Mysterious problem driving me crazy! (network? apache? php? firewall?)

Hello,

I had a server fail on me recently (which is a story in
itself... can't
figure out why it's failing...) and so now I'm in the
process of
migrating my data (two websites from a backup) to a new
server.

The old server was FC3 and the new server is CentOS 4.3.

Here is the problem stated very briefly: On the old server
both websites
worked fine. On the new server only one website is working.

Now for some details:

* I've checked and rechecked /etc/httpd/conf/httpd.conf to
make sure it
matches the original.
* I've checked and rechecked all my scripts in
/etc/sysconfig/network-scripts to match the originals.
* I've checked and rechedked the virtual host settings in
/etc/httpd/virt.d/ to match the originals.
* I've tried turning off iptables on the new server.
* I've tried turning off IPv6 (just a shot in the dark!).
* I've tried turning off SELinux too.
* I've also compared permissions between the two websites
directories.

I'm using NAT and what seems to be happening is that
swatgear.com WILL
NOT resolve to it's internal ip address of 10.0.0.3. I
can't get a
successful ping/request from swatgear.com or 67.17.248.227.
The only
time a ping works or I can get any kind of response is
through 10.0.0.3.
And by the way, the site works fine if I add '10.0.0.3
swatgear.com' to
/etc/hosts. But of course that doesn't solve the problem
for the outside
world.

First of all you might ask if someone has changed the
configuration in
the hardware firewall, nope. No changes at all. You might
also think
that iptables is getting in the way (see above). You might
think that
the configurations are different (see above).

If I turn the old server on (which only stays up for about 5
minutes
before it kicks the bucket) both sites work perfectly. As
soon as I shut
it off and turn on the new server only one of the sites will
work while
the other (www.swatgear.com) does not.

I can't figure it out and I've been working on this ALL
DAY so I'm
pleading with the community to help me figure it out.

What is driving me crazy is that one site works and the
other does not.
So inspite my 100% confidence in there being absolutely no
difference
between the configurations (of the parts that matter) of the
two servers
I can only be led to believe that it is in fact a
misconfiguration and
nothing else. Otherwise it just doesn't make sense.

Another thing I should mention is that apache's logs for
the website
(that doesn't work) doesn't report anything! I mean, it
appears that
apache is not even SEEING the request for the site (unless I
request it
at 10.0.0.3). This says to me that it's something that
precedes apache
that is getting in the way and not apache itself (i.e. a
configuration
mistake).



Thank you!
Chris.

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe
h
ttps://www.redhat.com/mailman/listinfo/redhat-list

-- 
This is what you said Chris W. Parker
> Hello,
>
> I had a server fail on me recently (which is a story in
itself... can't
> figure out why it's failing...) and so now I'm in the
process of
> migrating my data (two websites from a backup) to a new
server.
>
> The old server was FC3 and the new server is CentOS
4.3.
>
> Here is the problem stated very briefly: On the old
server both websites
> worked fine. On the new server only one website is
working.
>
> Now for some details:
>
> * I've checked and rechecked
/etc/httpd/conf/httpd.conf to make sure it
> matches the original.
> * I've checked and rechecked all my scripts in
> /etc/sysconfig/network-scripts to match the originals.
> * I've checked and rechedked the virtual host settings
in
> /etc/httpd/virt.d/ to match the originals.
> * I've tried turning off iptables on the new server.
> * I've tried turning off IPv6 (just a shot in the
dark!).
> * I've tried turning off SELinux too.
> * I've also compared permissions between the two
websites directories.
>
> I'm using NAT and what seems to be happening is that
swatgear.com WILL
> NOT resolve to it's internal ip address of 10.0.0.3. I
can't get a
> successful ping/request from swatgear.com or
67.17.248.227. The only
> time a ping works or I can get any kind of response is
through 10.0.0.3.
> And by the way, the site works fine if I add '10.0.0.3
swatgear.com' to
> /etc/hosts. But of course that doesn't solve the
problem for the outside
> world.
>
> First of all you might ask if someone has changed the
configuration in
> the hardware firewall, nope. No changes at all. You
might also think
> that iptables is getting in the way (see above). You
might think that
> the configurations are different (see above).
>
> If I turn the old server on (which only stays up for
about 5 minutes
> before it kicks the bucket) both sites work perfectly.
As soon as I shut
> it off and turn on the new server only one of the sites
will work while
> the other (www.swatgear.com) does not.
>
> I can't figure it out and I've been working on this
ALL DAY so I'm
> pleading with the community to help me figure it out.
>
> What is driving me crazy is that one site works and the
other does not.
> So inspite my 100% confidence in there being absolutely
no difference
> between the configurations (of the parts that matter)
of the two servers
> I can only be led to believe that it is in fact a
misconfiguration and
> nothing else. Otherwise it just doesn't make sense.
>
> Another thing I should mention is that apache's logs
for the website
> (that doesn't work) doesn't report anything! I mean,
it appears that
> apache is not even SEEING the request for the site
(unless I request it
> at 10.0.0.3). This says to me that it's something that
precedes apache
> that is getting in the way and not apache itself (i.e.
a configuration
> mistake).

