Server not responsive after a few seconds

Bug
,
#1

NethServer Version: 7.4
Module:
This afternoon I was confronted with a very odd situation. I rebooted my VPS server and after reboot the server was responding a few seconds, after 10 pings, the server doesn’t respond anymore: Not on pings, not trhough ssh nor webinterface…
Fortunately I can set up a VNC session (the VPS is running on proxmox) and I can access the terminal through that.
What should I do now to troubleshoot this?

I mainly use the server as mailserver (SOGo) with Samba4 AD account provider.
networking: eth0 is having an external IP addres (directly connected to internet)
eth1 is created through a dummy interface and is bridged so nsdc is installed using an IP on the green subnet.

I don’t know if it is related, but I did install nethserver-openvpn this afternoon. I removed that again through the terminal in the VNC session.

From the VNC terminal I can reach any IP address and webaddress through ping and nslookup, so networking looks like fine.

As soon as I stop shorewall, the webinterface is loading fine again. When I start shorewall, everything is blocked again. So it looks like shorewall is the culprit here.
any guidance appreciated…

Fail2ban needs to be tested
#2

fail2ban-listban

check if your IP is not in recidive or another jail ?

fail2ban-unban <IP>

2 Likes
#3

Also check /var/log/firewall.log, shorewall logs here all blocked packets.

1 Like
#4

Looks like I encountered the paower of getting myself locked out by fail2ban… I did a few attempts to connect with openvpn, and that triggered fail2ban to blacklist my IP.
Good to know fail2ban works as it should… :smiley:

3 Likes
#5

Hmmz… still can’t conect. I unbanned my IP address and even restarted fail2ban service. When I do a fail2ban-listban my IP address is still shown… :face_with_raised_eyebrow:
fail2ban
One of these is my IP address. Why isn’t it removed from the list after the fail2ban-unban IP command?

Looks like the fail2ban-unban command is not propagated to shorewall?

#6

what is the output of fail2ban-listban and fail2ban-unban

what is the fai2ban log output

#7

Just tested on my server, it works as expected :-?

#8

fail2ban-listban is the screenshot above. But in each specific jail my IP is not listed. Only in the list at the bottom of all banned IP.

When I issue fail2ban-unabn IP I see a list of remarks that the IP is not banned.

#9

ok…I do not know what you did without proper log :smiley: i need messages and fail2bab log

shorewall allow <IP>

check if you have something in esmith database

db fail2ban show <IP>

#10

The IP is still listed in DB as banned… :face_with_raised_eyebrow:
In the meantime my ISP decided to change my IP address (yeah in .be there is still no static IP’s) so the problem seems to have solved itself… :confused:

#11

not for a dev, please send me by email your log files and the IP (even if I could retrieve it :°)

#12

I will see what I can do…
I will get /var/log/messages , /var/log/shorewall/ and /var/log/fail2ban for you.

#13

Yes, messages and fail2ban.

Tk

#14

I sent you a private message with link to logfiles

#15

Hi

I need some volunteers please, this bug should be tested before to be released https://github.com/NethServer/dev/issues/5503

1 Like
#16

It works as expected :clap:

Stopped shorewall:

  • counter increases, warning is shown
  • key removed after manual unban

Started shorewall:

  • manual ban works without warning and log entry.
  • ip is listed/banned
  • unban works and key is deleted
2 Likes