Not able to connect to port 80 (website) but can connect to port 2222

Status
Not open for further replies.

mart_nl

Verified User
Joined
May 31, 2012
Messages
48
Location
The Netherlands
Hi,

This is something strange that bugs me for a while now. I have a customer that simply cannot connect to his website hosted on FreeBSD 9.x / DirectAdmin (on port 80, surfing with any browser).

I've setup IPFW / Brute Force Monitor but his ip is not listed (in the DirectAdmin controlpanel BFM). Further more, he can easily reach his DA Controlpanel when connecting to DirectAdmin on port 2222.

He can also mail any particular mail address hosted on this server.

Yet he cannot reach any of the sites hosted on this server.

He can reach without problem the ISP the ip-address of the VPS server belongs to.

If he disconnects from his router, and connects directly to his modem his ISP serves him a different ip-address in another range (still belonging to this ISP) and he can serve all sites A-ok no problems.

Before going technical about router misconfigurations and ISP's blocking something I just want to know:

Is it possible IPFW or DirectAdmin somehow is blocking access to port 80 to some ip address or ip address range, if yes, where to look ?

And, yes indeed, no other customer experiences such problem "it's just him".

Thanks,
Martin
 
Hello,

By default neither directadmin nor apache is blocking any IP. You might need to run tcpdump. What if he tries to connect to 443 port?

By the way, what error does he get? Is there anything in apache logs? Is there any blocks in .htaccess file of the site? Or something in PHP scripts?
 
Hello,

By default neither directadmin nor apache is blocking any IP. You might need to run tcpdump. What if he tries to connect to 443 port?

By the way, what error does he get? Is there anything in apache logs? Is there any blocks in .htaccess file of the site? Or something in PHP scripts?

Thank you for taking time to answer.

First:
.htaccess and php scripts can be ruled out. This problem comes and goes it seems and we haven't ever changed php scripts or .htaccess for this site (and it's a straight forward Joomla 2.5 site).

The Chrome error is "Oops! Google Chrome cannot connect to ...."
IE "The page cannot be displayed"

I've asked the customer to connect to the website with all kinds of browsers. The results are all the same, as mentioned connection errors in the browser.

The odd part is, when I check domain.com.error.log it's empty.

When I check var/log/httpd/error_log it shows:
[error] [client x.x.x.x] File does not exist: /var/www/html/400.shtml

(this was his attempt to reach port 443 for this domain).

This means, he got through for port 443. But his attempt for the 'normal' site (port 80) resulted (basically) in no trace at all in my logs.

I've also tried the normal log for this domain, all empty.

After his attempt, I started browsing the site and the normal logs started to fill up, basically saying he was not there at all.

access_log showing no trace or problem also.

This topic should not be seen as "how to fix this problem" perse... More to determine (by all facts available at this time) is this a server problem, is DirectAdmin or Apache or IPFW blocking something.

Where to look for in log files (which log files) to determine that.

From what I can judge at seeing the error log and access logs from Apache and his own domain it's fair to say the server is not blocking him ...

However why do I see presence of him in error logs when he visits port 443 and not when he visits port 80 on this server for this domain.

Quite odd.

Still puzzled :)

Even more when I tell you this customer is using a cable company. When he uses his normal setup (connected to his wireless router behind his cable modem) he cannot reach the site. When he connects his laptop to the modem directly he receives another ip-address (same range and ownership of the cable ISP) and can connect to the website perfectly.

You would say, dump the router, buy a new one. However, someone living on the block with him has about the same configuration and same ISP experiencing the same problems. ISP claims it's not blocking my server, my ISP for the hosting claims they are not blocking theirs.

Thanks,
Martin
 
Some weeks ago I faced a very unusual issue with accessing a single page on one of my site from my home. I've spend an hour or so, reading logs and tcpdump`ing the packages. All other pages I could access without a single problem, but that one page was not accessible, and nothing in logs. But if I connected via a VPN, then I could access the page without an issue. Isn't anyhow similar to the issue you describe?

At home I use a weired Zyxel router, and my issue was caused by the fact, that the single page had a part of a word, which was blacklisted on filter page of the router. So I removed the word from the filter and I opened the page.

