
Resolving pecl.php .net... 76.75.200.106
Connecting to pecl.php .net|76.75.200.106|:80... failed: Connection timed out.
Retrying.

--2013-06-14 23:51:24--  (try: 2)  http://pecl.php .net/get/htscanner-1.0.1.tgz
Connecting to pecl.php .net|76.75.200.106|:80... failed: Connection timed out.
Retrying.

--2013-06-14 23:52:29--  (try: 3)  http://pecl.php .net/get/htscanner-1.0.1.tgz
Connecting to pecl.php .net|76.75.200.106|:80... failed: Connection timed out.
Retrying.

--2013-06-14 23:53:35--  (try: 4)  http://pecl.php .net/get/htscanner-1.0.1.tgz
Connecting to pecl.php .net|76.75.200.106|:80... ^C

the ping worg without any probleme .

the kernel is

Code: Select all

root@server [/etc/csf]# uname -a
Linux server. myhost .com 2.6.32-20-pve #1 SMP Wed May 15 08:23:27 CEST 2013 x86_64 x86_64 x86_64 GNU/Linux
any idea how should i diagnostic from where the probleme ?
Top
activa
Junior Member
Posts: 2
Joined: 14 Jun 2013, 23:36

Re: sever not accepting connexon !!!

Post by activa »

i have resolved the probleme by the fallowing
steps :
1 - stop the vps machine

2 - in the node host a hade addded the modules

Code: Select all

modprobe ipt_MASQUERADE
modprobe ipt_helper
modprobe ipt_REDIRECT
modprobe ipt_state
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe tun
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_limit
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_REJECT
modprobe ipt_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack
modprobe xt_connlimit
modprobe ipt_recent
modprobe ipt_owner
3 - run the command

Code: Select all

vzctl set <VM's VEID> --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save
change <VM's VEID> with the vpsid like 105 or 130 ...

4 - enter the vps now , inside it see if IPTABLES_MODULES is empty in /etc/sysconfig/iptables-config , if yes change it to

Code: Select all

IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle  ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ip_conntrack_ftp ipt_conntrack ip_tables  ip_conntrack_netbios_ns"
in the csf conf , change the ethernet devive to venet0+

Code: Select all

pico /etc/csf/csf.conf
search

ETH_DEVICE = ""

change it to

ETH_DEVICE = "venet0+"

save end restart csf .

csf -r

now reboot the vps and wou are done .
Top
Post Reply

Return to “General Discussion (csf)”