Hi
I have purchased Cloudmin for Physical Servers.
I went to add a new physical sysem and get this:
Checking SSH login .. .. logged in OK.
Checking Webmin login .. .. Webmin login failed : Connection failed (Failed to connect to xx.xxxxxxx.xxx : Failed to connect to xxx.xxx.xxx.xxx:10000 : Interrupted system call)
(xxx is obviously my hostname and Ip replaced).
Would this be anything to do with the fact that when I go to login to Webmin on the remote system it reports it being an untrusted connection, because I do not have a SSL cert installed, think it must be the self-signed one. I do not need a SSL installed and will not be buying one, so if this is the case how would I manage it? Or would it be any other issues?
Attached are the settings I used. I also tried "Login as root with same password as Unix" and I also tried turning off "Use SSL to connect to Webmin". Got the same error on all of them.
The firewall on the remote machine has the master machine IP in the allow list.
Thanks
Howdy,
You shouldn't need a commercial SSL certificate -- having a self-signed certificate is a common thing to do.
I'm wondering if the Cloudmin server is having difficulty seeing port 10000 for some reason -- the error message suggests that it's not able to access it.
If you log into your Cloudmin server as root over SSH, what output do you receive if you type this command:
telnet xxx.xxx.xxx.xxx 10000
telnet: connect to address xxx.xxx.xxx.xxx: Connection timed out
Thing is, although I have CSF installed and I removed unnecessary ports, the master server IP is in the allow list, hence I can login to SSH OK from master to remote. So not sure why it would not see it on port 10000? Nor why telnet times out?
P.S. I disabled the Firewall, and I still get the issue, so dont think its CSF firewall related.
Thanks
Howdy,
The symptoms you're seeing there look very similar to a firewall issue of some kind. Outside of your CSF firewall, are there any other routers or firewalls between those two systems which could be causing any issues?
Also, on your remote server that you're trying to connect to, what does this command output:
iptables -L -n
Thanks!
-Eric
Thanks for your help with this...
But I disabled the firewall, could it stil have an effect?
Its a CentOS install with Virtualmin followed by CSF, thats it. So whatever comes with CentOS or Virtualmin or CSF, I have not installed anything else. And still had the issue with CSF disabled.
My office where the master system is has a router, just a standard one, I havent configured it to block anything. Incoming connections I would need to port forward to the relevant computer. The remote server is a Linode.com VPS.
This is the output, hope its OK I changed all IP addresses, BUT the one where I trying to connect FROM (the master) is ZZZ.ZZZ.ZZZ.ZZZ instead of xxx…..
Chain INPUT (policy DROP) target prot opt source destination
ACCEPT tcp -- xxx.xxx.xxx.xxx 0.0.0.0/0 tcp dpt:53 ACCEPT udp -- xxx.xxx.xxx.xxx 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- xxx.xxx.xxx.xxx 0.0.0.0/0 tcp spt:53 ACCEPT udp -- xxx.xxx.xxx.xxx 0.0.0.0/0 udp spt:53 ACCEPT tcp -- xxx.xxx.xxx.xxx 0.0.0.0/0 tcp dpt:53 ACCEPT udp -- xxx.xxx.xxx.xxx 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- xxx.xxx.xxx.xxx 0.0.0.0/0 tcp spt:53 ACCEPT udp -- xxx.xxx.xxx.xxx 0.0.0.0/0 udp spt:53 ACCEPT tcp -- xxx.xxx.xxx.xxx 0.0.0.0/0 tcp dpt:53 ACCEPT udp -- xxx.xxx.xxx.xxx 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- xxx.xxx.xxx.xxx 0.0.0.0/0 tcp spt:53 ACCEPT udp -- xxx.xxx.xxx.xxx 0.0.0.0/0 udp spt:53 LOCALINPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
INVALID tcp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:995 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0 limit: avg 1/sec burst 5 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 LOGDROPIN all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP) target prot opt source destination
Chain OUTPUT (policy DROP) target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 xxx.xxx.xxx.xxx tcp dpt:53 ACCEPT udp -- 0.0.0.0/0 xxx.xxx.xxx.xxx udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 xxx.xxx.xxx.xxx tcp spt:53 ACCEPT udp -- 0.0.0.0/0 xxx.xxx.xxx.xxx udp spt:53 ACCEPT tcp -- 0.0.0.0/0 xxx.xxx.xxx.xxx tcp dpt:53 ACCEPT udp -- 0.0.0.0/0 xxx.xxx.xxx.xxx udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 xxx.xxx.xxx.xxx tcp spt:53 ACCEPT udp -- 0.0.0.0/0 xxx.xxx.xxx.xxx udp spt:53 ACCEPT tcp -- 0.0.0.0/0 xxx.xxx.xxx.xxx tcp dpt:53 ACCEPT udp -- 0.0.0.0/0 xxx.xxx.xxx.xxx udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 xxx.xxx.xxx.xxx tcp spt:53 ACCEPT udp -- 0.0.0.0/0 xxx.xxx.xxx.xxx udp spt:53 LOCALOUTPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
INVALID tcp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:113 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:113 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 LOGDROPOUT all -- 0.0.0.0/0 0.0.0.0/0
