Re: Mysterious problem driving me crazy! (network? apache? php? firewall?)


--
This is what you said Chris W. Parker
Hello,

I had a server fail on me recently (which is a story in itself... can't
figure out why it's failing...) and so now I'm in the process of
migrating my data (two websites from a backup) to a new server.

The old server was FC3 and the new server is CentOS 4.3.

Here is the problem stated very briefly: On the old server both websites
worked fine. On the new server only one website is working.

Now for some details:

* I've checked and rechecked /etc/httpd/conf/httpd.conf to make sure it
matches the original.
* I've checked and rechecked all my scripts in
/etc/sysconfig/network-scripts to match the originals.
* I've checked and rechedked the virtual host settings in
/etc/httpd/virt.d/ to match the originals.
* I've tried turning off iptables on the new server.
* I've tried turning off IPv6 (just a shot in the dark!).
* I've tried turning off SELinux too.
* I've also compared permissions between the two websites directories.

I'm using NAT and what seems to be happening is that swatgear.com WILL
NOT resolve to it's internal ip address of 10.0.0.3. I can't get a
successful ping/request from swatgear.com or 67.17.248.227. The only
time a ping works or I can get any kind of response is through 10.0.0.3.
And by the way, the site works fine if I add '10.0.0.3 swatgear.com' to
/etc/hosts. But of course that doesn't solve the problem for the outside
world.

First of all you might ask if someone has changed the configuration in
the hardware firewall, nope. No changes at all. You might also think
that iptables is getting in the way (see above). You might think that
the configurations are different (see above).

If I turn the old server on (which only stays up for about 5 minutes
before it kicks the bucket) both sites work perfectly. As soon as I shut
it off and turn on the new server only one of the sites will work while
the other (www.swatgear.com) does not.

I can't figure it out and I've been working on this ALL DAY so I'm
pleading with the community to help me figure it out.

What is driving me crazy is that one site works and the other does not.
So inspite my 100% confidence in there being absolutely no difference
between the configurations (of the parts that matter) of the two servers
I can only be led to believe that it is in fact a misconfiguration and
nothing else. Otherwise it just doesn't make sense.

Another thing I should mention is that apache's logs for the website
(that doesn't work) doesn't report anything! I mean, it appears that
apache is not even SEEING the request for the site (unless I request it
at 10.0.0.3). This says to me that it's something that precedes apache
that is getting in the way and not apache itself (i.e. a configuration
mistake).

Are you sure that there is not MAC Adresses filtering going on in the
firewall. You said that no changes were made in the firewall, but if you
changed NICs on the new server and had MAC addresses filterning on the
firewall that might cause the problem.

You appear to have connectivity (you are able to use site via internal
IP). I would also assume apache is correct since site is working. The
problem sounds just like you mentioned. A name request is not reaching
the server.

What do the firewall logs look like. Does the request even reach the
firewall.

How about a tcp packet capture. Outside of apache logs not seeing the
request, do you even see the traffic hitting the network interface on the
web server?

Hard to speculate without having access to the servers so I am just
throwing out some ideas.

Good Luck.

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages

  • Re: CEICW fails at firewall config
    ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
    (microsoft.public.windows.server.sbs)
  • Re: Recycler security issues on IIS server
    ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
    (microsoft.public.inetserver.iis.security)
  • [TOOL] Blowchunks - Protecting Existing Apache Servers Until Upgrades Arrive
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... a known vulnerable apache server until they can ... on HTTP "request" messages. ... Attached are a two versions of code to allow the server to intercept each ...
    (Securiteam)
  • [UNIX] Apache HTTP Server 413 Error Page XSS
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Apache HTTP Server 413 Error Page XSS ... Apache 2.X returns a '413 Request Entity Too Large' error, ...
    (Securiteam)
  • Re: ISA SERVER NOT STARTING
    ... I delete the nat/basic firewall and stop and started the RRAS an tried to ... There were no critical events in the DNS Server Log in the last 24 hours. ... An error occurred during logon ... Caller User Name: - ...
    (microsoft.public.windows.server.sbs)