CSF Can ping but can't open page

Hi

A few days now i start to have an issue on two of my Centminmod servers.

The user browse on the site and after 1 sec it get's this after about 10 secs on Chrome and after about 20 secs on Firefox :

Chrome looks faster at everything lol

Code:

ERR_CONNECTION_TIMED_OUT

At the same time i can browse without any issues...check the firewall and there is no ban entry and i also try to disable it but nothing....

If he change ip is working great for about 5 minutes and then doesn't work....

I thought that the user has an issue on his network but he confirm that it has the same issue on his office also....

Then we contact the ISP and they say that there is no Issue with them.

Then we contact the OVH Canada and they say that they was able to find some packet lost issues and they fix it.....

But nothing and they disable also Anti DDOS VAC system ......

User can ping the server and tracert without any issues.....

There is no logs related also on the server as it looks like a network issue or a firewall limitation that is blocking him?

---

I was check for time outs settings and all are default and doesn't look that to be the issue....
Also limiting is disable:

Code:

#limit_req_zone
#limit_conn_zone

Any ideas?

And a few days now i seems that another user has the same issue on another Centminmod server.....

Entire network with 4-5 pc's none can connect on web page

Thanks

 

Yes i can browse without any issue....

Yes

No

The user has Verizon Fios and i found related issues with MTU on the modem they use and some related with OVH fixes but the user request new modem and got it and try it and the other friend of him is using Comcast ISP.

Now he just test it and on one machine it works and he got this:

Code:

*   Trying 123.456.789.000...
* Connected to community.domain.com (123.456.789.000) port 80 (#0)
> HEAD / HTTP/1.1
> Host: community.domain.com
> User-Agent: curl/7.43.0
> Accept: /
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Tue, 30 Aug 2016 03:08:32 GMT
Date: Tue, 30 Aug 2016 03:08:32 GMT
< Content-Type: text/html;charset=UTF-8
Content-Type: text/html;charset=UTF-8
< Content-Length: 280575
Content-Length: 280575
< Connection: keep-alive
Connection: keep-alive
< Vary: Accept-Encoding
Vary: Accept-Encoding
< Set-Cookie: ips4_IPSSessionFront=vvag3cdmp7orb2div4ip02jcm0; path=/; domain=domain.com; HttpOnly
Set-Cookie: ips4_IPSSessionFront=vvag3cdmp7orb2div4ip02jcm0; path=/; domain=domain.com; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
Pragma: no-cache
< X-XSS-Protection: 0
X-XSS-Protection: 0
< Server: nginx secure
Server: nginx secure
< X-Powered-By: centminmod
X-Powered-By: centminmod

<
* Connection #0 to host community.domaincom left intact

On the pc next to him he got this:

Code:

*   Trying 123.456.789.000...
* connect to 123.456.789.000 port 80 failed: Operation timed out
* Failed to connect to community.domain.com port 80: Operation timed out
* Closing connection 0

 

I didn't post before as i was sure that this is an error from the network and not related to Centminmod apps....

But today i got the same issue from another user from another country on a Centminmod server and i use the same ISP as him without any issues.....

The only common that both users have is that they have more than one pc on the same network.....

 

PC1:

Code:

traceroute to community.domain.com (123.456.789.000), 64 hops max, 72 byte packets
1  wireless_broadband_router (192.168.1.1)  2.262 ms  3.036 ms  1.782 ms
2  lo0-100.cmdnnj-vfttp-316.verizon-gni.net (72.82.229.1)  4.725 ms  3.178 ms  2.480 ms
3  b3316.cmdnnj-lcr-22.verizon-gni.net (100.41.3.216)  13.708 ms  7.471 ms  8.067 ms
4    *
5  0.ae4.gw10.ewr6.alter.net (140.222.230.157)  8.758 ms  7.726 ms  8.023 ms
6  customer.customer.alter.net (157.130.91.86)  7.934 ms  8.000 ms  8.121 ms
7  be100-154.nwk-5-a9.nj.us (192.99.146.38)  11.678 ms  9.074 ms  8.287 ms
8  be10-1018.bhs-g2-a9.qc.ca (192.99.146.101)  17.257 ms  17.052 ms  16.967 ms
9  vl20.bhs-g2-a75.qc.ca (192.99.146.51)  16.235 ms  16.175 ms  16.239 ms
10  be50-7.bhs-3a-a9.qc.ca (198.27.73.94)  23.142 ms  20.196 ms  20.060 ms
11  ns525942.ip-158-69-127.net (123.456.789.000)  16.679 ms  16.791 ms  16.841 ms

PC2:

