Topic: Websites not working from public

[rmoria]

Hi,
I am rebuilding to SME 10. I am at the point I want to bring back the websites it was hosting.
I can not access them from the internet,but I can access them from the private side.

How can I check if the traffic is blocked by the server or if my ISP blocked port80?

[ReetP]

Please go back a few steps and tell us exactly what steps you have taken so far.

Did the sites work publicly on v9?

What mode is the server?

Do you have routers or other firewalls installed?

[rmoria]

Yes, they worked on SME9

Server and gateway

No extra routers or firewall installed. Connected to ISP by modem in bridge mode.

I have a basic index.htm in the ibay(s) now, that I can see from the private network

[ReetP]

Have you restored from a backup or done a clean start?

[Jean-Philippe Pialasse]

Code: [Select]

config show SystemMode

[rmoria]

I did  a fresh start.

systemmode:

Code: [Select]

SystemMode=servergateway

[rmoria]

It has probably something to do with the database not working for root (and others, like horde). I can also not redirect ports.

I am running a backup and tomorrow I will see if a fresh install (again) works better.

[Jean-Philippe Pialasse]

first you should not use root and its password for web application. you should create a dedicated db and user per app. If not confident with command line, use phpmyadmin contrib and connect as admin. multiple reasons, but few of them are
- if leaked you also give up your master ldap password for SME
- if leaked for one app you compromiser your whole mysql db

second, if you can see content from inside and not from outside it is very unlikely it is  a mysql issue

third can not access is as saying the car does not work and not letting the engineer with more information. Nobody will be able to help you.
How do you try your external access ? What is displayed? error? What do you expect to see? Better give us an url so we can test for you. 

Last, this is not windows, deleting and installing again is not the first solution. Investigating, understanding and fixing is the way. 

so start to tell more, this will avoid a long unhelpfull thread. 


edit

also /var/log/httpd/access_log and error_log could be helpfull to help diagnose the issue when trying to access

[rmoria]

ip-adres : 213.93.205.219
dns :  tolot.net (primary) / babshop.nl (points to ibay) / groenzwartereigers.nl (points to ibay)

with "db accounts show" I can see that all 3 Ibays are set to global access and no password

[Jean-Philippe Pialasse]

First I am assuming that the IP is really the current that has been assigned by your ISP lately and obtained by reading the config of your SME (ifconfig). If you do not have a static IP this could have changed before I checked for it. ( If I am assuming wrong correct me and there will be extra debugging steps)

I am also assuming you are restoring on the same hardware you were using for the SME9. Different hardware, could be related to other potential issues ( If I am assuming wrong correct me and there will be extra debugging steps).


Your domains seem pointing to the right IP though, so no DNS issue.
I am able to ping but that is all I can get from your IP. Nmap was unable to find one single opened port.

Also I must say that from Canada I get 2 hops with 87% loss. Tested from France and there was not routing issue.

So either you have a provider filtering your port, but from what you where saying this was working before with a SME9, either you have some issues with your local firewall/modem/router, either this is a conflict with a SME config.

1- This could be from your ISP router/modem ? I guess you did not change anything on this device?

2- I am assuming that your modem/router is set as modem gateway and is not NATing anything (acting as router), because this could be a first issue if not please correct me there will be again extra debugging to do.
this could help partly answering the question

Code: [Select]

config show ExternalInterface

3- if this is a SME configuration, we have to check :
-3a custom templates (this is the major source of issues when restoring from backup)

Code: [Select]

/sbin/e-smith/audittools/templates
-3b firewall and http services setting

Code: [Select]

config show masq
config show httpd-e-smith
- services running

Code: [Select]

systemctl status -l masq httpd-e-smith
4- any contrib installed like fail2ban, xt_geoip that could block your access? try following command to check

Code: [Select]

/sbin/e-smith/audittools/newrpms |grep ^smeserver
5- also could be hardware / software issue with network: please check

Code: [Select]

lspci |grep -i Eth

[rmoria]

2:

Code: [Select]

config show ExternalInterface

Code: [Select]

ExternalInterface=interface
    Configuration=DHCPEthernetAddress
    Driver=r8169
    Gateway=
    IPAddress=
    Name=enp3s0
    Netmask=255.255.255.0

3a: I did not do a restore to there, just data in Ibays

3b:

Code: [Select]

config show masq
masq=service
    DenylogTarget=drop
    Logging=most
    Stealth=no
    Trace=disabled
    pptp=yes
    status=enabled

Code: [Select]

config show httpd-e-smith
httpd-e-smith=service
    SSLv2=disabled
    SSLv3=disabled
    TCPPort=80
    access=public
    status=enabled


Code: [Select]

systemctl status -l masq httpd-e-smith
● masq.service - masq, the Koozali SME Server firewall script
   Loaded: loaded (/usr/lib/systemd/system/masq.service; enabled; vendor preset:                             enabled)
   Active: active (exited) since zo 2021-08-29 12:58:56 CEST; 22min ago
 Main PID: 1297 (code=exited, status=0/SUCCESS)
   Memory: 0B
   CGroup: /system.slice/masq.service

aug 29 12:58:55 nathan.tolot.net systemd[1]: Starting masq, the Koozali SME Serv                            er firewall script...
aug 29 12:58:56 nathan.tolot.net masq[1297]: Enabling IP masquerading: done
aug 29 12:58:56 nathan.tolot.net systemd[1]: Started masq, the Koozali SME Serve                            r firewall script.

