Google Answers: ports blocked on fresh 1&1 root server w/ Fedora Core 2 Linux & Plesk 7.5

View Question

Q: ports blocked on fresh 1&1 root server w/ Fedora Core 2 Linux & Plesk 7.5 ( No Answer, 0 Comments )

Question

Subject: ports blocked on fresh 1&1 root server w/ Fedora Core 2 Linux & Plesk 7.5
Category: Computers > Operating Systems
Asked by: alexlavr-ga
List Price: $80.00

Posted: 14 Jan 2005 11:57 PST
Expires: 17 Jan 2005 09:34 PST
Question ID: 457267

For some I cannot connect to ftp, pop, smtp, mysql -- all ports other than 80, ssl and ssh, from outside the network. I can connect only to "localhost " but cannot from outside. Here is an example trying to connect to ftp from my home pc : quote:C:\>telnet 217.160.249.13 21 Connecting To 217.160.249.13...Could not open connection to the host, on port 21 : Connect failed Same happens when I connect to ftp, mysql, anything other than ports 80, ssl, ssh. I can connect to mysql only when I set it top operate on port 80 (and stop httpd of course) Moreover, the root server does not connect to other servers. quote: [root@server root]# wget google.com --14:29:56-- http://google.com/ => `index.html' Resolving google.com... 216.239.57.99, 216.239.37.99, 216.239.39.99 Connecting to google.com[216.239.57.99]:80... *******delay Connecting to google.com[216.239.57.99]:80... failed: Connection timed out. I tried downloading from other servers, and using curl -- all failed. Even my php scripts cannot conenct to anywhere; or when I try to use apache as a proxy server, connecting to another server -- I get connection falures. I can connect to localhost only - wget localhost works fine.. My iptables are empty, plesk firewall setting allow everything.. Still all ports bloked. I used nmap to scan ports on the server - www, ssh, plesk - are the only open ports!! I just got the server from 1&1. They say that there's no external firewall so something must be with the server configuration. Please advise how I can fix it on my server. Thanks!
Clarification of Question by alexlavr-ga on 14 Jan 2005 12:12 PST The webserver works fine, mysql works when I connect from the server itself (connect to localhost).
Request for Question Clarification by legolas-ga on 14 Jan 2005 15:31 PST I somehow doubt from your description that it has anything to do with blocked ports. I believe it is something else.. Can you please post the results of the following commands? ifconfig route print more /etc/resolve.conf more /etc/hosts ping 204.50.1.2 and, one other thing.. can you make sure the wire that goes from the computer to the router/hub/switch is connected and you can see a light on both the computer and the device you plug the wire into that shows that it is connected? Can you try a second ethernet wire? Legolas-ga
Clarification of Question by alexlavr-ga on 14 Jan 2005 15:45 PST # ifconfig eth0 Link encap:Ethernet HWaddr 00:40:63:C7:EF:43 inet addr:217.160.249.13 Bcast:217.160.249.13 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:288850 errors:0 dropped:0 overruns:0 frame:0 TX packets:337647 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:42552895 (40.5 Mb) TX bytes:71062105 (67.7 Mb) Interrupt:23 Base address:0xe000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:16002 errors:0 dropped:0 overruns:0 frame:0 TX packets:16002 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4767312 (4.5 Mb) TX bytes:4767312 (4.5 Mb) # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.255.255.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 10.255.255.1 0.0.0.0 UG 0 0 0 eth0 # more /etc/resolv.conf ; generated by /sbin/dhclient-script search onlinehome-server.com nameserver 217.160.249.251 nameserver 195.20.224.99 nameserver 195.20.224.234 # more /etc/hosts 127.0.0.1 localhost.localdomain localhost 217.160.249.13 u15176770.onlinehome-server.com u15176770 217.160.249.13 default-domain.com # ping 204.50.1.2 PING 204.50.1.2 (204.50.1.2) 56(84) bytes of data. ***I STOP BECAUSE IT'S TAKING TOO LONG and its says: --- 204.50.1.2 ping statistics --- 10 packets transmitted, 0 received, 100% packet loss, time 8998ms The servers is in a remote location and I have only ssh and plesk access. I've been told that there is no firewall. There is a router that gives me my assigned ip addresses via dhcp. There is not problem with that. I know that the server is connected to the internet fine because the web server, apache, works fine (since port 80 in not being blocked).
Request for Question Clarification by legolas-ga on 14 Jan 2005 16:09 PST I'm not surprised you can get it, but, you wouldn't get out to anything given your config and lack of a default route. I can work with you to fix the problem, but, given the amount of work and the level of your familiarity with linux, I think a more fair fee would be in the $80-$100 range. However, if you simply want a push in the right direction with what needs to be fixed (i.e. your routing tables are broken, etc..), I can do it for the fee you offer. If you want step-by-step walkthroughs on how to correct the issue, it will take more of my time, and is really not quite in line with the Google Pricing policy. Thanks! Legolas-ga
