Server Install and Firewall configuration

[3esmit]

Hello

I'm having some issues with server.. Seems like it was installed perfectly in my remote server by ssh, netstat -a shows up the server running, just like other services I installed.
But when I try to log in to my palace, it takes a lot of time to recognize it cannot, and says the server refused connection.
Seems like I have some issues with firewall.
I'm running a debian.
How can I configure my server to give access to the users?
Netstat -a says
tcp, recv 0, send 0, local address *:9998, remote address *:* state LISTINING.

the ps is:
/usr/local/palace/bin/pserver -f /usr/local/palace/palace/psdata/pserver.conf
root 3956 0.0 0.0 1628 552 pts/1 S 03:32 0:00 /usr/local/palace/bin/psfront -p 9998 -r /usr/local/palace/palace -l logs/pserver.log -s 0 -a localhost -n -b 0.0.0.0 -c 10
root 3957 0.0 0.0 1924 936 pts/1 S 03:32 0:00 /usr/local/palace/bin/psfront -p 9998 -r /usr/local/palace/palace -l logs/pserver.log -s 0 -a localhost -n -b 0.0.0.0 -c 10


If I install in my desktop linux (ubuntu karmic koala) it runs nice in the 127.0.0.1...

I'm not yet a great system administrator.

Thank you

[maarten]

Hey,

Well just to check some basics first: did you bind the server to the host IP in the pserver.conf file there is this part:

; BINDADDRESS: Local IP address to bind to. Default: localhost
; Default value: localhost
BINDADDRESS "xxx.xxx.xxx.xxx"

Localhost is default, so 127.0.0.1 wil work but if you try to enter a Palace through an outside IP it needs to have the correct bindaddress set.

Perhaps you already configured this, but I guess its a good place to start.

[3esmit]

Hello maarten,
Thank you for the answer...

I tryed a lot of configurations in pserver.conf, but notting.. Seems like its not accesible from outside, I think it may be some firewall thing.
Well, I will show you my server conf. maybe you can help me more...

nmap -p 9998 localhost (from inside the own server)

Code:

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2010-02-26 21:30 UTC
Interesting ports on lhf (127.0.0.1):
PORT     STATE SERVICE
9998/tcp open  unknown
Nmap finished: 1 IP address (1 host up) scanned in 0.047 seconds

nmap -p 80,9998 189.8.192.11 (from my laptop)

Code:

Starting Nmap 5.00 ( http://nmap.org ) at 2010-02-26 18:32 BRT
Interesting ports on 189.8.192.11:
PORT     STATE    SERVICE
80/tcp   open     http
9998/tcp filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 1.28 seconds

netstat:

Code:

Conexões Internet Ativas (servidores e estabelecidas)
Proto Recv-Q Send-Q Endereço Local          Endereço Remoto         Estado     
tcp        0      0 lhf:10001               *:*                     OUÇA      
tcp        0      0 *:ftp                   *:*                     OUÇA      
tcp        0      0 lhf:smtp                *:*                     OUÇA      
tcp        0      0 lhf:mysql               *:*                     OUÇA      
tcp        0      0 *:9998                  *:*                     OUÇA      
tcp        0      0 lhf:10001               lhf:44392               ESTABELECIDA
tcp        0      0 lhf:44392               lhf:10001               ESTABELECIDA
tcp        0      0 189.8.192.11:44144      nselite.com:9992        TIME_WAIT  
tcp        0      0 189.8.192.11:37075      nselite.com:9992        TIME_WAIT  
tcp6       0      0 *:www                   *:*                     OUÇA      
tcp6       0      0 *:https                 *:*                     OUÇA

iptables --list

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

cat /usr/local/palace/palace/psdata/pserver.conf

Code:

; This is the pserver configuration file. 
; Please read the instructions before modifying this file.
; The format for this file is very similar to that of the script
; file. All comments must have a ";" in the first column and all
; keywords must be UPPERCASE. All explicit strings must be within
; double-quotes.
; SERIALNUMBER: The serial number of the server. This is required.
SERIALNUMBER "6DV3K-PVY6F-RF2VT-QFG8S"
; LOGFILE: This is the base name of the log file used by this
; server. The actual file name will be logfilename.YYMMDD and a new
; file will be started every calander day.
; Default value: logs/pserver.log
; LOGFILE "logs/pserver.log"
; SCRIPTFILE: This is the name of the server script file
; The default is used when upgrading from pre 4.4 versions
; It reads the .dat file and splits it up into the
; pserver.prefs and pserver.pat files, which it will use
; from that point forward.
; The location of pserver.prefs is not user changable.
; The location and name of the pserver.pat file is changable
; in the prefs file and is based off installdir/palace.
; Example: psdata/mysite.pat
;
; Default value: psdata/pserver.dat
; SCRIPTFILE "psdata/pserver.dat"
; PROPFILE: This is the name of the server prop file
; Default value: psdata/pserver.prp
; PROPFILE "psdata/pserver.prp"
; PORT: Local port number to bind to
; Default value: 10001
; PORT 10001
; BINDADDRESS: Local IP address to bind to. Default: localhost
; Default value: localhost
BINDADDRESS "189.8.192.11"
; SERVERROOT: The root directory of the installation instance for this
; Palace.  The directory named should include 'psdata', 'logs', 'media',
; etc.
; Default value: the current directory
SERVERROOT "/usr/local/palace/palace"
; CHATLOG: This is the name of the file where all chat messages will
; be logged. The actual filename will be CHATLOG.YYMMDD and a new chat
; file will be created every calender day. If this is not specified,
; chat logging will be disabled.
;
; NOTE: These files will contain *ALL* chat messages and will tend to
; grow quite large
; Default Value: logging disabled
; CHATLOG "logs/chat.log"
; DEBUG: This will increase the amount of output that the server
; generates in the log files.
; Default value: FALSE
; DEBUG TRUE
; NOWHISPER: This prevents users from whispering to other users
; Default value: FALSE
; NOWHISPER FALSE
; NOFORK: This prevents the server from forking into the background.
; Default value: TRUE
; NOFORK TRUE
; FRONTEND: This adds frontends for the server. There must be at least
; one frontend specified.
; <TCP Port> <IP Address>
; Note: There can be a maximum of 10 frontends.
FRONTEND "9998" "0.0.0.0"
; PROPCACHESIZE: This keyword configures the number of props to be
; cached in RAM by each frontend. The default number is 10.
; NOTE: Increasing this number will consume more RAM for each
; frontend.
; PROPCACHESIZE 10

lhf:~# cat /usr/local/palace/palace/psdata/pserver.prefs

Code:

; Server preferences
;
SERVERNAME "LHF"
OPERATORPASSWORD "\0Cby.\8BD\8FE"
OWNERPASSWORD "5\8DT\85E"
PERMISSIONS 0x00002E7F
AUTHATTEMPTS 3
DEATHPENALTY 120
MAXOCCUPANCY 9999
ROOMOCCUPANCY 24
MINFLOODEVENTS 200
PURGEPROPDAYS 21
MAXSESSIONID 10000
PICFOLDER "media/"
SYSOP "LHF Owner"
URL "palace://189.8.192.11:9998"
HTTP_URL "http://189.8.192.11:80/palace/media/"
AVATAR_URL "http://189.8.192.11:80/palace/avatars/"
MACHINETYPE "i686-unknown-linux 4.5.1 Build 29 Thu Jul 27 16:29:47 PDT 2000"
BLURB "Generic Description"
TPVENTRYPAGE "http://www.thepalace.com:8000/perl/palentry.pl?ID=V4WUNVGU"
TPVUISWITCHES "TTTTTFFTTFFFFFFFFFFFFFFFFFFFFFFFF"
ROOMSFILE "psdata/pserver.pat"
PINPROP 1280 0
AVATARFORMATS 0x7
AVATARLIMITS 14 132 132
AVATARCACHE 10 50
AVATARDIR "systemavatars" "useravatars"

lhf:~# ifconfig

Code:

