Hi,
Left for a week, now when I try to login to the control panel I get no response?
using: https://webserver.domain.com:10000
This is the only thing listed in miniserv.error for today.
[08/Feb/2011:16:39:44 +0000] miniserv.pl started
[08/Feb/2011:16:39:44 +0000] PAM authentication enabled
just rebooted server and still nothing, the the one website on the server is working.
Any ideas?
Howdy,
Yeah, that’s pretty unusual… the first thing I’d check is to make sure that Webmin is indeed listening on port 1000. You can do that by running this command:
netstat -an | grep :10000
After running that, what output do you get?
If you see something like this:
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
That means Webmin/Virtualmin is working properly, and the issue may be due to a firewall or similar in front of your server that’s blocking that port.
-Eric
Hi
Yup thats what it says,
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:10000 0.0.0.0:*
How can I disable iptables? I can rebuild it once i am in the control panel.
Regards,
Kevin
Howdy,
Well, it’s not necessarily a firewall on your own server… but we can figure that out. What output do you receive if you run this command:
iptables -L -n
This is what it says…
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-ssh-ddos tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
fail2ban-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
fail2ban-pam-generic tcp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all – 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-pam-generic (1 references)
target prot opt source destination
RETURN all – 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all – 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-ssh-ddos (1 references)
target prot opt source destination
RETURN all – 0.0.0.0/0 0.0.0.0/0
Howdy,
It looks like all your firewall rules were added by fail2ban. If clearing out iptables solves the problem, you should probably review fail2ban and make sure it’s working the way it should 
One way to clear out all the iptables rules would be to run the following commands:
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
On some distros, you can simply use the iptables init script and stop it – but the key is to make sure that the policies for all your chains are set to ACCEPT, which the above would do.
-Eric
Hi,
Yes that fixed it. I cleared the firewall rules and it worked.
Where is the access log for the control panel, I want to check to see if there was an attack of some kind on the login screen?
Regards,
Keyvan
Using the Webmin/Virtualmin GUI, you can find all your servers logs in Webmin -> System -> System Logs.
Or, if you’re using SSH, the Webmin/Virtualmin logs are in /var/webmin – take a look at miniserv.log and miniserv.error.
-Eric