Clarification of Question by alexlavr-ga on 14 Jan 2005 16:34 PST Alright, if you think you can fix it, e-mail me or im me. When you fix it, I'll pay with a tip that would amount a fair fee. email is alexlavr at gmail dot com yahoo id is sasha_2o2
Request for Question Clarification by legolas-ga on 14 Jan 2005 16:38 PST Sorry, I can't do that. Google Answers rules are that I can only communicate with you via this service. However, you should know that your satisfaction is guaranteed. But, I will only work on Google Answers. Sorry. If you are interested in a walk-through fix, please increase your fee. Or, just let me know you prefer a more terse (but probably just as informative if you are an experienced admin) description of the problem and the methods you need to use to fix it. Legolas-ga
Clarification of Question by alexlavr-ga on 14 Jan 2005 16:48 PST Alright, I changed the price and I dont have much experience with linux, so I need a walk-through fix. I will be at the computer mostly at after 12 a.m. EST.
Request for Question Clarification by legolas-ga on 14 Jan 2005 17:22 PST Do me a favor, copy/paste the output of: more /etc/sysconfig/static-routes more /etc/sysconfig/network-scripts/route-eth0 more /etc/sysconfig/network-scripts/ifcfg-eth0 Thanks!
Request for Question Clarification by legolas-ga on 14 Jan 2005 17:49 PST one other command I'd like the output from: iptables -L (Please ensure that it is a CAPITAL "L") thanks!
Clarification of Question by alexlavr-ga on 14 Jan 2005 17:49 PST [root@u15176770 root]# more /etc/sysconfig/static-routes /etc/sysconfig/static-routes: No such file or directory [root@u15176770 root]# more /etc/sysconfig/network-scripts/route-eth0 /etc/sysconfig/network-scripts/route-eth0: No such file or directory /etc/sysconfig/network-scripts/ifcfg-eth0 # VIA Technologies\|VT6102 [Rhine-II] DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes /etc/sysconfig/network-scripts/ifcfg-lo DEVICE=lo IPADDR=127.0.0.1 NETMASK=255.0.0.0 NETWORK=127.0.0.0 # If you're having problems with gated making 127.0.0.0/8 a martian, # you can change this to something else (255.255.255.255, for example) BROADCAST=127.255.255.255 ONBOOT=yes NAME=loopback
Clarification of Question by alexlavr-ga on 14 Jan 2005 17:51 PST [root@u15176770 root]# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN reject-with tcp-reset DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:8443 ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:smtps ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere tcp dpt:imap ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:poppassd ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ACCEPT tcp -- anywhere anywhere tcp dpt:postgres ACCEPT tcp -- anywhere anywhere tcp dpt:9008 ACCEPT tcp -- anywhere anywhere tcp dpt:9080 ACCEPT udp -- anywhere anywhere udp dpt:5000 ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT icmp -- anywhere anywhere icmp type 8 code 0 ACCEPT all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN reject-with tcp-reset DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN reject-with tcp-reset DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere ACCEPT all -- anywhere anywhere [root@u15176770 root]# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN reject-with tcp-reset DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:8443 ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:smtps ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere tcp dpt:imap ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:poppassd ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ACCEPT tcp -- anywhere anywhere tcp dpt:postgres ACCEPT tcp -- anywhere anywhere tcp dpt:9008 ACCEPT tcp -- anywhere anywhere tcp dpt:9080 ACCEPT udp -- anywhere anywhere udp dpt:5000 ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT icmp -- anywhere anywhere icmp type 8 code 0 ACCEPT all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN reject-with tcp-reset DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN reject-with tcp-reset DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere ACCEPT all -- anywhere anywhere Note: even with empty iptables, the problem was not solved before.
Request for Question Clarification by legolas-ga on 14 Jan 2005 17:55 PST a silly request, but... can you reboot the machine? shutdown -r now should do it :) once done, I'd like the output from: ifconfig route print iptables -L again... Thanks!
