Changed Web Server Static IP, then ERR_CONNECTION_REFUSED

When you ping yahoo.com and get cannot resolve means that you don't have access to the working DNS server. When you change the IPS usually you need to change the DNS servers because the old ISP limits they DNS only to they clients unless you are using some public DNS server as google's 8.8.8.8

So check if you have ping to the public DNS server by using ping 8.8.8.8
If you don't have ping to it then check if you have ping to your default gateway (router).

What am I checking for in /etc/ipf.rules?
You check if you have your open port 80 only for your old ip address. If you see your old ip address there you need to change it.
 
OP
JLAIP
The tech from the ISP wants to know if I want the modem to forward port 80 to an [internal?] IP on the web server?
My understanding was that ALL ports on the modem are supposed to be open, and I'm not sure what to tell him or what IP on the server to forward to??
 
OP
JLAIP
When you ping yahoo.com and get cannot resolve means that you don't have access to the working DNS server. When you change the IPS usually you need to change the DNS servers because the old ISP limits they DNS only to they clients unless you are using some public DNS server as google's 8.8.8.8

So check if you have ping to the public DNS server by using ping 8.8.8.8
If you don't have ping to it then check if you have ping to your default gateway (router).


You check if you have your open port 80 only for your old ip address. If you see your old ip address there you need to change it.
ping 8.8.8.8 = no go ... 100% packet loss.

In addition to trying as many of the suggestions here, I'm also working with the ISP's tech, who's making other suggestions. I was confused already...and I haven't slept in 36 hours... So, now I'm getting host name lookup failure when attempting to ping yahoo.com from the web server. It WAS working a couple hours ago, but the ISP's tech had me make some /etc/rc.conf changes and in my haste running back and forth I forgot to make a copy of the original /etc/rc.conf. Fortunately, I'm only changing three lines and I know which they are, but I've no idea which one(s) broke the DNS connection. Ugh..
 
The tech from the ISP wants to know if I want the modem to forward port 80 to an [internal?] IP on the web server?
Yes, that is definitely what you want. You want your ISP modem/router to forward port 80 to the internal/local IP of your (web)server.

Okay, but what do you mean by "use a filter"??
See the man page of tcpdump(1). It supports filter expressions so you can filter for port 80 and your server's interface/IP address to prevent being blasted by ALL the traffic on that network interface.
 

SirDice

Administrator
Staff member
Administrator
Moderator
Okay, but what do you mean by "use a filter"??
If you just run tcpdump(1) it's going to show all network packets that go in/out that server. Most of it is not relevant for the issue at hand. So you use a filter to only capture the network packets you're interested in. In this case you're only interested in TCP traffic to port 80 of that server.
 
OP
JLAIP
Yes, that is definitely what you want. You want your ISP modem/router to forward port 80 to the internal/local IP of your (web)server.
See the man page of tcpdump(1). It supports filter expressions so you can filter for port 80 and your server's interface/IP address to prevent being blasted by ALL the traffic on that network interface.
Here's the /etc/rc.conf (the only file that's been modified on the web server). The red boxes indicate the original settings, which was working until the modem/IP change yesterday.

I'm pretty sure the currently uncommented settings are what made it possible to successfully ping yahoo.com a couple of hours ago. But since the tech's had me mucking about with those settings while he was mucking about inside the modem, pinging any outside domain returns Host name lookup failure. The defaultrouter is set to the Gateway IP, and the Netmask is set to per the ISP. I'm not sure if either of those are correct though?
 

Attachments

  • huntington 013.jpg
    huntington 013.jpg
    105.8 KB · Views: 29
OP
JLAIP
Yes, that is definitely what you want. You want your ISP modem/router to forward port 80 to the internal/local IP of your (web)server.
As best I can tell from /etc/rc.conf, the web server's internal IP is 10.0.0.2 (the email server is 10.0.0.1). The tech says the router can only forward to 10.1.10.1 or at least that's the number he wanted me to change the web server's /etc/rc.conf to. It was after that that I began getting the Host name lookup failure errors when attempting to ping yahoo.com.
 
