J-F_Balam
(Jean-François Balam)
July 6, 2017, 8:23pm
1
Hye!
I use Proxmox container to install nethserver on centos7
I installed centos 7 then installed nethserver 7 following the procedure of doc. No installation error, but when I want to access nethserver via the web interface https: // * monip *: 980 /, it loads a long time then I have the following message: This site is inaccessible
No error in the log file /var/log/nethser-install.log
Can someone advise me?
giacomo
(Giacomo Sanchietti)
July 7, 2017, 7:13am
2
Check if the httpd daemon is running:
systemctl status httpd-admin
If the daemon is running, check the firewall configuration of both Proxmox and the VM itself.
The output of this commands can help:
db networks show
iptables -nvL
1 Like
Have you checked the network settings in Proxmox? The bridge you assigned to NS7 must also be reachable from the computer with the one you want to access. What is the IP of NS7 and how that of the access computer? Are both in the same subnet? If not, is a route set? Please check first.
2 Likes
J-F_Balam
(Jean-François Balam)
July 8, 2017, 8:29pm
4
the daemon is running, the firewall is not active.
ns7 can’t ping to google :s
Ruaraidh
(Gabor)
July 9, 2017, 10:38am
5
If you are runnig ifconfig, do you see an ip address starting with 169…, or a valid configuration?
How many hops do you get when trying traceroute google.com ?
Are you able to ping the server ip address from another machine? If no, then running a traceroute from that pc, how many hops do you get?
Another important tip to check is here:
Account provider refused connection - #13 by davidep
You might also want to check your server hardware: I happen to have a ProLiant DL360 G7 where i originally had proxmox running. Since NS7 needs NIC passthrough, this wont work with my hardware due to bios limitation. Hope your hardware does not have those.
Did you had time to run these?
jfernandez
(Juan Carlos Fernandez)
January 24, 2018, 4:41pm
6
It happens the same to me
iptables -nvL
shows a lot of work done by the nethserver-install
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3 336 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
3061 491K Reject all -- * * 0.0.0.0/0 0.0.0.0/0
76 5544 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:"
76 5544 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 ppp+_fwd all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3 336 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
79 6244 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
44 4844 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix "Shorewall:OUTPUT:REJECT:"
44 4844 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain Broadcast (1 references)
pkts bytes target prot opt in out source destination
2958 485K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
27 880 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST
Chain Reject (3 references)
pkts bytes target prot opt in out source destination
3140 498K all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11 /* Needed ICMP types */
3140 498K Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* UPnP */
35 1400 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 /* Late DNS Replies */
Chain dynamic (1 references)
pkts bytes target prot opt in out source destination
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix "Shorewall:logdrop:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix "Shorewall:logreject:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ppp+_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * ppp+ 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,ESTABLISHED,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (8 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
35 2100 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
85 8288 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain sfilter (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix "Shorewall:sfilter:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain sha-lh-2c78009ffb6fd28eae84 (0 references)
pkts bytes target prot opt in out source destination
Chain sha-rh-22e07216cba0e75700c6 (0 references)
pkts bytes target prot opt in out source destination
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain tcpflags (1 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x05/0x05
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x19/0x09
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp spt:0 flags:0x17/0x02
I saved to iptable configurations and did a full flush using root
# iptables -P INPUT ACCEPT
# iptables -P FORWARD ACCEPT
# iptables -P OUTPUT ACCEPT
# iptables -t nat -F
# iptables -t mangle -F
# iptables -F
# iptables -X
And I was able to login Now, what can I do to login using the iptables rules
Zaman
(Blaha blha)
October 2, 2019, 8:29am
7
Hello,
Thanks
after left my server installed apps when i back was :980 no accessible ,and check httpd-admin was stopped and start it every thing back to work.
the Q way this happen and even try to restart server but was the same?
Best Regards
mrmarkuz
(Markus Neuberger)
October 6, 2019, 8:08pm
8
Hi @Zaman ,
welcome to the Nethserver Community!
It seems like the httpd-admin service is not enabled.
To check:
systemctl status httpd-admin -l
To enable it:
systemctl enable httpd-admin