Get the most out of your Centmin Mod LEMP stack
Become a Member

Install NAT based vps

Discussion in 'Install & Upgrades or Pre-Install Questions' started by JarylW, Jul 22, 2016.

  1. JarylW

    JarylW Active Member

    213
    39
    28
    Jun 19, 2014
    Singapore
    Ratings:
    +99
    Local Time:
    7:21 PM
    Earlier I tried to install centminmod on OVZ based NAT vps but to no avail.

    Think some time ago, it was mentioned that centminmod doesnt support OVZ? I'm not sure about NAT vps but seems like due to having non standard default port, some parts of the automation might have been incompatible?

    Immediately noticed I couldn't connect to VPS after successful install despite changing SSHd port and verifying pprt entries in iptables
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,146
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    9:21 PM
    Nginx 1.13.x
    MariaDB 5.5
    Centmin Mod supports OpenVZ, KVM, Xen fine so definitely not the problem. It's more likely NAT based VPS setup. Which web host did you try it on ? But if the only problem was after you changed SSHD port, have you tried without changing SSHD port do you have issues ? If not then the SSHD port change was the issue. How did you change the SSHD port ?

    CSF firewall related CSF - CSF Firewall info

    more info might be helpful
    1. What version of Centmin Mod ? .08 stable or .09 beta ? If .09 beta when was it installed and when was last time you updated the code ?
    2. What's your VPS/Server hardware specifications ? Xen/KVM/OpenVZ ? cpu type ? memory available ? disk space ? OS and version ? i.e. CentOS 6.7 or 7.2 ?
    3. Who's your web host ?
    4. Your ISP ip address static/dynamic ?
    5. What were you doing connection wise to your server leading up to the blockage ?
    6. If you're on dynamic ip, you may need additional steps CSF Firewall as per Getting Started Guide step 4
    7. Other steps: Does your web host offer out of band VNC/KVM/IPMI Console access? If you can, check if you ips are blocked using csf -g grep command
      Code:
      csf -g YOURIPADDRESS
      commands you can see for csf via
      Code:
      csf -h
      whitelist your ISP range of ips if you know the range
      Code:
      csf -a IPADDRESSORRANGE
      remove temp and permanent blocks from csf
      Code:
      csf -tr IPADDRESS
      csf -dr IPADDRESS
      also check CSF /var/log/lfd.log for clues
      Code:
      tail -50 /var/log/lfd.log
      another log is /var/log/messages you can grep it for your ips
      Code:
      grep IPADDRESS /var/log/messages
      and your /var/log/secure
      Code:
      tail -20 /var/log/secure
     
  3. JarylW

    JarylW Active Member

    213
    39
    28
    Jun 19, 2014
    Singapore
    Ratings:
    +99
    Local Time:
    7:21 PM
    Wow - that is a lot of information. Hosting provider is i83.net - 256MB RAM. SSH port assigned to me to access server was 7322.

    I was unable to access the server (opened a new SSH session to test) right after completion of centminmod install. So yes, I have tried it without changing SSHD port - I am quite certain centminmod sets CSF/iptables rules for port 22 by default - which is why I changed it via centminmenu. Set current port as 22 - and new port as 7322. The script updated /etc/ssh/sshd_config and iptables automatically.

    1. What version of Centmin Mod ? .08 stable or .09 beta ? If .09 beta when was it installed and when was last time you updated the code ?
      .09 beta - fresh install
    2. What's your VPS/Server hardware specifications ? Xen/KVM/OpenVZ ? cpu type ? memory available ? disk space ? OS and version ? i.e. CentOS 6.7 or 7.2 ?
      1 Intel E3 vCPU
      256mb DDR3 RAM
      256mb SWAP
      15gb RAID Storage
      1 Shared IPv4 (20 Ports)

      CentOS6
    3. Who's your web host ?
      i83.net
    4. Your ISP ip address static/dynamic ?
      at office - static.
    5. What were you doing connection wise to your server leading up to the blockage ?
      nothing
    6. If you're on dynamic ip, you may need additional steps CSF Firewall as per Getting Started Guide step 4
    7. Other steps: Does your web host offer out of band VNC/KVM/IPMI Console access? If you can, check if you ips are blocked using csf -g grep command
      Yes. none are blocked.
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,146
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    9:21 PM
    Nginx 1.13.x
    MariaDB 5.5
    You mean i-83.net ? problem is probably due to NAT VPS where you're sharing an IP with other VPSes. I have never used such a setup but i suspect CSF Firewall isn't properly setup for it. Probably need to ask the web host what needs to be configured on CSF Firewall/ip tables end.
     
  5. JarylW

    JarylW Active Member

    213
    39
    28
    Jun 19, 2014
    Singapore
    Ratings:
    +99
    Local Time:
    7:21 PM
    Yup. I have never used it either. Wanted to experiment to see if it would work well, but seems like it is more trouble than it is worth. Likely a lot of compatibility issues with automation since I only get 20 open usable ports
     
    • Informative Informative x 1
  6. JarylW

    JarylW Active Member

    213
    39
    28
    Jun 19, 2014
    Singapore
    Ratings:
    +99
    Local Time:
    7:21 PM
    Managed to get it working. Seems if I dont alter the port via centmin.sh menu it would work. SSH is already not on port 22 so I suppose theres no need to mess with those settings.

    Side note: Using the menu #22 to install wordpress, is there a reason for super cache and super cache - clear all plugin being installed and activated despite indictating 'n' and having the script install Cache Enabler by KeyCDN?
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,146
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    9:21 PM
    Nginx 1.13.x
    MariaDB 5.5
    probably, what happens if you just restart csf firewall without any changes to SSHD port ?
    super cache plugins should be installed but not activated with 123.09beta01 centmin.sh menu option 22 probably can be removed by default seeing how much better keycdn cache enabler is
     
    • Winner Winner x 1
  8. eva2000

    eva2000 Administrator Staff Member

    30,146
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    9:21 PM
    Nginx 1.13.x
    MariaDB 5.5
    • Informative Informative x 1
  9. JarylW

    JarylW Active Member

    213
    39
    28
    Jun 19, 2014
    Singapore
    Ratings:
    +99
    Local Time:
    7:21 PM
    I actually rebooted the whole server to test and it works great. guess they must have made it compatible somehow.

    I will try it for a personal site. Currently for like 10 pounds a year (i think?) it seems very promising.
     
    • Like Like x 1