Clarification of Question by alexlavr-ga on 14 Jan 2005 18:04 PST ifconfig eth0 Link encap:Ethernet HWaddr 00:40:63:C7:EF:43 inet addr:217.160.249.13 Bcast:217.160.249.13 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:150 errors:0 dropped:0 overruns:0 frame:0 TX packets:206 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:21279 (20.7 Kb) TX bytes:20630 (20.1 Kb) Interrupt:23 Base address:0xe000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) [root@u15176770 root]# route print Usage: route [-nNvee] [-FC] [<AF>] List kernel routing tables route [-v] [-FC] {add\|del\|flush} ... Modify routing table for AF. route {-h\|--help} [<AF>] Detailed usage syntax for specified AF. route {-V\|--version} Display version/author and exit. -v, --verbose be verbose -n, --numeric don't resolve names -e, --extend display other/more information -F, --fib display Forwarding Information Base (default) -C, --cache display routing cache instead of FIB <AF>=Use '-A <af>' or '--<af>'; default: inet List of possible address families (which support routing): inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) x25 (CCITT X.25) [root@u15176770 root]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.255.255.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 10.255.255.1 0.0.0.0 UG 0 0 0 eth0 [root@u15176770 root]# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN reject-with tcp-reset DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:8443 ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:smtps ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere tcp dpt:imap ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:poppassd ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ACCEPT tcp -- anywhere anywhere tcp dpt:postgres ACCEPT tcp -- anywhere anywhere tcp dpt:9008 ACCEPT tcp -- anywhere anywhere tcp dpt:9080 ACCEPT udp -- anywhere anywhere udp dpt:5000 ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT icmp -- anywhere anywhere icmp type 8 code 0 ACCEPT all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN reject-with tcp-reset DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN reject-with tcp-reset DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere ACCEPT all -- anywhere anywhere Note: I have another server with the same hosting that works fine and has the same route -n: route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.255.255.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 10.255.255.1 0.0.0.0 UG 0 0 0 eth0
Request for Question Clarification by legolas-ga on 14 Jan 2005 18:11 PST Sorry.. route print is a windows command.. Typing too fast.. oops! On the machine that works, give me the output of: cat /etc/sysconfig/network-scripts/ifcfg-eth0 Anyways, try this command on the machine that doesn't work: /sbin/route add 127.0.0.0 gw 0.0.0.0 netmask 255.0.0.0 Getting there... Probably only a few more bits of info before the bug is discovered.. :)
Clarification of Question by alexlavr-ga on 14 Jan 2005 21:27 PST [root@machine_that_works root]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes [root@u15176770 root]# /sbin/route add 127.0.0.0 gw 0.0.0.0 netmask 255.0.0.0 route: netmask 00ffffff doesn't make sense with host route Usage: route [-nNvee] [-FC] [<AF>] List kernel routing tables route [-v] [-FC] {add\|del\|flush} ... Modify routing table for AF.....
Clarification of Question by alexlavr-ga on 15 Jan 2005 12:08 PST let me know if you give up:)
Request for Question Clarification by legolas-ga on 15 Jan 2005 22:54 PST Well, quite frankly your setup makes little or no sense to me--nor to a friend who I enlisted for advise who is a sysadmin at a large computer media company (which I won't name). Here's where I see errors: * Your route is really messed up. You have no default route that would make sense given the IP address you show in ifconfig * Your firewall default is (after much dissecting) set to DENY--which is ok I guess, but, might be an issue.. * Your netmask of 255.255.255.255 is an insane setting... It shouldn't work at all given that netmask. Based on the netmask alone, I can see you not having any networking available--by rights it doesn't even think your gateway is on its own network! I really think that barring any new information that you'll need to go back to 1&1 and ask them to fix it... They obviously have a unique setup for their servers... Sorry, Legolas-ga
Request for Question Clarification by legolas-ga on 16 Jan 2005 12:53 PST I just noticed... I never asked for you to do a 'ifconfig' on the working machine. Can you do that on the machine that is working and post the results? Thanks! Legolas-ga
Clarification of Question by alexlavr-ga on 16 Jan 2005 13:15 PST it has 2 IP's [root@server_that_works root]# ifconfig eth0 Link encap:Ethernet HWaddr 00:40:63:C8:3B:33 inet addr:217.160.248.222 Bcast:217.160.248.222 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:299812 errors:0 dropped:0 overruns:0 frame:0 TX packets:304169 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:139569681 (133.1 Mb) TX bytes:136501014 (130.1 Mb) Interrupt:23 Base address:0xe000 eth0:1 Link encap:Ethernet HWaddr 00:40:63:C8:3B:33 inet addr:217.160.247.180 Bcast:217.160.247.180 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:299812 errors:0 dropped:0 overruns:0 frame:0 TX packets:304170 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:139569681 (133.1 Mb) TX bytes:136501168 (130.1 Mb) Interrupt:23 Base address:0xe000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:50003 errors:0 dropped:0 overruns:0 frame:0 TX packets:50003 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4147001 (3.9 Mb) TX bytes:4147001 (3.9 Mb) May be the problem is with the 1&1 router...

Answer

There is no answer at this time.

Comments

There are no comments at this time.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.

Search Google Answers for

Google Home - Answers FAQ - Terms of Service - Privacy Policy