I am unsure whether this is virtualmin or webmin. I have been at university (living in halls), managing a server at the university (although several miles away), which I guess is on the same network so it doesn’t go via the internet (based on a ping of <5ms).
I have just got home and am unable to access my server using http or https from this network, however if I SHH into the server and run google-chrome and then visit 127.0.0.1:10000 everything works fine. I can access other services on the server such as :80 or vent but not virtual/webmin.
Have I done something wrong? Do I need to turn on external access or something?
There’s a variety of things that could be contributing to the problem – firewalls, NAT routers, and other related issues. Let us know what error/symptoms you’re seeing and we can work from there
Provided that Webmin is listening on all interfaces, this sounds to me like an external firewall is blocking port 10000.
You can use the command netstat -ltnp to check what Webmin is listening to. You should see a line with the port number :10000, if the IP is 0.0.0.0, then it’s okay; if it’s 127.0.0.1, then Webmin is only listening on localhost.
You can also try iptables -L -v to make sure there’s no local firewall blocking stuffs.
Restarting rebooted as I expect it should do (see bottom of post).
Trying to access the ip (which I guess is safe to post here) - https://130.88.149.86:10000/ - Results in 'Sending request…‘s’ and then fails with could not connect, in Chrome ‘Oops! Google Chrome could not connect to 130.88.149.86:10000’.
However loading :80 is pretty instant.
As far am I am aware the server is corrected directly to the internet (in the university DMZ) so I don’t think a firewall could be getting in the way.
What else do you suggest?
Thanks again,
"pez@brave:~$ sudo -i
[sudo] password for pez:
root@brave:~# /etc/init.d/webmin restart
Stopping Webmin server in /usr/share/webmin
Starting Webmin server in /usr/share/webmin
Pre-loaded virtual-server/virtual-server-lib-funcs.pl in virtual_server
Pre-loaded virtual-server/feature-unix.pl in virtual_server
Pre-loaded virtual-server/feature-dir.pl in virtual_server
Pre-loaded virtual-server/feature-dns.pl in virtual_server
Pre-loaded virtual-server/feature-mail.pl in virtual_server
Pre-loaded virtual-server/feature-web.pl in virtual_server
Pre-loaded virtual-server/feature-webalizer.pl in virtual_server
Pre-loaded virtual-server/feature-ssl.pl in virtual_server
Pre-loaded virtual-server/feature-logrotate.pl in virtual_server
Pre-loaded virtual-server/feature-mysql.pl in virtual_server
Pre-loaded virtual-server/feature-postgres.pl in virtual_server
Pre-loaded virtual-server/feature-ftp.pl in virtual_server
Pre-loaded virtual-server/feature-spam.pl in virtual_server
Pre-loaded virtual-server/feature-virus.pl in virtual_server
Pre-loaded virtual-server/feature-webmin.pl in virtual_server
Pre-loaded virtual-server/feature-virt.pl in virtual_server
Pre-loaded virtual-server/feature-virt6.pl in virtual_server
Pre-loaded WebminCore
root@brave:~# "
I tested connecting to the IP you mentioned. As you said, port 80 and 22 are open, and 10000 times out. That means it’s not due to “no service is listening” (in that case, the connection failure message would occur immediately), but packets to that port are actively dropped.
My assumption is still a local or external firewall/packet filter.
“Traceroute to google.com”? What does that have to do with the problem at hand?
If anything, then a traceroute to the server in question would be useful. And, please put screen outputs in tags, otherwise they’re barely readable (no linebreaks, no fixed-width font).
