Webserver with two NICs and two IPs problem (closed ports?)
Webserver with two NICs and two IPs problem (closed ports?)
Hello all!
Any help I can get to get this working is appreciated :)
Setup:
I have a home server running Ubuntu server 14.04.3 LTS with two NICs. Each card gets one public IP with ports open from my ISP (except port 25 of course). I've double checked with them the the ports are open etc.
NIC#1 has IP: xxx.xx.xxx.11
NIC#2 has IP: yyy.yy.yyy.8
Problem:
I have one site (excluding default.domain) running on NIC#1s IP, with vanity name servers, and I'm trying to get another site to run on NIC#2s IP, also with vanity name servers, but I can't get it to work.
I can reach the first site both by domain name and by IP and all is working fine, but I can not reach the site running on NIC#2s IP. I've setup the glue records with the domain registrar (same as I did with the working site) and as far as I can see both apache and the dns server are listening on both IPs and iptables -L shows that the ports are open. I did do a port check on yougetsignal.com though and it claims that the ports (80,8080,443) are closed on NIC#2s IP.
Netstat -anp:
iptables -L:
Any help I can get to get this working is appreciated :)
Setup:
I have a home server running Ubuntu server 14.04.3 LTS with two NICs. Each card gets one public IP with ports open from my ISP (except port 25 of course). I've double checked with them the the ports are open etc.
NIC#1 has IP: xxx.xx.xxx.11
NIC#2 has IP: yyy.yy.yyy.8
Problem:
I have one site (excluding default.domain) running on NIC#1s IP, with vanity name servers, and I'm trying to get another site to run on NIC#2s IP, also with vanity name servers, but I can't get it to work.
I can reach the first site both by domain name and by IP and all is working fine, but I can not reach the site running on NIC#2s IP. I've setup the glue records with the domain registrar (same as I did with the working site) and as far as I can see both apache and the dns server are listening on both IPs and iptables -L shows that the ports are open. I did do a port check on yougetsignal.com though and it claims that the ports (80,8080,443) are closed on NIC#2s IP.
Netstat -anp:
Code: Select all
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:2525 0.0.0.0:* LISTEN 2086/exim4
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1140/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 1140/dovecot
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1184/mysqld
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 2086/exim4
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1140/dovecot
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 1237/spamd.pid
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1140/dovecot
tcp 0 0 yyy.yy.yyy.8:80 0.0.0.0:* LISTEN 10106/nginx.conf
tcp 0 0 xxx.xx.xxx.11:80 0.0.0.0:* LISTEN 10106/nginx.conf
tcp 0 0 yyy.yy.yyy.8:8080 0.0.0.0:* LISTEN 2266/apache2
tcp 0 0 xxx.xx.xxx.11:8080 0.0.0.0:* LISTEN 2266/apache2
tcp 0 0 127.0.0.1:8081 0.0.0.0:* LISTEN 2266/apache2
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 2086/exim4
tcp 0 0 0.0.0.0:8083 0.0.0.0:* LISTEN 2178/vesta-nginx
tcp 0 0 127.0.0.1:8084 0.0.0.0:* LISTEN 10106/nginx.conf
tcp 0 0 yyy.yy.yyy.8:53 0.0.0.0:* LISTEN 1174/named
tcp 0 0 xxx.xx.xxx.11:53 0.0.0.0:* LISTEN 1174/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1174/named
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 909/vsftpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1116/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2086/exim4
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1174/named
tcp 0 0 xxx.xx.xxx.11:443 0.0.0.0:* LISTEN 10106/nginx.conf
tcp 0 0 yyy.yy.yyy.8:8443 0.0.0.0:* LISTEN 2266/apache2
tcp 0 0 xxx.xx.xxx.11:8443 0.0.0.0:* LISTEN 2266/apache2
tcp6 0 0 :::2525 :::* LISTEN 2086/exim4
tcp6 0 0 :::993 :::* LISTEN 1140/dovecot
tcp6 0 0 :::995 :::* LISTEN 1140/dovecot
tcp6 0 0 :::587 :::* LISTEN 2086/exim4
tcp6 0 0 :::110 :::* LISTEN 1140/dovecot
tcp6 0 0 ::1:783 :::* LISTEN 1237/spamd.pid
tcp6 0 0 :::143 :::* LISTEN 1140/dovecot
tcp6 0 0 :::465 :::* LISTEN 2086/exim4
tcp6 0 0 :::22 :::* LISTEN 1116/sshd
tcp6 0 0 :::25 :::* LISTEN 2086/exim4
tcp6 0 0 ::1:953 :::* LISTEN 1174/named
udp 0 0 0.0.0.0:49047 0.0.0.0:* 851/dhclient
udp 0 0 yyy.yy.yyy.8:53 0.0.0.0:* 1174/named
udp 0 0 xxx.xx.xxx.11:53 0.0.0.0:* 1174/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 1174/named
udp 0 0 0.0.0.0:68 0.0.0.0:* 938/dhclient
udp 0 0 0.0.0.0:68 0.0.0.0:* 851/dhclient
udp 0 0 0.0.0.0:26869 0.0.0.0:* 938/dhclient
udp6 0 0 :::61910 :::* 851/dhclient
udp6 0 0 :::49047 :::* 938/dhclient Code: Select all
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-VESTA tcp -- anywhere anywhere tcp dpt:8083
fail2ban-MAIL tcp -- anywhere anywhere multiport dports smtp,urd,submission,2525,pop3,pop3s,imap2,imaps
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere multiport dports http,https,http-alt
ACCEPT tcp -- anywhere anywhere multiport dports ftp,12000:12100
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission,2525
ACCEPT tcp -- anywhere anywhere multiport dports pop3,pop3s
ACCEPT tcp -- anywhere anywhere multiport dports imap2,imaps
ACCEPT tcp -- anywhere anywhere multiport dports mysql,postgresql
ACCEPT tcp -- anywhere anywhere tcp dpt:8083
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- localhost anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp spt:ftp
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT tcp -- anywhere anywhere tcp spt:https
ACCEPT tcp -- anywhere anywhere tcp spt:pop3
ACCEPT udp -- anywhere anywhere udp spt:ntp
ACCEPT tcp -- anywhere anywhere tcp spt:imap2
ACCEPT tcp -- anywhere anywhere tcp spt:mysql
ACCEPT tcp -- anywhere anywhere tcp spt:postgresql
ACCEPT tcp -- anywhere anywhere tcp spt:http-alt
ACCEPT tcp -- anywhere anywhere tcp spt:8433
ACCEPT tcp -- anywhere anywhere tcp spt:8083
ACCEPT tcp -- anywhere anywhere tcp spts:12000:12100
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-MAIL (1 references)
target prot opt source destination
Chain fail2ban-SSH (1 references)
target prot opt source destination
REJECT all -- . anywhere reject-with icmp-port-unreachable
REJECT all -- mankan.biz anywhere reject-with icmp-port-unreachable
REJECT all -- ns3.walterworks.com anywhere reject-with icmp-port-unreachable
REJECT all -- 58.137.72.110 anywhere reject-with icmp-port-unreachable
REJECT all -- 101.227.241.251 anywhere reject-with icmp-port-unreachable
REJECT all -- 14.215.118.48 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
Chain fail2ban-VESTA (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-ssh (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain vesta (0 references)
target prot opt source destination