Server not responsive after a few seconds

testing
fail2ban

(Rob Bosch) #1

NethServer Version: 7.4
Module:
This afternoon I was confronted with a very odd situation. I rebooted my VPS server and after reboot the server was responding a few seconds, after 10 pings, the server doesn’t respond anymore: Not on pings, not trhough ssh nor webinterface…
Fortunately I can set up a VNC session (the VPS is running on proxmox) and I can access the terminal through that.
What should I do now to troubleshoot this?

I mainly use the server as mailserver (SOGo) with Samba4 AD account provider.
networking: eth0 is having an external IP addres (directly connected to internet)
eth1 is created through a dummy interface and is bridged so nsdc is installed using an IP on the green subnet.

I don’t know if it is related, but I did install nethserver-openvpn this afternoon. I removed that again through the terminal in the VNC session.

From the VNC terminal I can reach any IP address and webaddress through ping and nslookup, so networking looks like fine.

As soon as I stop shorewall, the webinterface is loading fine again. When I start shorewall, everything is blocked again. So it looks like shorewall is the culprit here.
any guidance appreciated…


Fail2ban needs to be tested
(Stéphane de Labrusse) #2

fail2ban-listban

check if your IP is not in recidive or another jail ?

fail2ban-unban <IP>


(Giacomo Sanchietti) #3

Also check /var/log/firewall.log, shorewall logs here all blocked packets.


(Rob Bosch) #4

Looks like I encountered the paower of getting myself locked out by fail2ban… I did a few attempts to connect with openvpn, and that triggered fail2ban to blacklist my IP.
Good to know fail2ban works as it should… :smiley:


(Rob Bosch) #5

Hmmz… still can’t conect. I unbanned my IP address and even restarted fail2ban service. When I do a fail2ban-listban my IP address is still shown… :face_with_raised_eyebrow:
fail2ban
One of these is my IP address. Why isn’t it removed from the list after the fail2ban-unban IP command?

Looks like the fail2ban-unban command is not propagated to shorewall?


(Stéphane de Labrusse) #6

what is the output of fail2ban-listban and fail2ban-unban

what is the fai2ban log output


(Stéphane de Labrusse) #7

Just tested on my server, it works as expected :-?


(Rob Bosch) #8

fail2ban-listban is the screenshot above. But in each specific jail my IP is not listed. Only in the list at the bottom of all banned IP.

When I issue fail2ban-unabn IP I see a list of remarks that the IP is not banned.


(Stéphane de Labrusse) #9

ok…I do not know what you did without proper log :smiley: i need messages and fail2bab log

shorewall allow <IP>

check if you have something in esmith database

db fail2ban show <IP>


(Rob Bosch) #10

The IP is still listed in DB as banned… :face_with_raised_eyebrow:
In the meantime my ISP decided to change my IP address (yeah in .be there is still no static IP’s) so the problem seems to have solved itself… :confused:


(Stéphane de Labrusse) #11

not for a dev, please send me by email your log files and the IP (even if I could retrieve it :°)


(Rob Bosch) #12

I will see what I can do…
I will get /var/log/messages , /var/log/shorewall/ and /var/log/fail2ban for you.


(Stéphane de Labrusse) #13

Yes, messages and fail2ban.

Tk


(Rob Bosch) #14

I sent you a private message with link to logfiles


(Stéphane de Labrusse) #15

Hi

I need some volunteers please, this bug should be tested before to be released https://github.com/NethServer/dev/issues/5503


(Markus Neuberger) #16

It works as expected :clap:

Stopped shorewall:

  • counter increases, warning is shown
  • key removed after manual unban

Started shorewall:

  • manual ban works without warning and log entry.
  • ip is listed/banned
  • unban works and key is deleted