BlueNoteWeb
Verified User
Forgive me if I ramble, I'm running on too much coffee and not enough sleep. I spent several late-night hours last night fueled by absurd amounts of caffiene fixing this problem, I hope someone can help me out here.
I decided last night it was time to install a firewall on my server. I tried ShoreWall but it did nothing but confuse me, so I erased it. I then installed KISS firewall, and it seemed to work well. I added my server IPs to the list, opened port 2222 for DA, everything was peachy...until I tried to load a site with a dedicated IP. Nothing off of the main server IP would load. I turned OFF the KISS firewall, and had the same problem. My extra IPs were not found. DA showed them, and showed which sites were assigned to them, no problem. None of them were accessible to ping or over the web.
Somewhere in all this (it's hard to remember, I've slept since then but not much) DA refused to start on reboot or from the command line. I got "vpexec permission denied" errors. I looked through the init script, found where it was pointing and discovered the init script was looking in the wrong place. The init script wanted:
/usr/local/directadmin/directadmin -d
However, the binary is actually located here:
/usr/local/directadmin/directadmin/directadmin
This seems very strange and I have no clue how it happened. I rebooted this server a few weeks ago after upgrading to CentOS from RH9 and had no problems with services not starting when they were supposed to.
Anywho, I updated the init script to look in the right place and DA started fine.
So back to the missing IPs. I tried ifconfig to see what was there and saw only my main IP. I decided that was definitely a problem. Looking in DirectAdmin I saw the IPs listed, but they were not on the interface and not accessible. Something was disconnected there. I tried deleting one of the IP addresses and it went away fine, when I went to add it back in I got an error about the ipadd script not being found - it was looking in the wrong directory, same problem as above. Maybe the binaries are in the wrong directory, who knows. So I run the addip script from the command line, and glory be that IP is now accessible. I add the IP back to the reseller, and back to the client, and the client's website is up.
So great, this will work, right? I delete the other IPs, then I go to add them, skipping straight to the command line where I know it works. No good. I eventualy figured out that I needed to first try to add it through DA (even though I knew full well it would die with a file not found error) then add it from the command line (lather, rinse, repeat for each IP).
So now everything is back up and running. All sites are back on their proper IPs and accessible from the web and ping. However, my firewall is still turned off.
Questions:
-Does the DA IP address setup use IPTables? Is KISS overwriting these settings? What are these settings, so that I can add them in? I saw a DA-specific version of KISS offered in the forums but none of the download links in that thread were functional.
If KISS didn't nuke my IPs, what did?
Why would my directadmin binaries be another directory lower than expected? Should I move these files back to where the software is looking for them?
Any other advice to be had? I want this firewall running, but I have several sites on dedicated IPs (online stores running their own secure certificates) that have to be accessible.
Again, my apologies for rambling. I'm going to try to get some sleep now so I can type more coherently later today.
I decided last night it was time to install a firewall on my server. I tried ShoreWall but it did nothing but confuse me, so I erased it. I then installed KISS firewall, and it seemed to work well. I added my server IPs to the list, opened port 2222 for DA, everything was peachy...until I tried to load a site with a dedicated IP. Nothing off of the main server IP would load. I turned OFF the KISS firewall, and had the same problem. My extra IPs were not found. DA showed them, and showed which sites were assigned to them, no problem. None of them were accessible to ping or over the web.
Somewhere in all this (it's hard to remember, I've slept since then but not much) DA refused to start on reboot or from the command line. I got "vpexec permission denied" errors. I looked through the init script, found where it was pointing and discovered the init script was looking in the wrong place. The init script wanted:
/usr/local/directadmin/directadmin -d
However, the binary is actually located here:
/usr/local/directadmin/directadmin/directadmin
This seems very strange and I have no clue how it happened. I rebooted this server a few weeks ago after upgrading to CentOS from RH9 and had no problems with services not starting when they were supposed to.
Anywho, I updated the init script to look in the right place and DA started fine.
So back to the missing IPs. I tried ifconfig to see what was there and saw only my main IP. I decided that was definitely a problem. Looking in DirectAdmin I saw the IPs listed, but they were not on the interface and not accessible. Something was disconnected there. I tried deleting one of the IP addresses and it went away fine, when I went to add it back in I got an error about the ipadd script not being found - it was looking in the wrong directory, same problem as above. Maybe the binaries are in the wrong directory, who knows. So I run the addip script from the command line, and glory be that IP is now accessible. I add the IP back to the reseller, and back to the client, and the client's website is up.
So great, this will work, right? I delete the other IPs, then I go to add them, skipping straight to the command line where I know it works. No good. I eventualy figured out that I needed to first try to add it through DA (even though I knew full well it would die with a file not found error) then add it from the command line (lather, rinse, repeat for each IP).
So now everything is back up and running. All sites are back on their proper IPs and accessible from the web and ping. However, my firewall is still turned off.
Questions:
-Does the DA IP address setup use IPTables? Is KISS overwriting these settings? What are these settings, so that I can add them in? I saw a DA-specific version of KISS offered in the forums but none of the download links in that thread were functional.
If KISS didn't nuke my IPs, what did?
Why would my directadmin binaries be another directory lower than expected? Should I move these files back to where the software is looking for them?
Any other advice to be had? I want this firewall running, but I have several sites on dedicated IPs (online stores running their own secure certificates) that have to be accessible.
Again, my apologies for rambling. I'm going to try to get some sleep now so I can type more coherently later today.