Chain ALLOWDYNIN (1 references) target prot opt source destination
ACCEPT all -- xxx.xxx.xxx.xxx 0.0.0.0/0
Chain ALLOWDYNOUT (1 references) target prot opt source destination
ACCEPT all -- 0.0.0.0/0 xxx.xxx.xxx.xxx
Chain INVALID (2 references) target prot opt source destination
INVDROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05 INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01 INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08 INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20 INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
Chain INVDROP (10 references) target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain LOCALINPUT (1 references) target prot opt source destination
ACCEPT all -- xxx.xxx.xxx.xxx 0.0.0.0/0
ACCEPT all -- xxx.xxx.xxx.xxx 0.0.0.0/0
ACCEPT all -- xxx.xxx.xxx.xxx 0.0.0.0/0
ACCEPT all -- xxx.xxx.xxx.xxx 0.0.0.0/0
ACCEPT all -- xxx.xxx.xxx.xxx 0.0.0.0/0
ACCEPT all -- ZZZ.ZZZ.ZZZ.ZZZ 0.0.0.0/0
ALLOWDYNIN all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- xxx.xxx.xxx.xxx 0.0.0.0/0
DROP all -- xxx.xxx.xxx.xxx 0.0.0.0/0
Chain LOCALOUTPUT (1 references) target prot opt source destination
ACCEPT all -- 0.0.0.0/0 xxx.xxx.xxx.xxx
ACCEPT all -- 0.0.0.0/0 xxx.xxx.xxx.xxx
ACCEPT all -- 0.0.0.0/0 xxx.xxx.xxx.xxx
ACCEPT all -- 0.0.0.0/0 xxx.xxx.xxx.xxx
ACCEPT all -- 0.0.0.0/0 xxx.xxx.xxx.xxx
ACCEPT all -- 0.0.0.0/0 ZZZ.ZZZ.ZZZ.ZZZ
ALLOWDYNOUT all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 xxx.xxx.xxx.xxx
DROP all -- 0.0.0.0/0 xxx.xxx.xxx.xxx
Chain LOGDROPIN (1 references) target prot opt source destination
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:68 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:113 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:135:139 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:445 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:500 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:500 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:513 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:513 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:520 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:520 LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix
Firewall: *TCP_IN Blocked* ' LOG udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefixFirewall: UDP_IN Blocked ' LOG icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: ICMP_IN Blocked ' DROP all -- 0.0.0.0/0 0.0.0.0/0Chain LOGDROPOUT (1 references) target prot opt source destination
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix
Firewall: *TCP_OUT Blocked* ' LOG udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefixFirewall: UDP_OUT Blocked ' LOG icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: ICMP_OUT Blocked ' DROP all -- 0.0.0.0/0 0.0.0.0/0Howdy,
CentOS and Virtualmin don't setup firewall's by default -- so it looks like what you have there is the CSF firewall you mentioned.
I do see that you've added an allow rule for your master server -- is there any chance, just for the sake of troubleshooting, that you could disable the firewall completely, rather than just adding an allow rule?
That would rule out a few possible issues.
Firewalls are the most common cause of the error you're seeing, and there's definitely firewall software running there -- I'd just like to rule out the possibility that one of the rules there isn't somehow causing the problem.
-Eric
I did disabled it a couple of times, and got the error still.
Could it be anything to do with the firewall on the master? Didn't disable that, nor add the remote ip. Does the connection reverse in someway hence being blocked from remote to master?
Howdy,
Just so that we can verify that no rules are being left enabled, can you show what "iptables -L -n" looks like after completely disabling your firewall?
It should be blank -- there shouldn't be any rules showing up.
As far as the firewall on your master server -- it's more rare that firewalls block outgoing traffic, but that is possible. Just to rule it out, you could try disabling that firewall too.
Cloudmin doesn't connect back to the master, but if the firewall on your master server were blocking outgoing traffic, that would cause a problem.
-Eric
FIXED!
After disabling CSF on the master machine it worked!! So must be something there. I wondered if it may be TCP_OUT ports but rather than messing with that I just added the remote server IP to the allow list on the master server and it worked. So either there is some back traffic, OR the TCP_OUT was blocked to this server until the IP was added in the allow list. Not sure, maybe the latter.
But anyway, now its working thats great. Will just need to add the allow IP's of both servers to each other.
Thanks a lot for your help, could not have done without you!