Are you sure that there is not MAC Adresses filtering going
on in the
firewall.  You said that no changes were made in the
firewall, but if you
changed NICs on the new server and had MAC addresses
filterning on the
firewall that might cause the problem.

You appear to have connectivity (you are able to use site
via internal
IP).  I would also assume apache is correct since site is
working.  The
problem sounds just like you mentioned.  A name request is
not reaching
the server.

What do the firewall logs look like.  Does the request even
reach the
firewall.

How about a tcp packet capture.  Outside of apache logs not
seeing the
request, do you even see the traffic hitting the network
interface on the
web server?

Hard to speculate without having access to the servers so I
am just
throwing out some ideas.

Good Luck.

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe
h
ttps://www.redhat.com/mailman/listinfo/redhat-list

I agree with Scott along the lines of MAC addresses being
the problem. But
I'm thinking along the lines of ARP cache. You may have a
problem with the
ARP tables still being fresh or persistent in your network
somewhere. I'd
start with the edge router and then go down to your
Firewall. IMHO, It's not
the local machines itself, it's something upstream in your
network which is
why you're ok from inside the network. You made no mention
of what's in
front of these web-servers and have not indicated that
you've done any
troubleshooting beyond the web-server machines itself. 

In sort, clear out your ARP caches in all upstream network
components
starting from your edge-router (this along should fix the
problem), if not,
then clear it in your firewall or upstream switch. 

Good Luck
\R

-----Original Message-----
From: redhat-list-bouncesredhat.com
[mailto:redhat-list-bouncesredhat.com]
On Behalf Of Scott Ruckh
Sent: Wednesday, June 28, 2006 2:55 PM
To: General Red Hat Linux discussion list
Cc: redhat-listredhat.com
Subject: Re: Mysterious problem driving me crazy! (network?
apache? php?
firewall?)


-- 
This is what you said Chris W. Parker
> Hello,
>
> I had a server fail on me recently (which is a story in
itself... can't
> figure out why it's failing...) and so now I'm in the
process of
> migrating my data (two websites from a backup) to a new
server.
>
> The old server was FC3 and the new server is CentOS
4.3.
>
> Here is the problem stated very briefly: On the old
server both websites
> worked fine. On the new server only one website is
working.
>
> Now for some details:
>
> * I've checked and rechecked
/etc/httpd/conf/httpd.conf to make sure it
> matches the original.
> * I've checked and rechecked all my scripts in
> /etc/sysconfig/network-scripts to match the originals.
> * I've checked and rechedked the virtual host settings
in
> /etc/httpd/virt.d/ to match the originals.
> * I've tried turning off iptables on the new server.
> * I've tried turning off IPv6 (just a shot in the
dark!).
> * I've tried turning off SELinux too.
> * I've also compared permissions between the two
websites directories.
>
> I'm using NAT and what seems to be happening is that
swatgear.com WILL
> NOT resolve to it's internal ip address of 10.0.0.3. I
can't get a
> successful ping/request from swatgear.com or
67.17.248.227. The only
> time a ping works or I can get any kind of response is
through 10.0.0.3.
> And by the way, the site works fine if I add '10.0.0.3
swatgear.com' to
> /etc/hosts. But of course that doesn't solve the
problem for the outside
> world.
>
> First of all you might ask if someone has changed the
configuration in
> the hardware firewall, nope. No changes at all. You
might also think
> that iptables is getting in the way (see above). You
might think that
> the configurations are different (see above).
>
> If I turn the old server on (which only stays up for
about 5 minutes
> before it kicks the bucket) both sites work perfectly.
As soon as I shut
> it off and turn on the new server only one of the sites
will work while
> the other (www.swatgear.com) does not.
>
> I can't figure it out and I've been working on this
ALL DAY so I'm
> pleading with the community to help me figure it out.
>
> What is driving me crazy is that one site works and the
other does not.
> So inspite my 100% confidence in there being absolutely
no difference
> between the configurations (of the parts that matter)
of the two servers
> I can only be led to believe that it is in fact a
misconfiguration and
> nothing else. Otherwise it just doesn't make sense.
>
> Another thing I should mention is that apache's logs
for the website
> (that doesn't work) doesn't report anything! I mean,
it appears that
> apache is not even SEEING the request for the site
(unless I request it
> at 10.0.0.3). This says to me that it's something that
precedes apache
> that is getting in the way and not apache itself (i.e.
a configuration
> mistake).

Are you sure that there is not MAC Adresses filtering going
on in the
firewall.  You said that no changes were made in the
firewall, but if you
changed NICs on the new server and had MAC addresses
filterning on the
firewall that might cause the problem.

You appear to have connectivity (you are able to use site
via internal
IP).  I would also assume apache is correct since site is
working.  The
problem sounds just like you mentioned.  A name request is
not reaching
the server.

What do the firewall logs look like.  Does the request even
reach the
firewall.

How about a tcp packet capture.  Outside of apache logs not
seeing the
request, do you even see the traffic hitting the network
interface on the
web server?

Hard to speculate without having access to the servers so I
am just
throwing out some ideas.

Good Luck.

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe
h
ttps://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe
h
ttps://www.redhat.com/mailman/listinfo/redhat-list