So, maybe it's the router that blocks the IP of the site? Or anyhow else? What if to disable HTTP filtering on the router? Or parent control, or other blacklists?
 
Some weeks ago I faced a very unusual issue with accessing a single page on one of my site from my home. I've spend an hour or so, reading logs and tcpdump`ing the packages. All other pages I could access without a single problem, but that one page was not accessible, and nothing in logs. But if I connected via a VPN, then I could access the page without an issue. Isn't anyhow similar to the issue you describe?

At home I use a weired Zyxel router, and my issue was caused by the fact, that the single page had a part of a word, which was blacklisted on filter page of the router. So I removed the word from the filter and I opened the page.

So, maybe it's the router that blocks the IP of the site? Or anyhow else? What if to disable HTTP filtering on the router? Or parent control, or other blacklists?

Would this case be different if I tell you he cannot access *any* of the websites I host on this server for my clients ? I've given him a dozen of websites to try, all hosted on the same ip-address and he can't access either one.
 
If you have nothing in logs of apache and ipfw (and other), then I with some certainty may say, his requests do not reach your server. So his router might be filtering connections to *:80 and somehow your IP might be blocked by the router. If for any reason your IP has ever been blocked by any public SPAM lists in Internet, and his router is using any of those lists, that might be the reason.
 
If you have nothing in logs of apache and ipfw (and other), then I with some certainty may say, his requests do not reach your server. So his router might be filtering connections to *:80 and somehow your IP might be blocked by the router. If for any reason your IP has ever been blocked by any public SPAM lists in Internet, and his router is using any of those lists, that might be the reason.

The problem is resolved (for this moment). I've remotely entered his router configuration and gave the router a new MAC address. After that the client received a new ip address from his provider resolving all issues instantly (as expected of course).

I've talked to someone suggesting to look if DirectAdmin uses any (MySQL) database to log ip-address that are somehow blocked.

Is there any way to check if this could be the case ?

Thanks,
Martin
 
By default (without any 3rd party addons and plugins) directadmin by itself does not block any IP. More to say Brute Force Monitor (built-in directadmin) does not block any attackers unless you manually create necessary scripts to perform the blocking. And no, directadmin does not use any MySQL database to log anything, and does not store any information in MySQL either. It's used only by webmails, which are installed together with directadmin.
 
By default (without any 3rd party addons and plugins) directadmin by itself does not block any IP. More to say Brute Force Monitor (built-in directadmin) does not block any attackers unless you manually create necessary scripts to perform the blocking. And no, directadmin does not use any MySQL database to log anything, and does not store any information in MySQL either. It's used only by webmails, which are installed together with directadmin.

I've not installed 3rd party addons. However, I did setup Brute Force Monitor according to this howto:
http://www.directadmin.com/forum/showthread.php?t=42202&page=1

Thanks,
Martin
 
And I guess there is no his IP in the output:

Code:
/sbin/ipfw table 10 list

right?
 
And I guess there is no his IP in the output:

Code:
/sbin/ipfw table 10 list

right?

Right...

Code:
# /sbin/ipfw table 10 list
127.0.0.2/32 0

So .. DirectAdmin won't block his ip address and BFM is empty. IPFW is not blocking him and the ISP responsible for the network my server is in claims they are not blocking. His own ISP also say they are not blocking my server ip ...

And by changing his MAC address and renewing his ISP ip number it's working again so his ISP is indeed not blocking my server.

Since he can reach DirectAdmin at port 2222 changes are my ISP for the server network is not blocking either.

And after trying traces and other stuff I can safely say it's not a DNS thing and everything resolves fine.

Funny isn't it ?
 
For anyone viewing this having the same problem; The problem was not DirectAdmin related. In fact, IPFW blocked the ip actively. Solution lies in tweaking ipfw.rules to allow for more simultaneous connections on port 80 from any particular ip.

Als ipfw -d list shows it's dynamic build rules leading to the solution of this problem. It showed the ip begin blocked on port 80.
 
Status
Not open for further replies.
Back
Top