Changed Web Server Static IP, then ERR_CONNECTION_REFUSED

[JLAIP]

If I'm guessing correctly, your page involves <frameset> (which is also many years obsolete) and is trying to load the index page from somewhere else. That is where the error occurs. Look into that. Your server is being accessed just fine.

I appreciate the input, but that has nothing to do with the problem I'm having.

 

[drhowarddrfine]

JLAIP I think that the reported error in the browser developer tools, that it can't load the frame, has everything to do with the problem you're having.

 

[JLAIP]

check the ipfw list

In your rc.conf you have pf_enable which is for pf firewall and also ipfilter_enabled. So check your pf rules. You are not using IPFW but ipf (IPFilter)

Whichever firewalls we're running, which of the firewall config files include the server's static IPs?

 

[JLAIP]

JLAIP I think that the reported error in the browser developer tools, that it can't load the frame, has everything to do with the problem you're having.

What frame are you referring to?

 

[drhowarddrfine]

<html><head><title>JOHNLENNONPROJECT.COM</title><meta name="keywords" content=""></head><frameset rows="100%", *" border="0" frameborder="0"><frame src="http://triumphpc.com/john-lennon-project/" name="JOHNLENNONPROJECT.COM"></frameset></html>

 

[VladiBG]

use /etc/ipf.rules to edit the ipf set or use ipfstat -io to display the current input / output rules. When you are sure that the firewall is allowing the port80 traffic check the apache access log.

 

[JLAIP]

<html><head><title>JOHNLENNONPROJECT.COM</title><meta name="keywords" content=""></head><frameset rows="100%", *" border="0" frameborder="0"><frame src="http://triumphpc.com/john-lennon-project/" name="JOHNLENNONPROJECT.COM"></frameset></html>

The only code on the web server that's changed between the time it last worked and now (when it doesn't) is the IP address changes made to /etc/rc.conf. Why do you think the cause of the "ERR_CONNECTION_REFUSED" is a frameset?

 

[SirDice]

If firewalls are causing it I would expect to see a 'connection timed-out' error due to the firewall dropping the traffic. Connection refused means you are receiving a RST in response to a SYN. In other words, the port is closed. Traffic is most likely not being dropped by a firewall. There's simply nothing listening on that port.

 

[drhowarddrfine]

The only code on the web server that's changed between the time it last worked and now (when it doesn't) is the IP address changes made to /etc/rc.conf. Why do you think the cause of the "ERR_CONNECTION_REFUSED" is a frameset?

Because both Chromium and Firefox say, "triumphpc.com refused to connect." It's not the frame markup. It has to do with that server and not the john lennon one.

 

[jbodenmann]

If firewalls are causing it I would expect to see a 'connection timed-out' error due to the firewall dropping the traffic. Connection refused means you are receiving a RST in response to a SYN. In other words, the port is closed. Traffic is most likely not being dropped by a firewall. There's simply nothing listening on that port.

The picture showing the output of sockstat -4 -l posted by JLAIP earlier in this thread would suggest otherwise. Unless I am missing something there is clearly httpd listening on port 80 on all interfaces.
So unless this is some more advanced configuration with virtual networks, VMs/jails and whatnot I'd argue that we're tracking down the problem from the wrong side. This would align with what drhowarddrfine just posted.

JLAIP Is triumphpc.com served by the very same host? Or is this separate host somewhere "behind" this machine we're currently talking about?
I did notice different names showing up in the shell command input line in your pictures. However, I don't know whether that is just the currently logged in username. In case that is the hostname, I think you're not telling us the whole story here.

 

[VladiBG]

Also check if you are using virtualhost config in your httpd and if it's set to serve only the old ip address you need to change the ip address there too

For example:

<VirtualHost 192.168.1.170:80>
ServerName mydomain.com
DocumentRoot /var/www/html/mydomain.com/public_html
ErrorLog /var/www/html/mydomain.com/logs/error.log
CustomLog /var/www/html/cmydomain.com/logs/requests.log combined
Options +Includes
</VirtualHost>

You need to change it

<VirtualHost *:80>

OR

<VirtualHost New_IP_Address:80>

 

[JLAIP]

Also check if you are using virtualhost config in your httpd and if it's set to serve only the old ip address you need to change the ip address there too
For example:
You need to change it
OR

I don't know if the server's using virtualhost, but if the old static IP's in there, then that may be the problem.
I hate to ask, but can you give me an idea where to look for the file I'm looking for?

 

[VladiBG]

apache configuration should be in /usr/local/etc/apache...
apache logs goes into /var/log

edit:
did you check the firewall if port 80 is open on the new ip address?

 

[JLAIP]

JLAIP Is triumphpc.com served by the very same host? Or is this separate host somewhere "behind" this machine we're currently talking about?
I did notice different names showing up in the shell command input line in your pictures. However, I don't know whether that is just the currently logged in username. In case that is the hostname, I think you're not telling us the whole story here.

