Unable to access virtualmin/webmin externally

11 posts / 0 new
Topic locked
Last post
#1 Sat, 12/18/2010 - 12:40
Pezmc

Unable to access virtualmin/webmin externally

I am unsure whether this is virtualmin or webmin. I have been at university (living in halls), managing a server at the university (although several miles away), which I guess is on the same network so it doesn't go via the internet (based on a ping of <5ms).

I have just got home and am unable to access my server using http or https from this network, however if I SHH into the server and run google-chrome and then visit 127.0.0.1:10000 everything works fine. I can access other services on the server such as :80 or vent but not virtual/webmin.

Have I done something wrong? Do I need to turn on external access or something?

My disallowed file is empty as far I am can tell.

Many thanks for your time,

Sat, 12/18/2010 - 12:50
andreychek

Howdy,

Well, try restarting Webmin, using: /etc/init.d/webmin restart

Does that help?

If not, what kind of error are you seeing?

There's a variety of things that could be contributing to the problem -- firewalls, NAT routers, and other related issues. Let us know what error/symptoms you're seeing and we can work from there :-)

-Eric

Sat, 12/18/2010 - 13:08
Locutus

Provided that Webmin is listening on all interfaces, this sounds to me like an external firewall is blocking port 10000.

You can use the command netstat -ltnp to check what Webmin is listening to. You should see a line with the port number :10000, if the IP is 0.0.0.0, then it's okay; if it's 127.0.0.1, then Webmin is only listening on localhost.

You can also try iptables -L -v to make sure there's no local firewall blocking stuffs.

Sat, 12/18/2010 - 13:14
Pezmc

Many thanks for you time,

Restarting rebooted as I expect it should do (see bottom of post).

Trying to access the ip (which I guess is safe to post here) - https://130.88.149.86:10000/ - Results in 'Sending request...'s' and then fails with could not connect, in Chrome 'Oops! Google Chrome could not connect to 130.88.149.86:10000'.

However loading :80 is pretty instant.

As far am I am aware the server is corrected directly to the internet (in the university DMZ) so I don't think a firewall could be getting in the way.

What else do you suggest?

Thanks again,

"pez@brave:~$ sudo -i [sudo] password for pez: root@brave:~# /etc/init.d/webmin restart Stopping Webmin server in /usr/share/webmin Starting Webmin server in /usr/share/webmin Pre-loaded virtual-server/virtual-server-lib-funcs.pl in virtual_server Pre-loaded virtual-server/feature-unix.pl in virtual_server Pre-loaded virtual-server/feature-dir.pl in virtual_server Pre-loaded virtual-server/feature-dns.pl in virtual_server Pre-loaded virtual-server/feature-mail.pl in virtual_server Pre-loaded virtual-server/feature-web.pl in virtual_server Pre-loaded virtual-server/feature-webalizer.pl in virtual_server Pre-loaded virtual-server/feature-ssl.pl in virtual_server Pre-loaded virtual-server/feature-logrotate.pl in virtual_server Pre-loaded virtual-server/feature-mysql.pl in virtual_server Pre-loaded virtual-server/feature-postgres.pl in virtual_server Pre-loaded virtual-server/feature-ftp.pl in virtual_server Pre-loaded virtual-server/feature-spam.pl in virtual_server Pre-loaded virtual-server/feature-virus.pl in virtual_server Pre-loaded virtual-server/feature-webmin.pl in virtual_server Pre-loaded virtual-server/feature-virt.pl in virtual_server Pre-loaded virtual-server/feature-virt6.pl in virtual_server Pre-loaded WebminCore root@brave:~# "

Sat, 12/18/2010 - 13:23
Locutus

My suggestions I listed in my first post. :)

I tested connecting to the IP you mentioned. As you said, port 80 and 22 are open, and 10000 times out. That means it's not due to "no service is listening" (in that case, the connection failure message would occur immediately), but packets to that port are actively dropped.

My assumption is still a local or external firewall/packet filter.

Sat, 12/18/2010 - 14:16
Pezmc

Trying your suggestions "tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN - "

and

"Chain INPUT (policy ACCEPT 54M packets, 20G bytes) pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr0 any anywhere anywhere udp dpt:domain 0 0 ACCEPT tcp -- virbr0 any anywhere anywhere tcp dpt:domain 0 0 ACCEPT udp -- virbr0 any anywhere anywhere udp dpt:bootps 0 0 ACCEPT tcp -- virbr0 any anywhere anywhere tcp dpt:bootps"

======

I would be very surprised if there is a firewall as I seem to be able to use any port I wish, is there a way I can forward a port to virtualmin?

Sat, 12/18/2010 - 14:36
andreychek

Yeah, something, somewhere, is blocking port 10000. I'm not sure where yet :-)

Is your server behind a NAT router?

If so, you'd want to make sure that router is forwarding port 10000 into your Virtualmin server.

-Eric

Sun, 12/19/2010 - 04:31
Pezmc

I'm not to sure... how do I find out?