If you don’t know yourself about how the network at the university that connects the server is set up, you should ask the administrators of the systems in question if there is a firewall or router that needs to be configured. My assumption is that some firewall is set up to allow only certain ports in. I know that we have such a setup at my university (and I also know whom I must email when I need a port for one of our systems opened ).
traceroute to google.com (173.194.37.104), 30 hops max, 60 byte packets
1 gw.compsoc.man.ac.uk (130.88.149.94) 0.870 ms 0.905 ms 0.960 ms
2 gw-rh.its.manchester.ac.uk (130.88.250.10) 0.340 ms 0.403 ms 0.452 ms
3 gw-uom-rh.its.manchester.ac.uk (130.88.250.78) 0.412 ms 0.486 ms 0.547 ms
4 gw-man-rh.netnw.net.uk (194.66.26.105) 0.442 ms 0.504 ms 0.548 ms
5 so-1-2-0.leed-sbr1.ja.net (146.97.42.169) 1.575 ms 1.605 ms 1.641 ms
6 so-5-1-0.lond-sbr1.ja.net (146.97.33.98) 5.918 ms 5.928 ms 5.901 ms
7 as0.lond-sbr4.ja.net (146.97.33.154) 35.859 ms 35.858 ms 35.845 ms
8 po1.lond-ban4.ja.net (146.97.35.110) 6.383 ms 6.383 ms 6.413 ms
9 72.14.198.193 (72.14.198.193) 6.395 ms 6.385 ms 6.364 ms
10 209.85.252.76 (209.85.252.76) 6.645 ms 209.85.255.175 (209.85.255.175) 6.891 ms 6.553 ms
11 209.85.251.202 (209.85.251.202) 6.815 ms 209.85.251.58 (209.85.251.58) 7.002 ms 7.045 ms
12 lhr14s02-in-f104.1e100.net (173.194.37.104) 6.763 ms 6.806 ms 6.691 ms
Guessing based on the names of servers it goes though it has
[codeManchester Network Node Manager
Gateway for the Uni
Gateway for “RH”
Gateway for KB (building server is in)[/code]
I didn’t know that this forum supported code will use from now on! If there is a firewall I am very surprised but I have no idea who to email, maybe i’ll have to follow the fiber cable!
Is there a way I can map another port to https://127.0.0.1:10000 so when external I can use a different port?
traceroute to 130.88.149.86 (130.88.149.86), 64 hops max, 52 byte packets
1 192.168.2.1 (192.168.2.1) 1.520 ms 0.954 ms 0.857 ms
2 lo0-plusnet.pte-ag2.plus.net (195.166.128.72) 33.590 ms 34.640 ms 30.716 ms
3 ge0-0-0-504.pte-gw1.plus.net (84.92.4.89) 29.916 ms 30.310 ms 30.388 ms
4 po4.pte-gw2.plus.net (212.159.1.188) 29.323 ms 30.847 ms 29.871 ms
5 linx-gw1.ja.net (195.66.224.15) 29.310 ms 30.596 ms 28.487 ms
6 ae1.lond-sbr4.ja.net (146.97.35.181) 29.864 ms 39.147 ms 29.265 ms
7 as0.lond-sbr1.ja.net (146.97.33.153) 29.452 ms 29.493 ms 31.007 ms
8 so-5-0-0.leed-sbr1.ja.net (146.97.33.97) 33.890 ms 34.280 ms 34.455 ms
9 nnw-man1-2.site.ja.net (146.97.42.174) 36.622 ms 39.399 ms 37.384 ms
10 gw-uom-rh.its.manchester.ac.uk (194.66.26.106) 35.941 ms 36.361 ms 34.922 ms
11 gw-rh.its.manchester.ac.uk (130.88.250.77) 37.006 ms 37.843 ms 36.040 ms
12 gw-kb.its.manchester.ac.uk (130.88.250.9) 86.294 ms 60.544 ms 112.283 ms
13 brave.compsoc.man.ac.uk (130.88.149.86) 35.064 ms 36.010 ms 34.707 ms
I’m quite sure there is some kind of IT department at your university where you can ask about the network setup and possible firewalls that are “in the way” to your server? If in doubt, query your NIC or Whois or ARIN for contact information of who’s responsible for the domain names / IP ranges involved.
As for port number, you can certainly configure Webmin to listen to a port other than 10000. Though if only certain ports are open from the outside, that won’t help, except you set it to port 80 (or another open one that is not yet in use).
