A linode Cannot ping to some of my linodes
All of my vps running LAMP stack. One managed by webmin cannot ping to 3 of my other linodes managed by WHM. It still able to ping to other linodes, some managed by WHM and some managed by webmin.
All linodes can ping and curl each other.
Last server wide configuration was adding a DNS zone on BIND DNS server with record to other linodes and then removing it. I believe all other modification before this happened is on user level (equivalent virtualmin or cpanel).
Is there any pointer to help me trace what might be the problem?
iptables -L result:
Chain FWDO_public_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all -- anywhere anywhere [goto]
IN_public all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere multiport dports ssh match-set f2b-sshd src reject-with icmp-port-unreachable
Chain IN_public (2 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:urd ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:https ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:isakmp ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipsec-nat-t ctstate NEW
ACCEPT ah -- anywhere anywhere ctstate NEW
ACCEPT esp -- anywhere anywhere ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:submission ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:domain ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:2222 ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpts:webmin:10100 ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:20000 ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpts:1025:65535 ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:domain ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:isakmp ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipsec-nat-t ctstate NEW
Chain IN_public_deny (1 references)
target prot opt source destination
Chain IN_public_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
netstat -tulpen result:
tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 0 28640 1637/perl
tcp 0 0 127.0.0.1:10023 0.0.0.0:* LISTEN 0 27371 1465/postgrey --pid
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 112 24535 1028/mysqld
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 0 28606 1630/master
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 0 29314 1723/perl
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 0 28612 1630/master
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 120 20596 875/named
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 101 18301 831/systemd-resolve
tcp 0 0 0.0.0.0:20022 0.0.0.0:* LISTEN 0 24157 1169/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 28511 1630/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 120 20764 875/named
tcp6 0 0 :::20000 :::* LISTEN 0 28641 1637/perl
tcp6 0 0 ::1:8000 :::* LISTEN 0 20877 863/php-fpm: master
tcp6 0 0 ::1:10023 :::* LISTEN 0 27370 1465/postgrey --pid
tcp6 0 0 :::587 :::* LISTEN 0 28607 1630/master
tcp6 0 0 :::2222 :::* LISTEN 115 26859 1380/proftpd: (acce
tcp6 0 0 :::10000 :::* LISTEN 0 29315 1723/perl
tcp6 0 0 :::80 :::* LISTEN 0 24498 1450/apache2
tcp6 0 0 :::465 :::* LISTEN 0 28613 1630/master
tcp6 0 0 :::21 :::* LISTEN 115 26858 1380/proftpd: (acce
tcp6 0 0 :::53 :::* LISTEN 120 20592 875/named
tcp6 0 0 :::20022 :::* LISTEN 0 24159 1169/sshd
tcp6 0 0 :::25 :::* LISTEN 0 28512 1630/master
tcp6 0 0 ::1:953 :::* LISTEN 120 20765 875/named
tcp6 0 0 :::443 :::* LISTEN 0 24502 1450/apache2
udp 0 0 0.0.0.0:10000 0.0.0.0:* 0 29316 1723/perl
udp 0 0 127.0.0.1:53 0.0.0.0:* 120 20597 875/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 120 20595 875/named
udp 0 0 127.0.0.53:53 0.0.0.0:* 101 18300 831/systemd-resolve
udp6 0 0 :::53 :::* 120 20590 875/named
2 Replies
You write:
One managed by webmin cannot ping to 3 of my other linodes managed by WHM. It still able to ping to other linodes, some managed by WHM and some managed by webmin.
All linodes can ping and curl each other.
I'm confused… Which is it?
If by "ping" you mean respond to ICMP Echo requests and assuming your problem is the former, you most likely have a firewall issue. You need to look for firewall rules that DROP icmp/icmp6 from the IP addresses that don't work (or anywhere).
I have no idea what WHM/webmin are for or what they do but I would start by looking at the configuration of each on the machines that don't respond.
-- sw
It was blocked from 3rd party firewall. Thanks for answering.