Page 1 of 1
Need a new server
Posted: Wed Aug 01, 2007 1:07 pm
by jmackenz
Have a valueweb server , after this fiasco I need to move.
Current server is fc3 , with ART Plesk 7.5 reloaded. 4psa spam controls , 4psa backup.
My option at serverbeach is : plesk 8.1 on Centos 4.4 or 4.4x64 , or RH ES
What would be an easier migration , and what do you guys think of serverbeach?
Posted: Thu Aug 02, 2007 3:28 am
by breun
I don't think the migration will differ. I'd go with CentOS. (I'd go with version 5 by the way.)
Posted: Thu Aug 02, 2007 8:26 am
by jmackenz
Have done the migration, all looks well.
now before things propagate.... can I forward port 110/25 on old to new and have things automagically go to the new box?
I thought I could , but i used the firewall module to forward tcp 110 , from any to new ip , but am still seeing pop3 login in old server
Posted: Thu Aug 02, 2007 9:02 am
by jmackenz
For incoming , i copied virtualhosts to smptproutes , changed the queue number to ip of new host, cleared virtual hosts , seemed to work great.
Pop , still split down the middle with propagation.
Posted: Thu Aug 02, 2007 9:06 am
by breun
I usually just lower TTL in advance so I can switch over, disable mail on the old server and 5 minutes later everything is connecting to the new server.
Posted: Thu Aug 02, 2007 9:10 am
by jmackenz
thats how I'll do it next time, but I'm stupid you see
So now I need to get creative
Posted: Thu Aug 02, 2007 9:13 am
by jmackenz
I'm thinking that the entry I made in firewall module is telling it that its allowed to forward , not that it should forward....
Posted: Thu Aug 02, 2007 9:25 am
by breun
Yeah, I don't think you can use Plesk's firewall module to forward ports. You'll have to login using SSH and add the extra rules manually.
Posted: Thu Aug 02, 2007 10:47 am
by jmackenz
I tried :
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 110 -j DNAT --to-destination 66.135.48.29:110
Stopped connections to pop server , but didn't forward.
Any ideas?
I
Posted: Thu Aug 02, 2007 10:56 am
by jmackenz
I reverted my config,
Here is my existing routing table
# Completed on Thu Aug 2 10:55:28 2007
# Generated by iptables-save v1.2.11 on Thu Aug 2 10:55:28 2007
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with tcp-reset
-A INPUT -m state --state INVALID -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 106 -j DROP
-A INPUT -p tcp -m tcp --dport 3306 -j DROP
-A INPUT -p tcp -m tcp --dport 5432 -j DROP
-A INPUT -p tcp -m tcp --dport 9008 -j DROP
-A INPUT -p tcp -m tcp --dport 9080 -j DROP
-A INPUT -p udp -m udp --dport 137 -j DROP
-A INPUT -p udp -m udp --dport 138 -j DROP
-A INPUT -p tcp -m tcp --dport 139 -j DROP
-A INPUT -p tcp -m tcp --dport 445 -j DROP
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8/0 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with tcp-reset
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -i lo -o lo -j ACCEPT
-A FORWARD -d 66.135.48.29 -p tcp -m tcp --dport 110 -j ACCEPT
-A FORWARD -j DROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with tcp-reset
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT