Problems after migration to Rackspace cloud server

medennis

Registered
Nov 5, 2012
1
0
1
cPanel Access Level
Root Administrator
We're in the process of migrating two cpanel installations to cloud services using Express Transfer via ssh.
The first to TekTonic, all 90 domains migrated smoothly and are working properly.

From the second, two domains were migrated to RackSpace - there were no errors in the transfer, but one continued to time out and it was necessary to change the dns back to the original server.
At the time, host lookups returned the new server ip, and pings were successful. Traceroutes timed out one hop short of the server, which may have complicated matters, but are completing now.

For the second, the page usually times out, but when it loads it doesn't display any of the graphics.

Also, even though "Enable mod_userdir Protection" is unchecked, sites timeout when accessed via http://fqdn(or ip)/~username.

--------------------------------
Just before opening a trouble ticket with the above, I thought for thoroughness I should try shutting off the firewall. That was it. Everything worked correctly with it off, and still worked after installing an edited copy of the iptables from the original server.

Here's what was on the Rackspace server:
Code:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [50:4650]
-A INPUT -p tcp -m tcp --dport 2087 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2086 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2078 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2082 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2077 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 26 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2086 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2087 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2095 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2096 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2083 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Here's what was on the new server at Tectonic:
Code:
*nat
:PREROUTING ACCEPT [528117:31259433]
:POSTROUTING ACCEPT [136925:9621749]
:OUTPUT ACCEPT [136925:9621749]
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mailman -j RETURN
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mail -j RETURN
-A OUTPUT -d 127.0.0.1/32 -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner cpanel -j RETURN
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner root -j RETURN
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -j REDIRECT
COMMIT
*filter
:INPUT ACCEPT [59217:5429689]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [44553:104488134]
:acctboth - [0:0]
-A INPUT -j acctboth
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mailman -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mail -j ACCEPT
-A OUTPUT -d 127.0.0.1/32 -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner cpanel -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner root -j ACCEPT
-A OUTPUT -j acctboth
-A acctboth -s ipaddress ! -i lo -p tcp -m tcp --dport 80
-A acctboth -d ipaddress ! -i lo -p tcp -m tcp --sport 80
-A acctboth -s ipaddress ! -i lo -p tcp -m tcp --dport 25
-A acctboth -d ipaddress ! -i lo -p tcp -m tcp --sport 25
-A acctboth -s ipaddress ! -i lo -p tcp -m tcp --dport 110
-A acctboth -d ipaddress ! -i lo -p tcp -m tcp --sport 110
-A acctboth -s ipaddress ! -i lo -p icmp
-A acctboth -d ipaddress ! -i lo -p icmp
-A acctboth -s ipaddress ! -i lo -p tcp
-A acctboth -d ipaddress ! -i lo -p tcp
-A acctboth -s ipaddress ! -i lo -p udp
-A acctboth -d ipaddress ! -i lo -p udp
-A acctboth -s ipaddress ! -i lo
-A acctboth -d ipaddress ! -i lo
-A acctboth ! -i lo
COMMIT
I'm still curious why the iptables rules turned out so different from the original or another new install.