My traceroute from the server to Google

traceroute to google.com (173.194.37.104), 30 hops max, 60 byte packets
 1  gw.compsoc.man.ac.uk (130.88.149.94)  0.870 ms  0.905 ms  0.960 ms
 2  gw-rh.its.manchester.ac.uk (130.88.250.10)  0.340 ms  0.403 ms  0.452 ms
 3  gw-uom-rh.its.manchester.ac.uk (130.88.250.78)  0.412 ms  0.486 ms  0.547 ms
 4  gw-man-rh.netnw.net.uk (194.66.26.105)  0.442 ms  0.504 ms  0.548 ms
 5  so-1-2-0.leed-sbr1.ja.net (146.97.42.169)  1.575 ms  1.605 ms  1.641 ms
 6  so-5-1-0.lond-sbr1.ja.net (146.97.33.98)  5.918 ms  5.928 ms  5.901 ms
 7  as0.lond-sbr4.ja.net (146.97.33.154)  35.859 ms  35.858 ms  35.845 ms
 8  po1.lond-ban4.ja.net (146.97.35.110)  6.383 ms  6.383 ms  6.413 ms
 9  72.14.198.193 (72.14.198.193)  6.395 ms  6.385 ms  6.364 ms
10  209.85.252.76 (209.85.252.76)  6.645 ms 209.85.255.175 (209.85.255.175)  6.891 ms  6.553 ms
11  209.85.251.202 (209.85.251.202)  6.815 ms 209.85.251.58 (209.85.251.58)  7.002 ms  7.045 ms
12  lhr14s02-in-f104.1e100.net (173.194.37.104)  6.763 ms  6.806 ms  6.691 ms
Sat, 12/18/2010 - 16:06
Locutus

"Traceroute to google.com"? What does that have to do with the problem at hand? :)

If anything, then a traceroute to the server in question would be useful. And, please put screen outputs in   tags, otherwise they're barely readable (no linebreaks, no fixed-width font).

If you don't know yourself about how the network at the university that connects the server is set up, you should ask the administrators of the systems in question if there is a firewall or router that needs to be configured. My assumption is that some firewall is set up to allow only certain ports in. I know that we have such a setup at my university (and I also know whom I must email when I need a port for one of our systems opened :) ).

Sun, 12/19/2010 - 05:09 (Reply to #9)
Pezmc

The previous was from the server to google xD

Guessing based on the names of servers it goes though it has [codeManchester Network Node Manager Gateway for the Uni Gateway for "RH" Gateway for KB (building server is in)[/code]

I didn't know that this forum supported code will use from now on! If there is a firewall I am very surprised but I have no idea who to email, maybe i'll have to follow the fiber cable!

Is there a way I can map another port to https://127.0.0.1:10000 so when external I can use a different port?

traceroute to 130.88.149.86 (130.88.149.86), 64 hops max, 52 byte packets
 1  192.168.2.1 (192.168.2.1)  1.520 ms  0.954 ms  0.857 ms
 2  lo0-plusnet.pte-ag2.plus.net (195.166.128.72)  33.590 ms  34.640 ms  30.716 ms
 3  ge0-0-0-504.pte-gw1.plus.net (84.92.4.89)  29.916 ms  30.310 ms  30.388 ms
 4  po4.pte-gw2.plus.net (212.159.1.188)  29.323 ms  30.847 ms  29.871 ms
 5  linx-gw1.ja.net (195.66.224.15)  29.310 ms  30.596 ms  28.487 ms
 6  ae1.lond-sbr4.ja.net (146.97.35.181)  29.864 ms  39.147 ms  29.265 ms
 7  as0.lond-sbr1.ja.net (146.97.33.153)  29.452 ms  29.493 ms  31.007 ms
 8  so-5-0-0.leed-sbr1.ja.net (146.97.33.97)  33.890 ms  34.280 ms  34.455 ms
 9  nnw-man1-2.site.ja.net (146.97.42.174)  36.622 ms  39.399 ms  37.384 ms
10  gw-uom-rh.its.manchester.ac.uk (194.66.26.106)  35.941 ms  36.361 ms  34.922 ms
11  gw-rh.its.manchester.ac.uk (130.88.250.77)  37.006 ms  37.843 ms  36.040 ms
12  gw-kb.its.manchester.ac.uk (130.88.250.9)  86.294 ms  60.544 ms  112.283 ms
13  brave.compsoc.man.ac.uk (130.88.149.86)  35.064 ms  36.010 ms  34.707 ms
Sun, 12/19/2010 - 07:14
Locutus

I'm quite sure there is some kind of IT department at your university where you can ask about the network setup and possible firewalls that are "in the way" to your server? :) If in doubt, query your NIC or Whois or ARIN for contact information of who's responsible for the domain names / IP ranges involved.

As for port number, you can certainly configure Webmin to listen to a port other than 10000. Though if only certain ports are open from the outside, that won't help, except you set it to port 80 (or another open one that is not yet in use). :)

Topic locked