The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

error sending response: host unreachable

Discussion in 'General Discussion' started by NoAgendas, Aug 17, 2006.

  1. NoAgendas

    NoAgendas Guest

    No sites are loading and ALL OF A SUDDEN server stats in whm shows a few services instead of all the monitored (service manager) services (see image)

    I've rebooted the box, upcp --force in stable,
    attempted to restart named (/scripts/restartsrv_named takes forever, hangs)

    I cannot view any sites. I even have to chmod 1777 /tmp after a reboot (every time) or else mysql/exmstats fail.

    I tailed /var/log/messages and it was strolling these lines for example:

    Aug 17 00:21:11 server named[24214]: zone client1.co.uk/IN: loaded serial 2006040801
    Aug 17 00:21:11 server named[24214]: zone client2-net.co.uk/IN: loaded serial 2006040807
    Aug 17 00:21:11 server named[24214]: zone client3.co.uk/IN: loaded serial 2006040701
    Aug 17 00:21:11 server named[24214]: zone client4.co.uk/IN: loaded serial 2006040803


    Aug 17 00:21:24 server named[24214]: client 212.188.4.13#3587: error sending response: host unreachable
    Aug 17 00:21:24 server named[24214]: client 212.188.4.13#3587: error sending response: host unreachable
    Aug 17 00:21:24 server named[24214]: client 168.95.192.24#32779: error sending response: host unreachable
    Aug 17 00:21:24 server named[24214]: client 81.30.144.244#32768: error sending response: host unreachable
    Aug 17 00:21:24 server named[24214]: client 202.101.226.68#38212: error sending response: host unreachable




    How do I fix this stupid problem?


    If I stop apf, bind seems to work (notice, I say "seems")

    apf.conf

    # Common ingress (inbound) TCP ports
    IG_TCP_CPORTS="21,25,53,80,110,143,443,2083,2086,2087,2096,3000_5000,5432,22305"

    # Common ingress (inbound) UDP ports
    IG_UDP_CPORTS="53"

    # Common ICMP (inbound) types
    # 'internals/icmp.types' for type definition; 'all' is wildcard for any
    IG_ICMP_TYPES="3,5,11,0,30,8"

    # Egress filtering [0 = Disabled / 1 = Enabled]
    EGF="1"

    # Common egress (outbound) TCP ports
    EG_TCP_CPORTS="21,25,80,443,43,2089"

    # Common egress (outbound) UDP ports
    EG_UDP_CPORTS="20,21,53"


    I also have other rf-x modules installed: BFD, SPRI, SIM, LSM, LES, PRM to name a few

    stopping / restart named is very slow (while cpu/memory load is minimal). I do not know why.
     
    #1 NoAgendas, Aug 17, 2006
    Last edited by a moderator: Aug 17, 2006
  2. NoAgendas

    NoAgendas Guest

    Cpanel loads EXTREMELY SLOW (while the most minimal cpu/memory usage as well)

    I ran this to correct the latest cpsrvd bug reported by many

    rm -f /usr/local/cpanel/perl/Net/SSLeay/SSLeay.so
    kill `cat /var/run/cpsrvd.pid`
    /usr/local/cpanel/cpsrvd
    /usr/local/cpanel/etc/init/startstunnel


    Notice "cp" running, it stays there on top changing PID's and I did killall -9 cp to see if cpanel would load faster (never seen 'cp' in top before honestly)...that did not help at all. It came back by itself!

