Problem with bastille firewall on OVH RPS servers

Hi all,

I cannot use Bastille firewall on OVH RPS servers. After enabling firewall rule server becomes unavailable. After manual reboot is server reachable again but in aproximately 20 minutes later server becomes unavailable again even if I delete all firewal rules. I suppose that some cron job try switch on firewall.

Has anybody same experiences or solution?

Thanks for any suggestion

SupuS

 

Hi till

server works well until I insert new firewall rule. After reboot it freeze if I start or restart bastille or wait for 20 minutes.

Last line in the syslog is:

Code:

/USR/SBIN/CRON[13513]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log

I tested firewall in ISPConfig 3 installed in virtualbox and it was without problem. Maybe is there some problem with kernel from OVH?

SupuS

 

Code:

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:23:54:1b:47:1a  
          inet addr:xxx.23.20.97  Bcast:xxx.23.20.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1238054 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1776408 errors:0 dropped:0 overruns:0 carrier:1
          collisions:0 txqueuelen:1000 
          RX bytes:582459034 (582.4 MB)  TX bytes:1876881032 (1.8 GB)

eth0:0    Link encap:Ethernet  HWaddr 00:23:54:1b:47:1a  
          inet addr:yyy.98.138.163  Bcast:yyy.255.255.255  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:7249 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7249 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:662492 (662.4 KB)  TX bytes:662492 (662.4 KB)

I use yyy.98.138.163 .. it is IP FailOver .. can be transfered to other server

 

It is Ubuntu 9.04 but I tested also Debian Lenny with ISPConfig 3 preinstalled by OVH and there was the same problem.

 

I disable start of bastille for now and I wrote to OVH technicians about this problem .. maybe they will find where is the problem.

Thanks for reply till

 

yes it is true .. on RPS servers OVH using SAN acessed by iSCSI .. I'll test it .. thanks

 

There is port 3260 which has to be opened for access to SAN:

Code:

# netstat -tanpu | grep iscsi
tcp        0      0 xxx.xxx.xxx.xxx:37143     xxx.xxx.xxx.xxx:3260     ESTABLISHED 3553/iscsid

In OVH manual is this port described:

I added this port to config option in ispconfig but unfortunatelly issue appear again. Afte reboot I add this port to:

/etc/Bastille/bastille-firewall.cfg

but again without success. I switch off and disabled bastille-firewall as described earlier. Now every 20 minutes is server unreachable. I found two rows with something about this port in ispconfig table sys_datalog:

Code:

42  1  firewall  firewall_id:1  i  1275569296  admin  a:2:{s:3:"new";a:10:{s:11:"firewall_id";s:1:"1";s:...  pending
43  1  firewall  firewall_id:1  d  1275570380  admin  a:2:{s:3:"old";a:10:{s:11:"firewall_id";s:1:"1";s:...  pending

If there is status pending it means that it will try do this job later? For example after 20 minutes?

Now my server going down every 20 minutes and I don't know how to stop it .. except reinstall

SupuS

 

Hi,

I have exactly the same problem with Scaleway. They are using harddisk that is attached from a storage area network instead of a local harddisk. Thanks god I got on this thread .... I was searching in the logs for the last 5 hours. The server just goes not acessible after exactly 20 minutes and there was nothing in the logs. I never suspected the firewall, becouse it is off, I do not have any firewall rules in ISPconfig3, but after looking at this thread I found out that Bastille is running on the server and restarted it, the server went offline imediately after.

Thanks.