Weird connectivity problems on Centos7 / DirectAdmin

sjaakfaal

Verified User
Joined
Feb 14, 2010
Messages
41
Hi,

I have a VPS with weird problems. Its a 2GB 1 core VPS from Transip with Centos7 and DirectAdmin pre-intstalled. On delivery; all was working fine.

No problems with:
- HTTP(S): i can get and post to Apache;
- SSH: i login (im using auth. keys to login);
- Directadmin in general;

Sometimes i have problems with updating:
- for example when i try to update custombuild; i says it cannot find custombuild.eu. When i try a second time it works;
- yum update; cannot find mirror .. trying another mirror .. and so on and so on ... eventually it works;
- command line "curl example.com" nothing happens for minute or so. When i try i again i see HTML source code of example;
- exim outbound (smtp): mails are queued or sent directly when i use PHP / PHPMailer;

Permanent problems with:
- exim inbound: i cannot receive emails. A few weeks ago; i could. When i email from Gmail to my server the email is always returned with error:
Delivery Status Notification (Failure) --> an in Dutch "message seems blocked" --> 550 Administrative prohibition.
Exim and rejectlog:
2020-02-09 09:37:50 H=mail-ot1-f41.google.com [209.85.210.41] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no rejected MAIL <[email protected]>
- sending out with for example Roundcube gives error always:
SMTP Error (550): Failed to set sender "[email protected]" (Administrative prohibition).

- yum-cron: /etc/cron.hourly/0yum-hourly.cron:
Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=x86_64&infra=stock&content=centos error was
14: curl#35 - "Peer reports it experienced an internal error."
This all worked before.

I the past i installed fail2ban (disabled); CSF for DA (uninstalled). I also disabled NetworkManager.

There are no errors in /var/log/messages or exim log. I disabled all virtual hosts (4 others) in DirectAdmin except the one i use for testing.

Any help or suggestions would be very appreciated.
Many thanks.
 
Last edited:
Could it be your DNS sets? I also used transip but did an static config of my networkset including dnsservers of google (8.8.8.8 / 8.8.4.4).
 
I changed the dnsservers (/etc/resolv.conf) tried 1.1.1.1, 8.8.8.8, 8.8.4.4 but no difference.
@ikkeben no it is a real transip VPS.
 
And if you shutdown the firewall?
Code:
systemctl stop firewalld

What happens if you ping the box and ping from the box (dig for example)?
 
Code:
Warning: firewalld.service changed on disk. Run 'systemctl daemon-reload' to reload units.

First time curl example.com shows code; second time:

Code:
[root@ronald exim]# curl example.com
[root@ronald exim]#

Noting happens. Same problem.

Dig:


Code:
[root@ronald exim]# dig example.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26288
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com.            IN    A

;; ANSWER SECTION:
example.com.        65180    IN    A    93.184.216.34

;; AUTHORITY SECTION:
example.com.        65180    IN    NS    a.iana-servers.net.
example.com.        65180    IN    NS    b.iana-servers.net.

;; Query time: 1 msec
;; SERVER: 2a01:7c8:7000:195:0:8:195:8#53(2a01:7c8:7000:195:0:8:195:8)
;; WHEN: Mon Feb 10 14:18:41 CET 2020
;; MSG SIZE  rcvd: 104

Dig & ping no problems. Dig is sometimes a little slower.
 
Well that leaves your resolving issues with yum and curl. Hope you can fix those too.

You could try do to a "yum clean all", however, this would again not fix curl issues.
 
It seems it is a IPV6 problem. Ping to a IPV6 address fails most of the times, IPV4 goes well
 
The "I" here was ment generally. I was responding to you that you could disable it if you did not need it.
I know how to do it. :)

resolving a domainname based on IPV6 should be a standard procedure in a OS
On a OS maybe in the near future. I wouldn't know why on a shared server system. ;)
Heb die ongein zelfs in Windows 10 uitgeschakeld.
 
I've edited:
- /usr/lib/sysctl.d//usr/lib/sysctl.d/
- executed: sysctl -p
- disabled ipv6 hosts in resolv.conf and added:

nameserver 1.1.1.1
nameserver 8.8.8.8
nameserver 8.8.4.4

- executed: sudo systemctl restart network

Server runs like a battleship!
 
It's missing something. And I did not use /usr/lib/sysctl.d but /etc/sysctl.conf which is the recommended method.
I rather use the official guide:
which has some additional notes. You might have a look at it if you're interested.

But good to see things are fixed now.
 
Back
Top