Install Can ping but can't open page on mobiles

Please fill in any relevant information that applies to you:

• CentOS Version: CentOS 7 64bit
• Centmin Mod Version Installed: 123.09beta01
• Nginx Version Installed: i.e. 1.13.1
• PHP Version Installed: 7.0.15
• MariaDB MySQL Version Installed: 10.1.21
• When was last time updated Centmin Mod code base ? : today
• Persistent Config: LETSENCRYPT_DETECT='y'

Hi,

---

I'm trying to migrate my site to new VPS.
Fresh install 123.09beta01. For rsync needed to csf -a "old VPS IP". Got error something to do with FASTSTART, disable FASTSTART as per one of the threat here.
Moved all required files. Installed LETSENCRYPT certificates.
I can open my site from my PC but when I tried to open it from Mobile, connection timeout.
But I can ping IP from mobile too
185.195.24.85
here is trace

Code:

traceroute to 185.195.24.85 (185.195.24.85), 30 hops max
Hop 1:
    From 172.16.9.194, 238 ms

Hop 2:
    From 172.16.13.93, 258 ms

Hop 3:
    From mag9-cr01-be78.100.msk.stream-internet.net (195.34.36.225), 248 ms

Hop 4:
    From m9-cr04-be8.77.msk.stream-internet.net (212.188.54.213), 248 ms

Hop 5:
    From Filanco-m9.msk.stream-internet.net (195.34.38.134), 248 ms

Hop 6:
    From 31.28.19.161, 248 ms

Hop 7:
    From 185.68.144.18, 248 ms

Hop 8:
    From 194.63.142.188, 258 ms

Hop 9:
    * 

Hop 10:
    * 

Hop 11:
    * 

Hop 12:
    * 

Hop 13:
    * 

Hop 14:
    * 

Hop 15:
    * 

Hop 16:
    * 

Hop 17:
    * 

Hop 18:
    * 

Hop 19:
    * 

Hop 20:
    * 

Hop 21:
    * 

Hop 22:
    * 

Hop 23:
    * 

Hop 24:
    * 

Hop 25:
    * 

Hop 26:
    * 

Hop 27:
    * 

Hop 28:
    * 

Hop 29:
    * 

Hop 30:
    * 

Traceroute complete: 30 hops, time: 9638 ms

Tired different mobile providers - all the same.
Here I found similar threat -
https://community.centminmod.com/threads/can-ping-but-cant-open-page.8507/
In my

Code:

/etc/sysctl.d/

there were no "101-sysctl.conf" file.
I moved one from old VPS, tried to run

Code:

/sbin/sysctl --system

here is output

Code:

[06:58][root@site ~]# /sbin/sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /etc/sysctl.d/101-sysctl.conf ...
sysctl: permission denied on key 'fs.nr_open'
sysctl: permission denied on key 'fs.file-max'
sysctl: permission denied on key 'net.core.wmem_max'
sysctl: permission denied on key 'net.core.rmem_max'
sysctl: permission denied on key 'net.ipv4.tcp_rmem'
sysctl: permission denied on key 'net.ipv4.tcp_wmem'
sysctl: permission denied on key 'net.core.netdev_max_backlog'
net.core.somaxconn = 8151
sysctl: permission denied on key 'net.core.optmem_max'
sysctl: permission denied on key 'net.ipv4.tcp_fin_timeout'
sysctl: permission denied on key 'net.ipv4.tcp_keepalive_intvl'
sysctl: permission denied on key 'net.ipv4.tcp_keepalive_probes'
sysctl: permission denied on key 'net.ipv4.tcp_keepalive_time'
sysctl: permission denied on key 'net.ipv4.tcp_max_syn_backlog'
sysctl: permission denied on key 'net.ipv4.tcp_sack'
sysctl: permission denied on key 'net.ipv4.tcp_syn_retries'
sysctl: permission denied on key 'net.ipv4.tcp_synack_retries'
sysctl: permission denied on key 'net.ipv4.tcp_tw_recycle'
sysctl: permission denied on key 'net.ipv4.tcp_tw_reuse'
sysctl: permission denied on key 'net.ipv4.tcp_max_tw_buckets'
sysctl: permission denied on key 'vm.swappiness'
sysctl: permission denied on key 'vm.min_free_kbytes'
sysctl: permission denied on key 'net.ipv4.ip_local_port_range'
sysctl: permission denied on key 'net.ipv4.tcp_slow_start_after_idle'
sysctl: permission denied on key 'net.ipv4.tcp_limit_output_bytes'
sysctl: permission denied on key 'net.ipv4.tcp_rfc1337'
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
sysctl: permission denied on key 'net.nf_conntrack_max'
sysctl: permission denied on key 'net.netfilter.nf_conntrack_tcp_timeout_established'
sysctl: permission denied on key 'net.netfilter.nf_conntrack_generic_timeout'
sysctl: permission denied on key 'net.ipv4.tcp_challenge_ack_limit'
* Applying /usr/lib/sysctl.d/50-default.conf ...
sysctl: permission denied on key 'kernel.sysrq'
sysctl: permission denied on key 'kernel.core_uses_pid'
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.conf ...

 

Sorry for not being clear
My non-mobile IP is fine, I'm able to open site and ping it.
But from mobile I can ping but cant access site.
Here is for my non-mobile IP

Code:

]# csf -g 94.141.171.124

Chain            num   pkts bytes target     prot opt in     out     source               destination

ALLOWIN          2      388 44514 ACCEPT     all  --  !lo    *       94.141.171.124       0.0.0.0/0

ALLOWOUT         2      396 58326 ACCEPT     all  --  *      !lo     0.0.0.0/0            94.141.171.124


ip6tables:

Chain            num   pkts bytes target     prot opt in     out     source               destination
No matches found for 94.141.171.124 in ip6tables
csf.allow: 94.141.171.124 # csf SSH installation/upgrade IP address - Tue Jun 13 10:22:27 2017

Here is for my mobile IP

Code:

[08:37][root@vo7shop ~]# csf -g 213.87.137.74

Chain            num   pkts bytes target     prot opt in     out     source               destination
No matches found for 213.87.137.74 in iptables
ip6tables:
Chain            num   pkts bytes target     prot opt in     out     source               destination
No matches found for 213.87.137.74 in ip6tables

 

Server IP 185.195.24.85
From non-mobile (windows 10 desktop) yes
From mobile -no

 

Great tip!
I run vpn on desktop - no connection
on mobile via vpn - no connection
so it looks like only my home IP is permitted.
I haven't modify any csf settings.

 

Let me try to reinstall and see on what step it's all began.
Some local provider. They swear to me that IP is not blocked and they can ping it.

 

Now it is working.
This was my 3rd try.
The only difference is that this time when I was generating Nginx Vhost (https://centminmod.com/vhost.php) I chose wordpress option (I have Opencart but it is close enough)
And the second difference is that I avoided using rsync but migrated my old data and database via archiving files and unpack them on my new vps, those I avoided disabling FASTSTART.
I'm not sure what exactly triggered previous problems but I suspect it has something to do with disabled FASTSTART.
Regardless, appreciate your speedy help and advices!
Great product you've got here