13 posts / 0 new
Last post
#1 Wed, 04/22/2009 - 10:32
antishane

slave dns

I am trying to setup a slave dns server following the instructions on this page http://www.virtualmin.com/documentation/id,dns_slave_auto-configuration_... .

I have the firewalls on both servers open from port 10000 to 10010. I am using the root account as a login and I am getting these results.

Failed to connect to fastrpc.cgi : Failed to connect to xx.xx.xx.xx:10007 : Connection timed out

any help would be awesome!

Wed, 04/22/2009 - 11:22
Joe
Joe's picture

I dunno. Do you have both UDP and TCP open for those ports? (I'm guessing wildly...I would think Webmin would use TCP for this, but fastrpc might use UDP.)

--

Check out the forum guidelines!

Wed, 04/22/2009 - 12:27 (Reply to #2)
antishane

I cloned the rule for udp ports on both machines and fail :( still

Wed, 04/22/2009 - 13:01 (Reply to #3)
andreychek

Just for fun, could you log in over SSH, and type this:

[code:1]iptables -L -n[/code:1]

What output do you see when you type that?
-Eric

Wed, 04/22/2009 - 15:03 (Reply to #4)
antishane

I can't get ssh with this bb storm but I did suddenly recall one thing that often I overlook, Router.
Thanks for the quick response!

Idiot

Wed, 04/22/2009 - 17:20 (Reply to #5)
antishane

premature happy face. i set the server in question to the dmz for the router address and I still get the same results so here is the output of the command iptables -L -n.

-L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:20
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:21
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20000
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:10000:10010
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:10000:10010
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6666:6667
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Wed, 04/22/2009 - 17:43 (Reply to #6)
andreychek

Okay, so your firewall looks good. It definitely has the right ports opened up.

Are you 100% sure that the router in front of your slave DNS server is allowing TCP and UDP ports 10000 through 10010 through to the server?

Are you able to access Virtualmin on the Slave server from the Master DNS server?

You can test that using a command line browser such as "links:... log into the Master DNS server using SSH, then type:

links https://slave_dns_server_domain.com:10000

That will verify that the slave server is visible from the master.
-Eric

Wed, 04/22/2009 - 17:56 (Reply to #7)
antishane

it does show up in the text browser

Wed, 04/22/2009 - 19:26 (Reply to #8)
antishane

for fun, i tried the reverse of my goal, and from the machine i want to be the slave dns server, i can add the one i want as the master dns server as a slave, just not vise verse the way i want it. dont know if that means anything.?

Sun, 06/07/2009 - 07:52 (Reply to #9)
antishane

nudge

Thu, 04/23/2009 - 18:49
Joe
Joe's picture

You could try disabling fast RPC, or forcing fast RPC. The two mechanisms sometimes exhibit different characteristics in response to different network problems.

I'm kinda out of ideas; it's always just worked, for me. You can look in the webmin.log and miniserv.error on both machines for clues. It's pretty much certainly something in the network layer, but I'm not sure how to guide you on fixing or troubleshooting it.

--

Check out the forum guidelines!

Thu, 04/23/2009 - 19:10 (Reply to #11)
antishane

ok, i appreciate your effort, truely!

Shane

Thu, 04/23/2009 - 19:26 (Reply to #12)
antishane

disabling fast RPC was the ticket. thanks again.

Topic locked