lo         Encapsulamento do Link: Loopback Local  
          inet end.: 127.0.0.1  Masc:255.0.0.0
          endereço inet6: ::1/128 Escopo:Máquina
          UP LOOPBACKRUNNING  MTU:16436  Métrica:1
          RX packets:53433 errors:0 dropped:0 overruns:0 frame:0
          TX packets:53433 errors:0 dropped:0 overruns:0 carrier:0
          colisões:0 txqueuelen:0 
          RX bytes:3738872 (3.5 MiB)  TX bytes:3738872 (3.5 MiB)
venet0     Encapsulamento do Link: Não Especificado  Endereço de HW 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet end.: 127.0.0.1  P-a-P:127.0.0.1  Bcast:0.0.0.0  Masc:255.255.255.255
          UP BROADCASTPOINTOPOINT RUNNING NOARP  MTU:1500  Métrica:1
          RX packets:25870 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16746 errors:0 dropped:0 overruns:0 carrier:0
          colisões:0 txqueuelen:0 
          RX bytes:2979298 (2.8 MiB)  TX bytes:3011735 (2.8 MiB)
venet0:0   Encapsulamento do Link: Não Especificado  Endereço de HW 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet end.: 189.8.192.11  P-a-P:189.8.192.11  Bcast:0.0.0.0  Masc:255.255.255.255
          UP BROADCASTPOINTOPOINT RUNNING NOARP  MTU:1500  Métrica:1

lhf:/usr/local/palace/bin# cat /etc/inetd.conf

Code:

palserv stream tcp nowait root /usr/local/palace/bin/pserver -f /usr/local/palace/palace/psdata/pserver.conf

Seems like the 9998 is filtered, but I dont know how to unfilter it.. I just opened the whole firewall (iptables) with ACCEPT rules for anywhere but still seems closed.
Other services, like http, https, svn, ssh was just open the services and it was working.

If there is some more information I can provide you that will help you to help me, or if you wanna contact me my AIM is e5m1t

[maarten]

You need to set the frontend as well, right now it is opening a connection on 0.0.0.0, check this line:

FRONTEND "9998" "0.0.0.0"

This should be

FRONTEND "9998" "189.8.192.11"

Lets see if this changes anything, if not, I think the Palace also uses port 9991 or 9994 but maybe that is just for media / obsolete.

[3esmit]

Done that. Still dont work.. Seems like the problem is that pserver is just locally accessable.

lhf:~# cat /usr/local/palace/palace/logs/pserver.log

Code:

02/27/2010 01:56:29 - - Startup Palace Server 4.5.1 Build 29 i686-unknown-linux Thu Jul 27 16:29:47 PDT 2000
02/27/2010 01:56:29 - - MaxConn 10000
02/27/2010 01:56:29 - - SrvPort 10098
02/27/2010 01:56:29 - - ReadScr psdata/pserver.prefs
02/27/2010 01:56:29 - - ReadScr psdata/pserver.pat
02/27/2010 01:56:29 - - NbrRoom 5
02/27/2010 01:56:29 - - Startup Opening Assets
02/27/2010 01:56:29 - - Avatars Begin loading
02/27/2010 01:56:29 - - Avatars Done loading
02/27/2010 01:56:29 - - SvrActive  
02/27/2010 01:56:29 - - FrntEnd 32158 ProtInit TCP 189.8.192.11 3623
02/27/2010 01:56:30 - - Accept 189.8.192.11
02/27/2010 01:56:30 - - FrntEnd 32159 FeConnect 189.8.192.11
02/27/2010 01:56:30 - - FrntEnd 32159 PropCache 80
02/27/2010 01:56:30 - - FrntEnd 32159 FEUp  
02/27/2010 01:56:30 - - FrntEnd 32159 ProtUp "TCP"
02/27/2010 01:56:30 - - FEUp 197134525 46295

[maarten]

Ok so you are running this on the Ubuntu Linux computer at home? The Apache server obviously works, the media path does not btw but that is a minor detail. This is a unrouted server? I mean directly connected to the internet? No modem firewall blocking anything?

[3esmit]

Nope, is not ubuntu, is Debian.

It is like a "cloud server" university gave me, it is all unblocked (and i can run anything on it). But its not directly to internet, the interface of the internet is called venet0:0, which means virtual ethernet network. Any server I run in it is just automatically visible in wan, but pserver dont act like that.

I belive just network administrator can help me, I got bothering some few people with this and no one understend why this is happening.
I also compiled palaceserver 1.0 from souces, with same result.
If you get some light, please give me.

[3esmit]

Well, as Ive been tolding, the pserver port was filtered, and it still filtered and there is notting I can do (without the main server manager) to unfliter it.. So I opened it under an unfiltered port, and now its working. Was not a configuration problem, nither a mine firewall problem, is outside my server that is blocking the ports.


Thank you for your assistence.

[PlantCity]

sorry i posted in the wrong forum but i am having pretty much the same problem except i am on ubuntu. i was wondering if i could figure out what port that was so i could try it too. i have tried for about 2 days's every different thing i could think off and still havent got any where. thanks