    Code:
    root@server [/tmp]# ps aux | grep cp
    root        15  0.0  0.0     0    0 ?        S<   Aug16   0:00 [kacpid]
    root      6793  0.0  0.0  1872  528 ?        Ss   Aug16   0:00 /usr/sbin/acpid
    root     13350  0.0  0.0  2748  336 ?        SNs  Aug16   0:00 jsvc.exec -user tomcat -cp ./bootstrap.jar -Djava.endorsed.dirs=../common/endorsed -debug -outfile ../logs/catalina.out -errfile ../logs/catalina.err -verbose org.apache.catalina.startup.Bootstrap -security
    tomcat   13351  0.5  1.4 298964 61828 ?      SNl  Aug16   2:20 jsvc.exec -user tomcat -cp ./bootstrap.jar -Djava.endorsed.dirs=../common/endorsed -debug -outfile ../logs/catalina.out -errfile ../logs/catalina.err -verbose org.apache.catalina.startup.Bootstrap -security
    root     11435  0.0  0.2 12728 9584 ?        SNs  01:00   0:00 /usr/bin/perl /scripts/cpbackup
    root     17635  0.0  0.0  1484  444 ?        SN   06:11   0:00 /usr/local/cpanel/bin/cpuwatch 10.0 /scripts/pkgacct instanta /backup/cpbackup/daily backup
    root     25456  0.0  0.1 12272 6576 pts/1    S    06:18   0:00 cpsrvd - waiting for connections
    root     25486  0.0  0.1 11528 7284 pts/1    SN   06:18   0:00 cpanellogd - setting up logs for mdmcam
    cpanel   28503  0.0  0.0  6176 2412 ?        Ssl  06:21   0:00 /usr/bin/stunnel-4.15local /usr/local/cpanel/etc/stunnel/default/stunnel.conf.run
    root     29417 12.4  0.1  6660 4308 ?        D    06:24   0:40 cp -R aquota.user backup bin boot dev error_log etc home initrd lib lost+found media misc mnt opt proc quota.user root sbin scripts selinux srv sys tmp usr var /usr/local/cpanel/whostmgr/docroot/themes/radiance/icons/
    root       380  0.0  0.1 13668 5548 ?        S    06:26   0:00 cppop - accepting on port 110
    mdmcam     499  0.0  0.1 11528 6724 pts/1    SN   06:27   0:00 cpanellogd - http logs for mdmcam
    root       504  0.0  0.1 13676 5732 ?        S    06:27   0:00 cppop - serving 200.21.159.154 - AUTHORIZATION
    root       507  0.0  0.1 13676 5732 ?        S    06:27   0:00 cppop - serving 200.21.159.154 - AUTHORIZATION
    empireco   545  0.2  0.1 13688 5924 ?        S    06:27   0:00 cppop - serving 165.146.34.131 - TRANSACTION - marie@domain.co.za
    root       605  0.0  0.1 13676 5732 ?        S    06:28   0:00 cppop - serving 200.21.159.154 - AUTHORIZATION
    root       606  0.0  0.1 13676 5732 ?        S    06:28   0:00 cppop - serving 200.21.159.154 - AUTHORIZATION
    empireco   659  0.0  0.1 13684 5876 ?        S    06:28   0:00 cppop - serving 165.146.34.131 - UPDATE - marlane@domain.co.za
    
    
     

    Attached Files:

    • top.gif
      top.gif
      File size:
      7.6 KB
      Views:
      35
  3. NoAgendas

    NoAgendas Guest

    Thank you chirpy you are right. Believe it or not, I just remembered that about 20 minutes ago.

    Good call :)

    What about this?

    "I cannot view any sites. I even have to chmod 1777 /tmp after a reboot (every time) or else mysql/exmstats fail."

    Others have this problem as well, mentioned on this forum
     
  4. NoAgendas

    NoAgendas Guest

    strange...my post after yours appeared before yours??


    My post showed up beofore yours, weird
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You need to open port 53 in and outbound for both UDP and TCP connections (looks like you're missing port 53 TCP outbound).

    It may not be a firewall issue too. Make sure that if you have any restrictions in your named.conf that you allow transfers and recursion from any of your servers IP addresses that could be used (plus any external ones using your server for recursive lookups).
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The only time I've seen problems with /tmp are if:

    1. You're using /scripts/securetmp and it's failing to mount the virtual partition in a timely manner or at all. If that's the case you need to stop any services accessing /tmp (httpd, MySQL, etc), umount /tmp and /var/tmp and then chmod 1777 the "real" /tmp directory.

    2. If you have backups configured to go to /tmp
     
  7. NoAgendas

    NoAgendas Guest

    Thank you, but after unmounting /tmp and chmodding it 1777, would I run securetmp again?

    If not, what method you suggest? Thanks
     
  8. NoAgendas

    NoAgendas Guest

    Chirpy where are you my friend?

    :D
     
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yes you should run it again to remount the /tmp virtual partition.
     