I'm telling you as much as I know. And, at this point, what I know isn't alot....which is why I came here.
Here's the physical layout: there are two servers—email and web. The email server has two NIC cards and is facing the modem/router. The web server has one NIC and is connected to one of the NICs in the email server.

While I've been posting here, I've also been on the phone with the ISP's tech, who just informed me that DHCP is ON in the modem/router. Shouldn't that be off?

 

[jbodenmann]

I hate to ask, but can you give me an idea where to look for the file I'm looking for?

You could do a system wide grep to find all files listing the old IP. Something along the lines of: grep -rnw / -e '84\.18\.59\.37'. Replace with your old IP accordingly.

While I've been posting here, I've also been on the phone with the ISP's tech, who just informed me that DHCP is ON in the modem/router. Shouldn't that be off?

I assume that this is referring to your router acting as a DHCP server for your local network which is usually fine as your clients might still rely on DHCP. There are exceptions of course but I'd not go down this road yet.

 

[JLAIP]

apache configuration should be in /usr/local/etc/apache...
apache logs goes into /var/log

edit:
did you check the firewall if port 80 is open on the new ip address?

Re the firewall: I haven't touched the firewall in ages. Our website has been working for 20+ years, so I have to presume that port 80s open.

I found /usr/local/apache1/conf/httpd.conf.

Is httpd.conf the file that was being referencing here...
"Also check if you are using virtualhost config in your httpd and if it's set to serve only the old ip address you need to change the ip address there too"

If so, I don't see any IPs in httpd.conf. Or is that not the correct file?

 

[VladiBG]

you need to check the firewall first. If it's allowing only the old_IP:80 to be accessed you need to check it . use ipfstat -io or check the /etc/ipf.rules

 

[JLAIP]

You could do a system wide grep to find all files listing the old IP. Something along the lines of: grep -rnw / -e '84\.18\.59\.37'. Replace with your old IP accordingly.


I assume that this is referring to your router acting as a DHCP server for your local network which is usually fine as your clients might still rely on DHCP. There are exceptions of course but I'd not go down this road yet.

Re DHCP and the router: I've got static IPs configured in /etc/rc.conf, so what is the router's DHCP supposed to be auto-configuring?

Re grep: I'm not sure what this is telling me?

 

[JLAIP]

you need to check the firewall first. If it's allowing only the old_IP:80 to be accessed you need to check it . use ipfstat -io or check the /etc/ipf.rules

What am I checking for in /etc/ipf.rules? But, again, how could the firewall suddenly block web traffic when the only changes have been to /etc/rc.conf?

 

[SirDice]

Our website has been working for 20+ years, so I have to presume that port 80s open.

Yes, but you haven't changed the IP address in all those years either. When dealing with problems, never assume anything. Check, double-check and verify. Go through everything logically and methodically. Check every step of the way. Just randomly checking some things while assuming something else is correct is a good way to overlook the blindingly obvious.

But, again, how could the firewall suddenly block web traffic when the only changes have been to /etc/rc.conf?

If the firewall is specifically configured to only allow the 'old' IP address (thus blocking traffic to the 'new' IP). Changing the IP address in rc.conf means you're going to need to change the IP everywhere it has been used. And there are many places where this IP address could have been set or stored.

 

[jbodenmann]

If so, I don't see any IPs in httpd.conf. Or is that not the correct file?

I don't think that your Apache VirtualHost configuration is the problem as previously shown output of sockstat shows that the Apache HTTP server is listening on all interfaces/IPs on your host.

I feel like we're repeating a lot of stuff here that was already mentioned in the first couple of posts on this topic.

 

[covacat]

if your router forwards port 80 to your server and your server has a RFC1918 (192.168.x.x,10.x.x.x.,172.16.x.x)fixed address
then it's probably not your firewall but router's nat rules may have been lost
if your server has a routable ip and is configured on one interface then the isp's modem/router is in bridge mode and they are blocking you from the head office (this happens for residential/home type contracts ) not the device itself (or your firewall is blocking the connections)

 

[JLAIP]

Yes, but you haven't changed the IP address in all those years either. When dealing with problems, never assume anything. Check, double-check and verify. Go through everything logically and methodically. Check every step of the way. Just randomly checking some things while assuming something else is correct is a good way to overlook the blindingly obvious.

It's for that reason that I'm hesitant to muck around with anything other than the one file I changed on both servers: /etc/rc.conf.
If the modem's not the bottleneck, I kind of think there's got to be another config file(s) that contains the old IP. I checked /etc/ipf.rules, but the old IP isn't in there....and I haven't touched it between the time the server was working early this week (with the old modem/IP) and now (with the new modem/IP).

 

[JLAIP]

I don't think that your Apache VirtualHost configuration is the problem as previously shown output of sockstat shows that the Apache HTTP server is listening on all interfaces/IPs on your host.
I feel like we're repeating a lot of stuff here that was already mentioned in the first couple of posts on this topic.

Yes.

 

[SirDice]

Fire up tcpdump(1) (use a filter or else you might get swamped with unrelated information) on the server. Open the website on your browser. Do you see the connection actually coming in? Is there a response?