Koozali.org: home of the SME Server
Contribs.org Forums => Koozali SME Server 10.x => Topic started by: FreakWent on December 15, 2021, 03:52:50 AM
-
My SME 10 Server and Gateway is mostly fine, but external services are not available.
However in iptables I see:
Chain InboundTCP_1053 (1 references)
target prot opt source destination
denylog all -- 0.0.0.0/0 !1.1.1.1
In the 'review configuration' section of server manager, the external IP field is blank.
However, "ip addr" shows the correct IP address, and the NAT is working fine.
I suspect this is all caused by a slow DHCP transaction, but I'm just guessing really. I'll set it to static and move on with my life, but if anyone would like me to do more testing, just ask.
Cheers all!
-
Setting to the MAC address as DHCP identifier triggered a reconfigure/reboot and changing it back again triggered such a reconfig cycle again, but it still had 1.1.1.1 showing in iptables.
Changing it to static resulted in failure, possibly because the remote side didn't accept traffic without a valid DHCP lease, I didn't bother confirming that.
Changing it back from static to dynamic again, however, fixed everything, and all is well -- until next time.....
-
Huh?
Maybe take a step back and provide a few more clues as to what you are doing, what you expect to see and what you hope to achieve.
-
I have read this a couple of times and am still confused as hell.
Can you please go back and tell us what your problem is, not your attempts at a solution.
Read this: https://xyproblem.info/
My SME 10 Server and Gateway is mostly fine, but external services are not available.
So go back to the beginning and give us a history of your v10 server.
Clean install, upgrade, how?
What sort of internet connection? DHCP , static, Adsl or whatever?
Have a look in your server manager lower left in Miscellaneous for "Report a bug" and then do "Create configuration report" and post us some of the network details, less things like passwords.
Also run these and post the output:
/sbin/e-smith/audittools/newrpms
/sbin/e-smith/audittools/templates
-
and check you do not use private server mode !
-
Sorry for the unclear messaging. It's working now. I posted mostly in case it might help others in the future, I suspect that hasn't actually worked as intended.
The server was a new build, the external link uses DHCP and was configured for that. The external link came up fine, but the firewall rules were incorrect.
NAT was working okay, but the scripts that configure iptables have a default external IP address of 1.1.1.1, here:
/etc/e-smith/templates/etc/rc.d/init.d/masq/00Definitions: OUTERNET=1.1.1.1 # Put in placeholder address, to ensure correct iptables syntax
I presume that it's supposed to be redefined by some other code that somehow detects the external IP, but that wasn't working. I never found out why. Some kind of race condition maybe.
So the firewall was configured to allow external access to email, web services, port forwarding or any other services hosted by the SME server, but only if the destination IP address was 1.1.1.1, which of course it wasn't.
When choosing in the config console to configure the external interface as DHCP, there are two different options to choose from, neither worked. Lying to SME that the external link was static, then changing it back to DHCP resolved the problem.
Sorry for the vague original messages, I hope that's clearer.
-
found your issue
when using dhcp (both hardware and accoumt) dhclient runs and end to call a hook
SME use the exit hook dhclient-exit-hooks to launch the event to update the IP in db and update firewall
previous to SME10 there was the file /etc/dhclient-exit-hooks which was owned by e-smith-base
also there was a copy with same date same size same content, in /etc/dhcp/dhclient-exit-hooks /etc/dhclient-exit-hooks but not owned by any rpm
I can not explain how it is copied there
In SME10 the second copy is missing, and the script /sbin/dhclient-script is actually seeking to /etc/dhcp/dhclient-exit-hooks
see https://bugs.koozali.org/show_bug.cgi?id=11930
-
found your issue
when using dhcp (both hardware and accoumt) dhclient runs and end to call a hook
SME use the exit hook dhclient-exit-hooks to launch the event to update the IP in db and update firewall
previous to SME10 there was the file /etc/dhclient-exit-hooks which was owned by e-smith-base
also there was a copy with same date same size same content, in /etc/dhcp/dhclient-exit-hooks /etc/dhclient-exit-hooks but not owned by any rpm
I can not explain how it is copied there
In SME10 the second copy is missing, and the script /sbin/dhclient-script is actually seeking to /etc/dhcp/dhclient-exit-hooks
see https://bugs.koozali.org/show_bug.cgi?id=11930
Hello!
I have the same problem on sme10, however the file already exists in '/etc/dhcp/' as 'dhclient-exit-hooks'
So, I'm not sure what is wrong?
-
Hello!
I have the same problem on sme10, however the file already exists in '/etc/dhcp/' as 'dhclient-exit-hooks'
So, I'm not sure what is wrong?
i am not neither since you provide no log, no history about the server, no information about its configuration.
/var/log/messages around the time or changing ip should have some information.