Hello, I'm having an issue and I can't seem to figure out what's wrong. My server that I use to host my site and jellyfin can no longer be accessed from it's public IP address. It's running on Debian 11 and the latest stable version of ISPConfig and Apache2. I can access the admin panel from my local network but when I try to connect using the domain, or the public IP address, I can't connect to it. Some things I've tried/checked Rebooting the server Checking apache2 and mariadb for any errors using systemctl status, both apache2 and mariadb are running fine with no errors, as far as I can tell Running mysqlcheck to fix any errors, if there is any Restarting apache2 Checking to see if ddclient is having any issues, it gets my public IP without any issue but trying to connect to it doesn't work either If there's anything that I'm missing Quick edit: everything was fine for a few months, today when I tried to connect to it nothing worked
Here's the test script Expand Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 11 (bullseye) [INFO] uptime: 21:59:22 up 6:37, 2 users, load average: 0.20, 0.23, 0.21 [INFO] memory: total used free shared buff/cache available Mem: 7.7Gi 3.0Gi 2.0Gi 268Mi 2.7Gi 4.1Gi Swap: 976Mi 0B 976Mi [INFO] systemd failed services status: UNIT LOAD ACTIVE SUB DESCRIPTION ● NetworkManager-wait-online.service loaded failed failed Network Manager Wait Online ● systemd-quotacheck.service loaded failed failed File System Quota Check LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 2 loaded units listed. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.8p1 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.4.28 [INFO] php-cgi (used for cgi php in default vhost!) is version 7.4.28 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### ...skipping 1 line ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 320323) [INFO] I found the following mail server(s): Postfix (PID 320238) [INFO] I found the following pop3 server(s): Dovecot (PID 320268) [INFO] I found the following imap server(s): Dovecot (PID 320268) [INFO] I found the following ftp server(s): PureFTP (PID 320492) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:110 (320268/dovecot) [anywhere]:143 (320268/dovecot) [anywhere]:465 (320238/master) ***.***.***.***:53 (320499/named) ***.***.***.***:53 (320499/named) ***.***.***.***:53 (320499/named) ***.***.***.***:53 (320499/named) [localhost]:53 (320499/named) [localhost]:53 (320499/named) [localhost]:53 (320499/named) [localhost]:53 (320499/named) [anywhere]:21 (320492/pure-ftpd) [anywhere]:22 (729/sshd:) [localhost]:631 (637/cupsd) [localhost]:953 (320499/named) [anywhere]:25 (320238/master) [anywhere]:4190 (320268/dovecot) [anywhere]:8096 (639/jellyfin) [anywhere]:993 (320268/dovecot) [anywhere]:995 (320268/dovecot) [localhost]:11332 (320245/rspamd:) [localhost]:11333 (320245/rspamd:) [localhost]:11334 (320245/rspamd:) ...skipping 1 line [anywhere]:587 (320238/master) [localhost]:6379 (653/redis-server) [localhost]:11211 (641/memcached) [localhost]10 (320268/dovecot) [localhost]43 (320268/dovecot) *:*:*:*::*:8080 (320323/apache2) *:*:*:*::*:80 (320323/apache2) *:*:*:*::*:8081 (320323/apache2) *:*:*:*::*:465 (320238/master) [localhost]716 (2765/kdeconnectd) *:*:*:*::*:21 (320492/pure-ftpd) [localhost]717 (4898/kdeconnectd) *:*:*:*::*:53 (320499/named) *:*:*:*::*:53 (320499/named) *:*:*:*::*:53 (320499/named) *:*:*:*::*:53 (320499/named) *:*:*:*::*53 (320499/named) *:*:*:*::*53 (320499/named) *:*:*:*::*53 (320499/named) *:*:*:*::*53 (320499/named) *:*:*:*::*53 (320499/named) *:*:*:*::*53 (320499/named) *:*:*:*::*53 (320499/named) *:*:*:*::*53 (320499/named) *:*:*:*::*53 (320499/named) *:*:*:*::*53 (320499/named) *:*:*:*::*53 (320499/named) *:*:*:*::*53 (320499/named) *:*:*:*::*beee:7bff:fe07:53 (320499/named) *:*:*:*::*beee:7bff:fe07:53 (320499/named) *:*:*:*::*beee:7bff:fe07:53 (320499/named) *:*:*:*::*beee:7bff:fe07:53 (320499/named) *:*:*:*::*:22 (729/sshd:) *:*:*:*::*:631 (637/cupsd) *:*:*:*::*:25 (320238/master) *:*:*:*::*:953 (320499/named) *:*:*:*::*:443 (320323/apache2) *:*:*:*::*:4190 (320268/dovecot) *:*:*:*::*:993 (320268/dovecot) ...skipping 1 line *:*:*:*::*:11332 (320245/rspamd:) *:*:*:*::*:11333 (320245/rspamd:) *:*:*:*::*:11334 (320245/rspamd:) *:*:*:*::*:10023 (771/postgrey) *:*:*:*::*:3306 (319511/mariadbd) *:*:*:*::*:587 (320238/master) *:*:*:*::*:6379 (653/redis-server) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25 f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-before-input all -- [anywhere]/0 [anywhere]/0 ufw-after-input all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-reject-input all -- [anywhere]/0 [anywhere]/0 ufw-track-input all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-before-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-reject-forward all -- [anywhere]/0 [anywhere]/0 ufw-track-forward all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-before-output all -- [anywhere]/0 [anywhere]/0 ufw-after-output all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-reject-output all -- [anywhere]/0 [anywhere]/0 ...skipping 1 line Chain f2b-postfix-sasl (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ...skipping 1 line target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP all -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local all -- [anywhere]/0 [anywhere]/0 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-forward (1 references) ...skipping 1 line Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination ...skipping 1 line target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT udp -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:110 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:143 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:465 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:995 ...skipping 1 line ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:4190 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8081 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 multiport dports 40110:40210 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:25 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:465 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:465 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:587 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:143 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:143 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:993 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:110 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:110 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:995 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:995 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8096 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:8096 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8920 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:8920 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:1900 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:1900 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:7359 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:7359 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25575 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:25575 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25565 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:9 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:9 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:80 Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK ] " ...skipping 1 line Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ##### LET'S ENCRYPT ##### acme.sh is installed in /root/.acme.sh/acme.sh
Seems like a network problem, outside of the ISPConfig host. Is there a router or firewall between host and Internet? Check settings. Is the Internet connection working?
Yup, everything is fine, when I connect to the server via x2go, local IP address, I can visit other sites normally. I don't believe that I've made any changes to the firewall, all the required ports are allowed on my router and firewall, IIRC.
you mean from a private ip on the same network as the server? are you trying to connect to the public ip / domain name from the same client device? try running a traceroute to the domain / public ip, that should give an idea of if the problems in or before your network.
Everything looked fine with traceroute, nothing was lost, oddly enough though, after running it my server seems to be working now? Maybe it was something with my router? If I find out what was the cause I'll update my thread. Thanks for the help guys, I really appreciate it!
I set monit to monitor my server online status and reboot the router if it somehow failed to connect to the internet. Code: check host OnlineStatus with address 1.1.1.1 if failed icmp type echo count 3 with timeout 10 seconds then exec "/bin/bash /usr/share/router-reboot" That router-reboot is my script to reboot that will depends on how to access the router itself with tested timing. Some old router may need 3-5 seconds instead of just 1 second gap. Command dev reboot is what needed to reboot in my router CLI so it is echoed in such a way. Code: (/bin/sleep 1; echo router-username; /bin/sleep 1; echo router-password; /bin/sleep 1; echo dev reboot; /bin/sleep 1;) | telnet X.X.X.X; I am just sharing my monit config just in case some others might need it but you probably won't need this.
Alright, it's back to not being able to connect, oddly enough, if I turn on my VPN, turn on my mobile data, or connect from an outside network, everything loads fine, just trying to visit it using the domain/public on my private network doesn't work. I've checked with my ISP provider, just in case they're blocking a port or something, and nothing. Quick edit: I can FTP, SSH, and connect to my server via X2GO using both the domain and public IP without any issue on my private network, just visiting the sites that I have on there don't wanna connect if I try from my private network
Have you tried to clear all the caches, cookies / site data in the browser or tried another browsers on the same network? Also that depends on your router settings if you want to connect from your local network, not necessarily your ISP, so try to browse through them and see if anything changed from your previous settings or simply restore your router settings if you have them backed up; as some ISPs update the router software remotely and that may change some of the settings.
Yup, tried multiple devices on multiple browsers. As for the router, nothing looks like it's changed. Everything looks the same as it was ages ago, all the ports are forwarded and nothing looks like it's blocked
Figured out what's wrong, my ISP has recently blocked NAT loopback with an update sent to my router. Some people who were using it before are also experiencing this issue now.
That was why I suspected as such. There should be a way to prevent your ISP to remotely updating your router as you can do the update yourself. Just keep the working settings backed up and restore them when your have updated your router. This can also be done automatically via advanced script which I know you can think of something.