  10. NoAgendas

    NoAgendas Guest

    If I turn on egress filtering in APF, EGF="1" bind fails to start / restart correctly and shows this error:

    "error sending response: host unreachable"

    My apf.conf file:

    # Common ingress (inbound) TCP ports
    IG_TCP_CPORTS="21,25,53,80,110,143,443,2083,2086,2087,2096,3000_5000,5432,22305"

    # Common ingress (inbound) UDP ports
    IG_UDP_CPORTS="53"

    # Common ICMP (inbound) types
    # 'internals/icmp.types' for type definition; 'all' is wildcard for any
    IG_ICMP_TYPES="3,5,11,0,30,8"

    # Egress filtering [0 = Disabled / 1 = Enabled]
    EGF="1"

    # Common egress (outbound) TCP ports
    EG_TCP_CPORTS="21,25,80,443,43,2089"

    # Common egress (outbound) UDP ports
    EG_UDP_CPORTS="20,21,53"
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Mentioned that already ;)
     
  12. NoAgendas

    NoAgendas Guest

    Thanks. You mean this one?

    # Common egress (outbound) TCP ports
    EG_TCP_CPORTS="21,25,80,443,43,2089"

    Should be

    # Common egress (outbound) TCP ports
    EG_TCP_CPORTS="21,25,53,80,443,43,2089"

    ? Strange that it is not there by default
     
  13. NoAgendas

    NoAgendas Guest

    By the way, can you please show the best / secured APF configuration that you recommend? I already am aware of disabling 2082/2096 for example
     
  14. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yes, that's the one.
     
  15. NoAgendas

    NoAgendas Guest

    Thanks. I think you missed my last question as you responded at the same time.

    What recommend APF config would you suggest?

    Environment:
    cpanel shared web hosting
    all services local (mysql, dns, web, etc)
     
  16. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  17. NoAgendas

    NoAgendas Guest

    I get this problem this problem now, egress on or off

    root@server [~]# nslookup www.domain.org
    Server: 192.104.107.1
    Address: 192.104.107.1#53

    ** server can't find www.domain.org: SERVFAIL

    Odd enough, dnsstuff.com reports the domain ok, it works fine via web as well.

    Named is up too
     
    #17 NoAgendas, Aug 22, 2006
    Last edited by a moderator: Aug 22, 2006
  18. NoAgendas

    NoAgendas Guest

    What do you know. Out of the blue, one of the two resolvers was missing from resolv.conf

    Not the first time cpanel did something stupid to the resolver file (happened twice in the past to my experience)
     
  19. wkdwich

    wkdwich Well-Known Member

    Joined:
    Apr 11, 2005
    Messages:
    105
    Likes Received:
    0
    Trophy Points:
    16
    I'm having a similar issue, high loads, slammed with spam that come in faster than I can delete them, loads very high so I do sendmail -bp to get the mail ID # and manually remove
    Code:
    rm -f /var/spool/exim/input/i/1GZtui-0004Ua-6x-*
    
    The log watch report last night was 132k but have been 37-94k.. I see some very consistant IP's in there.. one in particular I added to the block in iptables and it continues to show up
    Code:
        client 12.130.132.229 error sending response: host unreachable: 1042 Time(s)
    and that is a LOW number!!

    the problem is since last Monday this has been a regular occuance, I see loads of these
    lame server resolving
    error sending response: host unreachable
    unexpected RCODE (15)
    It has been happening around 12.30 EST (NY) time and sometimes at 2.30p If I watch the logs, message, maillog, examine the logwatch report in excel, there are just so many different IP's. I was thinking I need to block them - the ones with number of 50 in the logs.. but I dont know how to add them all at once rather than individually
    Code:
    iptables -A INPUT -s 12.130.132.229 -j DROP
    Thats the one I droppped the other day and last night it was in the logwatch again with 819 attempts at whever it was doing - thats what I dont understand at ll here.. what is this IP doing that it is triggering something here and the event to the log??

    I run apf and bfd, and I am not sure what else you need to know.. I think I need someone (willing to pay) to tweak up this box ASAP before my clients start leaving (well 1 I will pack her bags for her, but the rest...)

    Doing some googling on this, I see many suggestions to dev/null to the log (not log the entry) but thats shutting the gate after the horse has left.. I want these people to stop whatever it is they are doing to trigger this event that is then logged..

    help please!!
     
  20. wkdwich

    wkdwich Well-Known Member

    Joined:
    Apr 11, 2005
    Messages:
    105
    Likes Received:
    0
    Trophy Points:
    16

    OK I know I am supposed to know this but when the stuff hit the fan as it did today (again) my brain goes blank.. sad but true.. anyway my resolv.conf shows my 2 nameserver IP's is that correct???
     
Loading...

Share This Page