Welcome to Centmin Mod Community
Become a Member

Install Can ping but can't open page on mobiles

Discussion in 'Install & Upgrades or Pre-Install Questions' started by Roman Kh, Jun 14, 2017.

  1. Roman Kh

    Roman Kh New Member

    11
    2
    3
    Mar 29, 2017
    Ratings:
    +2
    Local Time:
    4:29 PM
    1.11.12
    10.1.22
    Please fill in any relevant information that applies to you:
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: i.e. 1.13.1
    • PHP Version Installed: 7.0.15
    • MariaDB MySQL Version Installed: 10.1.21
    • When was last time updated Centmin Mod code base ? : today
    • Persistent Config: LETSENCRYPT_DETECT='y'
    Hi,

    I'm trying to migrate my site to new VPS.
    Fresh install 123.09beta01. For rsync needed to csf -a "old VPS IP". Got error something to do with FASTSTART, disable FASTSTART as per one of the threat here.
    Moved all required files. Installed LETSENCRYPT certificates.
    I can open my site from my PC but when I tried to open it from Mobile, connection timeout.
    But I can ping IP from mobile too
    185.195.24.85
    here is trace
    Code:
    traceroute to 185.195.24.85 (185.195.24.85), 30 hops max
    Hop 1:
        From 172.16.9.194, 238 ms
    
    Hop 2:
        From 172.16.13.93, 258 ms
    
    Hop 3:
        From mag9-cr01-be78.100.msk.stream-internet.net (195.34.36.225), 248 ms
    
    Hop 4:
        From m9-cr04-be8.77.msk.stream-internet.net (212.188.54.213), 248 ms
    
    Hop 5:
        From Filanco-m9.msk.stream-internet.net (195.34.38.134), 248 ms
    
    Hop 6:
        From 31.28.19.161, 248 ms
    
    Hop 7:
        From 185.68.144.18, 248 ms
    
    Hop 8:
        From 194.63.142.188, 258 ms
    
    Hop 9:
        * 
    
    Hop 10:
        * 
    
    Hop 11:
        * 
    
    Hop 12:
        * 
    
    Hop 13:
        * 
    
    Hop 14:
        * 
    
    Hop 15:
        * 
    
    Hop 16:
        * 
    
    Hop 17:
        * 
    
    Hop 18:
        * 
    
    Hop 19:
        * 
    
    Hop 20:
        * 
    
    Hop 21:
        * 
    
    Hop 22:
        * 
    
    Hop 23:
        * 
    
    Hop 24:
        * 
    
    Hop 25:
        * 
    
    Hop 26:
        * 
    
    Hop 27:
        * 
    
    Hop 28:
        * 
    
    Hop 29:
        * 
    
    Hop 30:
        * 
    
    Traceroute complete: 30 hops, time: 9638 ms
    Tired different mobile providers - all the same.
    Here I found similar threat -
    https://community.centminmod.com/threads/can-ping-but-cant-open-page.8507/
    In my
    Code:
    /etc/sysctl.d/
    there were no "101-sysctl.conf" file.
    I moved one from old VPS, tried to run
    Code:
    /sbin/sysctl --system
    here is output
    Code:
    [06:58][root@site ~]# /sbin/sysctl --system
    * Applying /usr/lib/sysctl.d/00-system.conf ...
    * Applying /etc/sysctl.d/101-sysctl.conf ...
    sysctl: permission denied on key 'fs.nr_open'
    sysctl: permission denied on key 'fs.file-max'
    sysctl: permission denied on key 'net.core.wmem_max'
    sysctl: permission denied on key 'net.core.rmem_max'
    sysctl: permission denied on key 'net.ipv4.tcp_rmem'
    sysctl: permission denied on key 'net.ipv4.tcp_wmem'
    sysctl: permission denied on key 'net.core.netdev_max_backlog'
    net.core.somaxconn = 8151
    sysctl: permission denied on key 'net.core.optmem_max'
    sysctl: permission denied on key 'net.ipv4.tcp_fin_timeout'
    sysctl: permission denied on key 'net.ipv4.tcp_keepalive_intvl'
    sysctl: permission denied on key 'net.ipv4.tcp_keepalive_probes'
    sysctl: permission denied on key 'net.ipv4.tcp_keepalive_time'
    sysctl: permission denied on key 'net.ipv4.tcp_max_syn_backlog'
    sysctl: permission denied on key 'net.ipv4.tcp_sack'
    sysctl: permission denied on key 'net.ipv4.tcp_syn_retries'
    sysctl: permission denied on key 'net.ipv4.tcp_synack_retries'
    sysctl: permission denied on key 'net.ipv4.tcp_tw_recycle'
    sysctl: permission denied on key 'net.ipv4.tcp_tw_reuse'
    sysctl: permission denied on key 'net.ipv4.tcp_max_tw_buckets'
    sysctl: permission denied on key 'vm.swappiness'
    sysctl: permission denied on key 'vm.min_free_kbytes'
    sysctl: permission denied on key 'net.ipv4.ip_local_port_range'
    sysctl: permission denied on key 'net.ipv4.tcp_slow_start_after_idle'
    sysctl: permission denied on key 'net.ipv4.tcp_limit_output_bytes'
    sysctl: permission denied on key 'net.ipv4.tcp_rfc1337'
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.all.log_martians = 1
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.all.secure_redirects = 0
    net.ipv4.conf.all.send_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0
    net.ipv4.conf.default.accept_source_route = 0
    net.ipv4.conf.default.log_martians = 1
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.default.secure_redirects = 0
    net.ipv4.conf.default.send_redirects = 0
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    sysctl: permission denied on key 'net.nf_conntrack_max'
    sysctl: permission denied on key 'net.netfilter.nf_conntrack_tcp_timeout_established'
    sysctl: permission denied on key 'net.netfilter.nf_conntrack_generic_timeout'
    sysctl: permission denied on key 'net.ipv4.tcp_challenge_ack_limit'
    * Applying /usr/lib/sysctl.d/50-default.conf ...
    sysctl: permission denied on key 'kernel.sysrq'
    sysctl: permission denied on key 'kernel.core_uses_pid'
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.default.accept_source_route = 0
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.default.promote_secondaries = 1
    net.ipv4.conf.all.promote_secondaries = 1
    * Applying /etc/sysctl.d/99-sysctl.conf ...
    * Applying /etc/sysctl.conf ...
    