As best I can tell from /etc/rc.conf, the web server's internal IP is 10.0.0.2 (the email server is 10.0.0.1).
The server's "internal" IP is whatever you tell it to be (usually via the corresponding ifconfig_xxx="" in /etc/rc.conf.

The tech says the router can only forward to 10.1.10.1 or at least that's the number he wanted me to change the web server's /etc/rc.conf to.
If that is correct then assign that IP to your servers interface. Also make sure that the netmask is correct.
However, I'd argue that it's rather uncommon to have a .1 IP here. Usually the .1 IP would be used for the gateway of a network segment. i.e. in your case 10.1.10.1 would most likely be the IP of the router and you'd use 10.1.10.2 for the server (with corresponding netmask) but I'm not your ISP tech.

It was after that that I began getting the Host name lookup failure errors when attempting to ping yahoo.com.
Make sure that you set the defaultrouter to the router's IP address.
Usually you'd also want to limit your test case to the bare minimum. Instead of name lookups simply ping a known IP address such as 8.8.8.8 (Google DNS server) which will tell you whether you can communicate with another machine "on the internet" without all the fuzz such as name lookup which might be broken for other reasons.

Please stop posting pictures. Instructions were provided many posts ago on how to properly paste information from your host.
I'm stating this out of curtesy - no other intentions: I am starting to get tired of this topic so I'll probably just opt-out. Please start to actually follow the many, many advises provided in this topic repeatedly. Other users here usually have a lower threshold on this than I do.
 
OP
JLAIP
The server's "internal" IP is whatever you tell it to be (usually via the corresponding ifconfig_xxx="" in /etc/rc.conf.


If that is correct then assign that IP to your servers interface. Also make sure that the netmask is correct.
However, I'd argue that it's rather uncommon to have a .1 IP here. Usually the .1 IP would be used for the gateway of a network segment. i.e. in your case 10.1.10.1 would most likely be the IP of the router and you'd use 10.1.10.2 for the server (with corresponding netmask) but I'm not your ISP tech.


Make sure that you set the defaultrouter to the router's IP address.
Usually you'd also want to limit your test case to the bare minimum. Instead of name lookups simply ping a known IP address such as 8.8.8.8 (Google DNS server) which will tell you whether you can communicate with another machine "on the internet" without all the fuzz such as name lookup which might be broken for other reasons.

Please stop posting pictures. Instructions were provided many posts ago on how to properly paste information from your host.
I'm stating this out of curtesy - no other intentions: I am starting to get tired of this topic so I'll probably just opt-out. Please start to actually follow the many, many advises provided in this topic repeatedly. Other users here usually have a lower threshold on this than I do.
I apologize for any inconvenience I've caused you or other members. It wasn't intentional, but I'm not comfortable posting raw data to public systems. Again, my apologies, but I was up-front early on about my lack of experience and skillsets for alot of this....Still and again, I'm sorry if I caused anyone here any problems. I'm just trying to get our website back up with the new modem/IP.
 
You're not being inconvenient - anybody on this forum is allowed to opt-out of any thread/topic at any time (or to not opt-in to begin with). As such, I don't think that any apology from your side is needed either. I just prefer to clearly communicate rather than just silently disappearing.

Good luck!
 
your rc.conf seems borked (gw seems something beginning with 7
you dont set the gateway and netmask from the isp, that are set on the router itself
can you post an image with the ISP router/modem's configuration
 
OP
JLAIP
Fire up tcpdump(1) (use a filter or else you might get swamped with unrelated information) on the server. Open the website on your browser. Do you see the connection actually coming in? Is there a response?

tcpdump: listening on vr0
<I attempted to browse to the website via domain name and IP address>
0 packets received by filter
0 packets dropped by kernel

??
 
