After kernel update HTTP is inaccessible but FTP is

After installing the Kernel update on my 11.0 server and rebooting my webpage is inaccessible, ssh times out, but I can still access it through FTP. I know after rebooting the machine iptables had a weird error but it was all about pop and pops which is not configured on my system. The problem has to be something about the firewall because if I use the local IP ssh will connect and I am able to load the pages on my web server. Is there a way I can test to see what is exactly wrong with the system/firewall?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Look in /var/log/firewall to see if something is blocking it in there.

Good luck.

vendion wrote:
> After installing the Kernel update on my 11.0 server and rebooting my
> webpage is inaccessible, ssh times out, but I can still access it
> through FTP. I know after rebooting the machine iptables had a weird
> error but it was all about pop and pops which is not configured on my
> system. The problem has to be something about the firewall because if I
> use the local IP ssh will connect and I am able to load the pages on my
> web server. Is there a way I can test to see what is exactly wrong with
> the system/firewall?
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJCiaB3s42bA80+9kRAos+AJ95BlT55nonuKKrXmmfghfjvZKSYgCeME7C
559fwGThYaHPqvtV+Wyw/ls=
=ExId
-----END PGP SIGNATURE-----

  • vendion,

I’d stop the firewall to test if it is really the firewall acting up. Then what Aaron said.

Uwe

Uwe Buckesfeld wrote:

> * vendion,
>
> I’d stop the firewall to test if it is really the firewall acting up. Then
> what Aaron said.
>
> Uwe
Well I could try that, but that is the only thing that I could think of because I can still access it with local IP, but not with my domain (using dyndns for the domain and it is not them).

“We must plan for freedom, and not only for security, if for no other reason than only freedom can make security more secure.” Karl Popper

Ok so the problem must be some where else because after stopping the firewall the problem is still there, and this machine is in my routers DMZ so it can’t be that firewall. After making the stupid mistake of using “cat” without “less” I am just now realizing how many events there was in my firewall because it has been scrolling threw new events for over a minute, looks like I have a long night ahead of me :frowning: .

ab@novell.com wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Look in /var/log/firewall to see if something is blocking it in there.
>
> Good luck.
>
>
>
>
>
> vendion wrote:
>> After installing the Kernel update on my 11.0 server and rebooting my
>> webpage is inaccessible, ssh times out, but I can still access it
>> through FTP. I know after rebooting the machine iptables had a weird
>> error but it was all about pop and pops which is not configured on my
>> system. The problem has to be something about the firewall because if I
>> use the local IP ssh will connect and I am able to load the pages on my
>> web server. Is there a way I can test to see what is exactly wrong with
>> the system/firewall?
>>
>>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJCiaB3s42bA80+9kRAos+AJ95BlT55nonuKKrXmmfghfjvZKSYgCeME7C
> 559fwGThYaHPqvtV+Wyw/ls=
> =ExId
> -----END PGP SIGNATURE-----
Well not knowing what to exactly look for in the huge log I have I redirected it to a text file and can anyone give me a clue as to what I should look for?

“We must plan for freedom, and not only for security, if for no other reason than only freedom can make security more secure.” Karl Popper

vendion wrote:

>
> After installing the Kernel update on my 11.0 server and rebooting my
> webpage is inaccessible, ssh times out, but I can still access it
> through FTP. I know after rebooting the machine iptables had a weird
> error but it was all about pop and pops which is not configured on my
> system. The problem has to be something about the firewall because if I
> use the local IP ssh will connect and I am able to load the pages on my
> web server. Is there a way I can test to see what is exactly wrong with
> the system/firewall?
>
>
After a clean install and update this problem is still happening, but I did not get the errors from iptables, like I did last time. I wonder if this really is a Kernel related problem because I did not have this problem until installing the 2.6.25.18-0.2-default kernel.

“We must plan for freedom, and not only for security, if for no other reason than only freedom can make security more secure.” Karl Popper

Anyone able to help, I really need to get Apache and SSH working out side of my local connection. It has to be something, if I nmap it using the machines local IP it says port 80 and 22 are open but if I nmap it with my domain, http://syceanempire.dyndns.org, those ports show up blocked and the person I talked to at dynamic dns says that they don’t block ports even with the basic free accounts.

  • vendion,

how do you connect to your ISP? If there’s a router/NAT involved, do you have port 80 forwarded to the server’s IP on the router?

Uwe

For my server it is going through two wireless routers, the router connected to my server has no active firewall and the router connected to my cable modem has my server in DMZ, it is a crappy Belkin router that does not understand the concept of port forwarding and open ports in the firewall.

Ok correction the router connected to my server has no firewall at all, and the server still is in the DMZ of my other router that does have the firewall.

  • vendion,

any way to check if the router is the problem? Like connecting it elsewhere and forwarding ports?

Uwe

I’m getting this issue as well.

It was all working fine till I applied updates.

I can get it working by modifying resolv.conf and putting a proper DNS entry in there but I don’t know what’s caused this in the first place. I’m on a dual boot machine and XP isn’t having any issues. I’m absolutely convinced somthing in the update has changed settings, although I’ve not had time to go through everything properly as yet.

I can’t remember all the updates that got applied but the kernel was one of them.

The only way I can network my server down to router 1 and the rest of the world is via wireless, ethernet failed me, I think some of it could be my router because for some reason my domain was pointing to my second router for HTTP but to my server for FTP, that was fixed by a reboot on my router, but this does not explain why this didn’t happen until the latest Kernel update. The server is on a static IP and I checked 5 times to see if it is in the DMZ out of the way of the firewall and NAT on my router.

Do you think modifying resolv.conf will work for dynamic DNS? If so I can give it a try and see if it works as a workaround for now.

  • vendion,

time for a LAN trace with wireshark or something like that.

Uwe

Ok starting up Wireshark and pointing my browser to my domain I see this from my main router “1240 134.975096 Belkin_44:89:8c Broadcast ARP Who has 192.168.2.16? Tell 192.168.2.1” Looks like even though my router says that 192.168.2.19 is in DMZ it still thinks my server is on .16 I guess that means change the IP on my server to .16.

Looks like I need to use wireshark more often, changing the static IP on the server to what my main router was looking for fixed the problem. Thanks for the help buckesfeld

  • vendion,

you’re welcome, glad I could help!

Uwe