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,182
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    11:29 PM
    Nginx 1.13.x
    MariaDB 5.5
    if VPS is OpenVZ you can't do TCP sysctl tweaks, only KVM, Vmware, Xen and dedicated can do TCP sysctl tweaks but this isn't related to your issue

    Probably your mobile IP is banned by CSF Firewall ? Can check how to whitelist via:
    check if IP is blocked by grepping CSF firewall
    Code (Text):
    csf -g YOURIP
    


    If it's a lan connection i.e. home wifi, see FAQ items 40 & 41 for details and clues.
     
    Last edited: Jun 14, 2017
  3. Roman Kh

    Roman Kh New Member

    11
    2
    3
    Mar 29, 2017
    Ratings:
    +2
    Local Time:
    4:29 PM
    1.11.12
    10.1.22
    Sorry for not being clear
    My non-mobile IP is fine, I'm able to open site and ping it.
    But from mobile I can ping but cant access site.
    Here is for my non-mobile IP
    Code:
    ]# csf -g 94.141.171.124
    
    Chain            num   pkts bytes target     prot opt in     out     source               destination
    
    ALLOWIN          2      388 44514 ACCEPT     all  --  !lo    *       94.141.171.124       0.0.0.0/0
    
    ALLOWOUT         2      396 58326 ACCEPT     all  --  *      !lo     0.0.0.0/0            94.141.171.124
    
    
    ip6tables:
    
    Chain            num   pkts bytes target     prot opt in     out     source               destination
    No matches found for 94.141.171.124 in ip6tables
    csf.allow: 94.141.171.124 # csf SSH installation/upgrade IP address - Tue Jun 13 10:22:27 2017
    
    Here is for my mobile IP
    Code:
    [08:37][root@vo7shop ~]# csf -g 213.87.137.74
    
    Chain            num   pkts bytes target     prot opt in     out     source               destination
    No matches found for 213.87.137.74 in iptables
    ip6tables:
    Chain            num   pkts bytes target     prot opt in     out     source               destination
    No matches found for 213.87.137.74 in ip6tables
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,182
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    11:29 PM
    Nginx 1.13.x
    MariaDB 5.5
    can you access server main IP address ?
     
  5. Roman Kh

    Roman Kh New Member

    11
    2
    3
    Mar 29, 2017
    Ratings:
    +2
    Local Time:
    4:29 PM
    1.11.12
    10.1.22
    Server IP 185.195.24.85
    From non-mobile (windows 10 desktop) yes
    From mobile -no
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,182
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    11:29 PM
    Nginx 1.13.x
    MariaDB 5.5
    to confirm if it's not mobile IP related, have you tried using a VPN connection on mobile device ? i.e. Opera VPN is free to see if you can connect.

    also try wifi connection on mobile to connect
     
  7. Roman Kh

    Roman Kh New Member

    11
    2
    3
    Mar 29, 2017
    Ratings:
    +2
    Local Time:
    4:29 PM
    1.11.12
    10.1.22
    Great tip!
    I run vpn on desktop - no connection
    on mobile via vpn - no connection
    so it looks like only my home IP is permitted.
    I haven't modify any csf settings.
     
  8. eva2000

    eva2000 Administrator Staff Member

    30,182
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    11:29 PM
    Nginx 1.13.x
    MariaDB 5.5
    that's truly a weird situation

    if you can still can, i'd wipe server, reload OS and then test connection without Centmin Mod installed first to main server IP

    then try install centmin mod 123.09beta01, and try again to test connections

    could be specific to your VPS ? Who is web host ?
     
  9. Roman Kh

    Roman Kh New Member

    11
    2
    3
    Mar 29, 2017
    Ratings:
    +2
    Local Time:
    4:29 PM
    1.11.12
    10.1.22
    Let me try to reinstall and see on what step it's all began.
    Some local provider. They swear to me that IP is not blocked and they can ping it.
     
  10. Roman Kh

    Roman Kh New Member

    11
    2
    3
    Mar 29, 2017
    Ratings:
    +2
    Local Time:
    4:29 PM
    1.11.12
    10.1.22
    Now it is working.
    This was my 3rd try.
    The only difference is that this time when I was generating Nginx Vhost (https://centminmod.com/vhost.php) I chose wordpress option (I have Opencart but it is close enough)
    And the second difference is that I avoided using rsync but migrated my old data and database via archiving files and unpack them on my new vps, those I avoided disabling FASTSTART.
    I'm not sure what exactly triggered previous problems but I suspect it has something to do with disabled FASTSTART.
    Regardless, appreciate your speedy help and advices!
    Great product you've got here