OP
JLAIP
your rc.conf seems borked (gw seems something beginning with 7
you dont set the gateway and netmask from the isp, that are set on the router itself
can you post an image with the ISP router/modem's configuration
The ISP's tech configured the modem/router and I modded /etc/rc.conf with the IPs he gave me.

I haven't been able to get into the modem myself yet. The tech just rang to say he's coming back later to replace the modem. I don't know if he decided the modem's borked or perhaps he mucked something up whilst mucking around inside it. Either way, I'll try to get a screenshot or two of the modem configuration.

In the meantime, I think I may've mucked something up myself with all my /etc/rc.conf editing/rebooting because, now, when I ping 93.137.11.164 (yahoo), I get...
ping: sendto: No route to host
I unplugged the ethernet cable running from the email server (which is connected to the modem) to the web server and tried the ping again. No route to host.
When I try to ping the web server from the email server: ping: sendto: Network is unreachable

Both servers were pinging yahoo, google, etc (and each other) successfully earlier today.

So it now looks like I'm not even getting data transmission in or out of the web server.
 
OP
JLAIP
For anyone still following or who may find this at a later date...
I found the /etc/hosts file on the email server (the server that's working) contains two lines referencing our OLD static IPs. So I commented-out the two lines and added two new lines with our new static IPs.

Unfortunately, after a reboot, the corrections are still there, but the change had no effect on the web server. Pinging anything external (e.g., 8.8.8.8 or yahoo.com) still produces "No route to host". I am able to ping both our IP and domain name, but since something still misconfigured within the web server, it isn't able to connect externally so attempts to browse to our website still produces a "Refused to connect" error.

The ISP's tech just replaced the modem, but no change. He suggested that I try configuring the web server for DHCP instead of static IPs, connect it directly to the modem and see if the server was then able to connect/access the Internet. It was. However, the DHCP connection overwrote the original /etc/resolv.conf. Since it now contains only incorrect ISP data that doesn't work with the other (working) email server. So I deleted the /etc/resolv.conf on the web server.

Not sure where to go now?
 
can you draw a diagram of your network
Code:
like
1.2.3.5
isp-----------router 10.0.0.254
        1.2.3.6 |
                |-----mail-server (10.0.0.1)
                |
                |-----web-server (10.0.0.2)
 
ok, so if your mail server works and it is accessible from internet can you paste
netstat -rn from the mail server

also from the router
gateway=>connection=>local ip config
 
OP
JLAIP
can you draw a diagram of your network
Code:
like
1.2.3.5
isp-----------router 10.0.0.254
        1.2.3.6 |
                |-----mail-server (10.0.0.1)
                |
                |-----web-server (10.0.0.2)
I've spent the last two hours trying to modify your diagram into something decipherable, but it's not happening. I think I'd need to take a ASCII drawing course before I'll be able to produce anything useful.

I think I can explain the layout much easier..
There are two separate server PCs--one for email and the other for our website.
The email server links to the modem/router and the web server links to the email server (not the modem/router).
The email server contains two NIC cards....the first NIC links modem/router to the email server, the second NIC links email server to the web server's single NIC.
The ISP issued us five static IPs, 71.25.29.169~173.
The Gateway IP is 71.25.29.248.
The subnet mask is 255.255.255.248.
Primary DNS is 75.75.75.75 (secondary is 75.75.76.76).

Does that make sense?
 
I've spent the last two hours trying to modify your diagram into something decipherable, but it's not happening. I think I'd need to take a ASCII drawing course before I'll be able to produce anything useful.

I think I can explain the layout much easier..
There are two separate server PCs--one for email and the other for our website.
The email server links to the modem/router and the web server links to the email server (not the modem/router).
The email server contains two NIC cards....the first NIC links modem/router to the email server, the second NIC links email server to the web server's single NIC.
The ISP issued us five static IPs, 71.25.29.169~173.
The Gateway IP is 71.25.29.248.
The subnet mask is 255.255.255.248.
Primary DNS is 75.75.75.75 (secondary is 75.75.76.76).