Code:

traceroute to community.domain.com (123.456.789.000), 64 hops max, 72 byte packets
1  192.168.1.1 (192.168.1.1)  11.376 ms  12.085 ms  8.257 ms
2  lo0-100.cmdnnj-vfttp-316.verizon-gni.net (72.82.229.1)  6.005 ms  6.506 ms  5.730 ms
3  b3316.cmdnnj-lcr-22.verizon-gni.net (100.41.3.216)  13.584 ms  40.708 ms  10.333 ms
4    *
5  0.ae4.gw10.ewr6.alter.net (140.222.230.157)  11.623 ms  12.741 ms  14.024 ms
6  customer.customer.alter.net (157.130.91.86)  33.397 ms  10.919 ms  11.138 ms
7  be100-154.nwk-5-a9.nj.us (192.99.146.38)  12.191 ms  10.694 ms  12.422 ms
8  be10-1018.bhs-g2-a9.qc.ca (192.99.146.101)  37.657 ms  20.607 ms  21.759 ms
9  vl20.bhs-g2-a75.qc.ca (192.99.146.51)  19.671 ms  19.868 ms  19.956 ms
10  be50-7.bhs-3a-a9.qc.ca (198.27.73.94)  26.821 ms  33.341 ms  34.408 ms
11  ns525942.ip-158-69-127.net (123.456.789.000)  21.720 ms  22.472 ms  20.642 ms

 

Also check this from server to users ip:

Code:

[root@server ~]# mtr --report 123.456.789.000
Start: Mon Aug 29 23:46:43 2016
HOST: server.domain.com      Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 158.69.127.253             0.0%    10  158.5 164.8 105.0 213.3  31.7
  2.|-- po112.bhs-g2-a75.qc.ca     0.0%    10    0.4   0.5   0.2   1.9   0.3
  3.|-- be10-20.bhs-g2-a9.qc.ca    0.0%    10    6.0   2.3   0.8   6.0   1.7
  4.|-- be100-1018.nwk-5-a9.nj.us  0.0%    10    9.3   9.3   9.0   9.7   0.0
  5.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0
  6.|-- xe-3-3-3.GW10.EWR6.ALTER.  0.0%    10    8.9   9.2   8.8   9.9   0.0
  7.|-- ae203-0.CMDNNJ-VFTTP-316.  0.0%    10   14.1  14.5  14.0  16.8   0.7
  8.|-- pool-173-71-99-55.cmdnnj.  0.0%    10   14.5  14.7  14.4  15.7   0.0

The user has on the same OVH Canada rack a Windows server and he can connect to all sites without any issues....

 

Code:

|                                      WinMTR statistics                                   |
|                       Host              -   %  | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
|                          158.69.127.253 -    0 |   40 |   40 |   82 |  176 |  287 |  113 |
|                  po112.bhs-g2-a75.qc.ca -    0 |   40 |   40 |    0 |    0 |    0 |    0 |
|                 be10-20.bhs-g2-a9.qc.ca -    0 |   40 |   40 |    0 |    2 |   49 |    5 |
|               be100-1018.nwk-5-a9.nj.us -    0 |   40 |   40 |    8 |    8 |    9 |    9 |
|                   No response from host -  100 |    8 |    0 |    0 |    0 |    0 |    0 |
|            xe-3-3-3.GW10.EWR6.ALTER.NET -    0 |   40 |   40 |    8 |    8 |    9 |    8 |
|ae203-0.CMDNNJ-VFTTP-316.verizon-gni.net -    0 |   40 |   40 |   14 |   14 |   17 |   14 |
|pool-173-71-99-55.cmdnnj.fios.verizon.net -    0 |   40 |   40 |   14 |   14 |   15 |   15 |

 

We try already that fixes and we change also the router and we reboot them all but nothing...

But the issue seems to affect Comcast also...

 

One common thing about both servers is that they are the only ones that i don't use Cloudflare that's why i thought about Centminmod or firewall adjustments that may need.....

 

Yes using a vpn they can connect without any issues

 

No i didn't adjust anything there...

On the log i can't find any entry of the users ip....

Some of them related?:

Code:

server kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=0c:c4:7a:6e:c4:8a:00:ff:ff:ff:ff:fd:08:00 SRC=161.10.228.170 DST=158.69.127.169 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=42774 DF PROTO=TCP SPT=35733 DPT=23 WINDOW=4380 RES=0x00 SYN URGP=0

Code:

server kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=158.69.127.169 DST=37.187.231.251 LEN=204 TOS=0x00 PREC=0x00 TTL=64 ID=10893 DF PROTO=UDP SPT=25951 DPT=6193 LEN=184 UID=0 GID=0

and if i use csfstop also he can't open the web page....

 

Never use varnish on the exact subdomain that i send you....

Main domain is on another server....

Oops i just found DNS errors also using the dnsinspect....

That errors are related to domain dns correct?

Also are they related the nameservers of the server so i can check?

Thanks