Join the community today
Register Now

Linode Linode connection reset by peer additional IPs?

Discussion in 'Virtual Private Server (VPS) hosting' started by BusyBee, Jul 19, 2017.

Tags:
  1. BusyBee

    BusyBee Member

    40
    9
    8
    May 31, 2014
    Ratings:
    +10
    Local Time:
    8:05 PM
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: i.e. 1.13.3
    • PHP Version Installed: 5.6.30
    • MariaDB MySQL Version Installed: 10.0.21
    • When was last time updated Centmin Mod code base ? : yesterday
    • Persistent Config: nope
    Just want to know if you guys use more IPs in one VPS especially at Linode ;)

    i have 7 IPs in one VPS (Linode) - everytime i reboot my browser show "connection reset by peer" this is only happen at Centos7 but everything fine on Centos6.

    Linode support said everything is fine still discussing with them via ticket.

    regards,

    BusyBee

     
  2. eva2000

    eva2000 Administrator Staff Member

    55,230
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    11:05 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    wow how you manage 7 IPs on Linode, they have IP justification requirements for each IP additionally added :)

    but yes if you reboot your server and it isn't fully online with all services i.e. networking working yet, then accessing your sites/ips wouldn't work

    how did you add the IPs Linux Static IP Configuration ?

    and Linux Static IP Configuration

     
    Last edited: Jul 19, 2017
  3. buik

    buik “The best traveler is one without a camera.”

    2,033
    525
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,679
    Local Time:
    3:05 PM
    Easy Peasy. 7 IPS for 7 commercial certificates and you are done.
    They are extremely easy and helpful @ Linode.
     
  4. eva2000

    eva2000 Administrator Staff Member

    55,230
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    11:05 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    sweet, yeah only every used SSL cert as justification for non-SNI usage :)
     
  5. BusyBee

    BusyBee Member

    40
    9
    8
    May 31, 2014
    Ratings:
    +10
    Local Time:
    8:05 PM
    Linode really understand how to treat their customers and as a customers i should know how to use their services and not to "abuse" their policy ;)

    Hmmm which make me curious this only happen on centos7 not with centos6

    did follow the guidelines too, same error.

    Thats why i want to know if everyone ever use centminmod scripts on Servers or VPS with many IPs before... :)

    Yeah, compare with DigitalOcean "one IP one VPS policy"
     
  6. BusyBee

    BusyBee Member

    40
    9
    8
    May 31, 2014
    Ratings:
    +10
    Local Time:
    8:05 PM
    update: after long discussions, found out the firewall rules in centos7 is the one that cause the problem.

    do you guys know how do i turn off this firewall rules forever? this rules always activate when i reboot my linode.

    cheers,

    BusyBee
     
  7. eva2000

    eva2000 Administrator Staff Member

    55,230
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    11:05 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    CSF Firewall shouldn't cause problems.. what is the specific firewall rule/block exactly causing problems ?
     
  8. BusyBee

    BusyBee Member

    40
    9
    8
    May 31, 2014
    Ratings:
    +10
    Local Time:
    8:05 PM
    1. CSF firewall is turn off since in the beginning.

    2. i use this command from Linode support

    sudo iptables -I INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
    sudo iptables -I OUTPUT -p tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT
    sudo iptables -I INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
    sudo iptables -I OUTPUT -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT

    And flush the firewall rules:

    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT

    bingo! all website with 7 dedicated IPs works!

    3. But it will happen again when i reboot the Linode then i have to redo above command.

    4. only happen at Centos7 for now at Linode, i havent try with another VPS company.

    regards,

    BusyBee
     
  9. eva2000

    eva2000 Administrator Staff Member

    55,230
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    11:05 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    there is your problem, CSF Firewall automatically configures iptables for the rules you are having issues with. If you left CSF Firewall enabled, you would not have problems.

    When you turn off CSF Firewall, there are no iptable rules hence your problems ;)

    Always leave CSF Firewall enabled ;)

    Reason why you do not see problem with CentOS 6 is that centmin mod's nginx install routine temporary sets iptables rule to allow port 80 for non-CentOS 7 systems
    Code (Text):
    # only run for CentOS 6.x
    if [[ "$CENTOS_SEVEN" != '7' ]]; then
        # rackspace cloud servers block port 80 so need to allow it
        iptables -I RH-Firewall-1-INPUT -p tcp --dport 80 -j ACCEPT
    fi # CENTOS_SEVEN != 7
    

    before CSF Firewall install configures iptables properly.

    Again, always leave CSF Firewall enabled for best security and operation !!!!
     
  10. BusyBee

    BusyBee Member

    40
    9
    8
    May 31, 2014
    Ratings:
    +10
    Local Time:
    8:05 PM
    all this time because firewall LOL.

    #1 i decide to turn off the firewall since i use this VPS for testing with "centminmod beta script" at centos7.
    #2 always making mistake when typing password on SSH and i dont want to create another tunnel via another server lol

    Thanks for clarification.

    regards,

    BusyBee