● httpd-e-smith.service - httpd-e-smith The Koozali SME Server Apache HTTP Servi                            ce
   Loaded: loaded (/usr/lib/systemd/system/httpd-e-smith.service; enabled; vendo                            r preset: enabled)
   Active: active (running) since zo 2021-08-29 12:59:00 CEST; 22min ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 1846 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/s                            ec"
   Memory: 8.6M
   CGroup: /system.slice/httpd-e-smith.service
           ├─1846 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─1861 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─1862 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─1863 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─1864 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─1865 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─1866 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─1867 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─1868 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─1869 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           └─1870 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND

aug 29 12:58:56 nathan.tolot.net systemd[1]: Starting httpd-e-smith The Koozali                             SME Server Apache HTTP Service...
aug 29 12:59:00 nathan.tolot.net systemd[1]: Started httpd-e-smith The Koozali S                            ME Server Apache HTTP Service.
4:

Code: [Select]

/sbin/e-smith/audittools/newrpms |grep ^smeserver
smeserver-awstats.noarch              1.4-3.el7.sme                 @smecontribs
smeserver-dhcp-dns.noarch             1.2.0-5.el7.sme               @smecontribs
smeserver-dhcpmanager.noarch          2.0.4-12.el7.sme              @smecontribs
smeserver-letsencrypt.noarch          0.5-17                        @smecontribs
smeserver-mod_dav.noarch              1.1-7.el7.sme                 @smecontribs
smeserver-phpmyadmin.noarch           4.0.10.2-11.el7.sme           @smecontribs
smeserver-webhosting.noarch           0.0.9-12.el7.sme              @smecontribs
5:

Code: [Select]

lspci |grep -i Eth
00:19.0 Ethernet controller: Intel Corporation 82566DM-2 Gigabit Network Connection (rev 02)
03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8169 PCI Gigabit Ethernet Controller (rev 10)

Other stuff I tried: Reset the modem and placed in bridge mode again (i keep trying to find someone at isp helpdesk that is smart enough to check if there is any firewall in the modem after I switch to bridge mode and cannot look myself). Switched local and public ethernetcards and cables (got me a new public ip adres (178.85.119.237) didn't work,so i switched back)

[Jean-Philippe Pialasse]

from what i see your SME is not getting any IP. 

i would check what was the setting from your previous SME. 

a tips when using command ifconfig you should see the external ip assigned on your external if.

another tip. usually when you reset you modem you also need to reboot the server. Some of them needs to have server already connected when rebooting it and won’t work if you change the device behind them after that. 

[rmoria]

It does get an IP, I am using the connection now.

Code: [Select]

ifconfig
enp0s25: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 213.93.205.219  netmask 255.255.255.0  broadcast 255.255.255.255
        ether 00:1e:4f:d0:d9:e1  txqueuelen 1000  (Ethernet)
        RX packets 1057158  bytes 1187269683 (1.1 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 505290  bytes 92757066 (88.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 21  memory 0xfe9e0000-fea00000

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.1  netmask 255.255.0.0  broadcast 10.0.255.255
        ether 3c:49:37:17:cd:8a  txqueuelen 1000  (Ethernet)
        RX packets 527039  bytes 93153031 (88.8 MiB)
        RX errors 0  dropped 2  overruns 0  frame 0
        TX packets 1042724  bytes 1180877850 (1.0 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 12201  bytes 1614893 (1.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 12201  bytes 1614893 (1.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[ReetP]

ExternalInterface=interface
 Name=enp3s0

enp3s0:
 inet 10.0.0.1

enp0s25:
 inet 213.93.205.219

Think you have your interfaces mixed up.

[rmoria]

Oh sorry, when I wrote that I had them switched to see if that would help. I now remade that.
(after changing in admin menu, internet (gateway) did not work. I had to do a signal-event postupgrade; signal-event reboot  after)

Now:

Code: [Select]

config show ExternalInterface
ExternalInterface=interface
    Configuration=DHCPEthernetAddress
    Driver=r8169
    Gateway=
    IPAddress=
    Name=enp3s0
    Netmask=255.255.255.0


Code: [Select]

ifconfig
enp0s25: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.1  netmask 255.255.0.0  broadcast 10.0.255.255
        ether 00:1e:4f:d0:d9:e1  txqueuelen 1000  (Ethernet)
        RX packets 7549  bytes 2010434 (1.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7855  bytes 4981371 (4.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 21  memory 0xfe9e0000-fea00000

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 178.85.119.237  netmask 255.255.255.0  broadcast 255.255.255.255
        ether 3c:49:37:17:cd:8a  txqueuelen 1000  (Ethernet)
        RX packets 8509  bytes 5163556 (4.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7201  bytes 1871775 (1.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 687  bytes 68256 (66.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 687  bytes 68256 (66.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
Tomorrow I will try to contact ISP and hope to get someone that actualy help me check my modem.