Server not responsive after a few seconds

robb · 2018-05-18 19:59:27 UTC

NethServer Version: 7.4
Module:
This afternoon I was confronted with a very odd situation. I rebooted my VPS server and after reboot the server was responding a few seconds, after 10 pings, the server doesn’t respond anymore: Not on pings, not trhough ssh nor webinterface…
Fortunately I can set up a VNC session (the VPS is running on proxmox) and I can access the terminal through that.
What should I do now to troubleshoot this?

I mainly use the server as mailserver (SOGo) with Samba4 AD account provider.
networking: eth0 is having an external IP addres (directly connected to internet)
eth1 is created through a dummy interface and is bridged so nsdc is installed using an IP on the green subnet.

I don’t know if it is related, but I did install nethserver-openvpn this afternoon. I removed that again through the terminal in the VNC session.

From the VNC terminal I can reach any IP address and webaddress through ping and nslookup, so networking looks like fine.

As soon as I stop shorewall, the webinterface is loading fine again. When I start shorewall, everything is blocked again. So it looks like shorewall is the culprit here.
any guidance appreciated…

stephdl · 2018-05-19 07:13:39 UTC

fail2ban-listban

check if your IP is not in recidive or another jail ?

fail2ban-unban <IP>

giacomo · 2018-05-19 09:07:26 UTC

Also check /var/log/firewall.log, shorewall logs here all blocked packets.

robb · 2018-05-19 10:35:37 UTC

Looks like I encountered the paower of getting myself locked out by fail2ban… I did a few attempts to connect with openvpn, and that triggered fail2ban to blacklist my IP.
Good to know fail2ban works as it should…

robb · 2018-05-19 10:57:47 UTC

Hmmz… still can’t conect. I unbanned my IP address and even restarted fail2ban service. When I do a fail2ban-listban my IP address is still shown…

One of these is my IP address. Why isn’t it removed from the list after the fail2ban-unban IP command?

Looks like the fail2ban-unban command is not propagated to shorewall?

stephdl · 2018-05-19 11:18:06 UTC

what is the output of fail2ban-listban and fail2ban-unban

what is the fai2ban log output

stephdl · 2018-05-19 11:27:50 UTC

Just tested on my server, it works as expected :-?

robb · 2018-05-19 11:28:42 UTC

fail2ban-listban is the screenshot above. But in each specific jail my IP is not listed. Only in the list at the bottom of all banned IP.

When I issue fail2ban-unabn IP I see a list of remarks that the IP is not banned.

stephdl · 2018-05-19 11:31:06 UTC

ok…I do not know what you did without proper log i need messages and fail2bab log

shorewall allow <IP>

check if you have something in esmith database

db fail2ban show <IP>

robb · 2018-05-19 13:05:15 UTC

The IP is still listed in DB as banned…
In the meantime my ISP decided to change my IP address (yeah in .be there is still no static IP’s) so the problem seems to have solved itself…

stephdl · 2018-05-19 15:00:10 UTC

not for a dev, please send me by email your log files and the IP (even if I could retrieve it :°)

robb · 2018-05-19 18:10:14 UTC

I will see what I can do…
I will get /var/log/messages , /var/log/shorewall/ and /var/log/fail2ban for you.

stephdl · 2018-05-19 18:22:54 UTC

Yes, messages and fail2ban.

Tk

robb · 2018-05-19 19:23:00 UTC

I sent you a private message with link to logfiles

stephdl · 2018-05-24 19:23:54 UTC

Hi

I need some volunteers please, this bug should be tested before to be released https://github.com/NethServer/dev/issues/5503

mrmarkuz · 2018-05-24 20:51:33 UTC

It works as expected

Stopped shorewall:

counter increases, warning is shown
key removed after manual unban

Started shorewall:

manual ban works without warning and log entry.
ip is listed/banned
unban works and key is deleted