Does that make sense?
and until now you had just one public ip ?
and the mail server runs ipnat / natd ?
 
OP
JLAIP
ok, so if your mail server works and it is accessible from internet can you paste
netstat -rn from the mail server

also from the router
gateway=>connection=>local ip config
Re netstat -rn: The email server isn't browsable, it's just pingable and able to send/receive email. So I don't know how I can copy/paste the netstat output for you. That's why I've been posting photos.

Re gateway-connection->local ip config...
 

Attachments

  • modem 004.jpg
    modem 004.jpg
    128.6 KB · Views: 16
  • modem 005.jpg
    modem 005.jpg
    104.9 KB · Views: 18
OP
JLAIP
and until now you had just one public ip ?
and the mail server runs ipnat / natd ?
For the past 20+ years, we leased a bank of five static IPs, but only one was used. That's what our website ran on. Oh, one of the old IPs was used as the gateway.
We have a bank of five new static IPs with the same plan--one to run our website on (71.25.29.170) and one as a gateway (71.25.29.174).

Sorry, the servers were setup in the late 90s and I just assisted the engineer that actually did the configuration on them. Is there a conf file I can check to find that out for you?

All I've done is replace the old IPs in /etc/rc.conf on both servers with the new IPs. Late today, I found our old IPs were in /etc/resolv.conf, so I changed those, too.
The ISP's tech suggested we try configuring the web server for DHCP, which I did via /etc/re.conf. After reboot, the web server connected to the web and I was able to ping external sources (e.g., 8.8.8.8, yahoo.com, etc.), but the DHCP overwrote the /etc/resolv.conf on the web server, so I just renamed it. Other than repeating the same steps over and over again for the past two days, I think that should bring you up to date with where things sit.

Oh, when I saw the DHCP had overwritten /etc/resolv.conf, I decided to reconfigure /etc/rc.conf back the way it was originally, but with the new IPs in place.
 
so the mail server has one of the 71.25.29.170 and the other one is 10.0.0.1
the redirection was actually done by the mail server not by the router
you have 2 options
1. put back 10.0.0.2/24 on the http server, set gw to 10.0.0.1
see why mail server does not redirect correctly to the web server

2. unplug the cable that links the 2 servers from the mail server and plug it into the router
config another of the public ips on the http server and set the mask and gw like on the mail server
fix dns record for www if it points to the ip on which the mail server sits and point it to the ip you set on the http server
 
OP
JLAIP
so the mail server has one of the 71.25.29.170 and the other one is 10.0.0.1
the redirection was actually done by the mail server not by the router
you have 2 options
1. put back 10.0.0.2/24 on the http server, set gw to 10.0.0.1
see why mail server does not redirect correctly to the web server

2. unplug the cable that links the 2 servers from the mail server and plug it into the router
config another of the public ips on the http server and set the mask and gw like on the mail server
fix dns record for www if it points to the ip on which the mail server sits and point it to the ip you set on the http server
Option 1 sounds simpler and less dangerous, but I'm not sure what 10.0.0.2/24 means (the /24 part) or how I put it back on the http server? And, if I'm reading you right, this operation isn't going solve the web server problem. Correct?

I'm really concerned about getting too far out beyond the point I can easily put things back the way I found them. So far, I've only actually changed 2-3 lines in three files, all of which was just swapping our very familiar old IPs for the new IPs. I'm worried about making changes that I won't be able to undo if/when things go wrong again.
 
OP
JLAIP
Is there some way to reconfigure the new modem/router to function like our previous modem/router? That way, I should just be able to swap old IP for new IP without having to risk getting beyond my understanding.

Actually, the more I think about it, because the email server DOES appear to be working properly, I'd really hesitate to make any layout changes that might kill our email again, too. This morning, I had everything except the website working--I was able to ping FROM both servers and login via SFTP, but after following the ISP tech's instructions, only the email server's working. Does that make sense?
 
Top