Mysterious problem driving me crazy! (network? apache? php? firewall?)

[Scott Ruckh]

-- 
This is what you said Chris W. Parker
> Hello,
>
> I had a server fail on me recently (which is a story in itself... can't
> figure out why it's failing...) and so now I'm in the process of
> migrating my data (two websites from a backup) to a new server.
>
> The old server was FC3 and the new server is CentOS 4.3.
>
> Here is the problem stated very briefly: On the old server both websites
> worked fine. On the new server only one website is working.
>
> Now for some details:
>
> * I've checked and rechecked /etc/httpd/conf/httpd.conf to make sure it
> matches the original.
> * I've checked and rechecked all my scripts in
> /etc/sysconfig/network-scripts to match the originals.
> * I've checked and rechedked the virtual host settings in
> /etc/httpd/virt.d/ to match the originals.
> * I've tried turning off iptables on the new server.
> * I've tried turning off IPv6 (just a shot in the dark!).
> * I've tried turning off SELinux too.
> * I've also compared permissions between the two websites directories.
>
> I'm using NAT and what seems to be happening is that swatgear.com WILL
> NOT resolve to it's internal ip address of 10.0.0.3. I can't get a
> successful ping/request from swatgear.com or 67.17.248.227. The only
> time a ping works or I can get any kind of response is through 10.0.0.3.
> And by the way, the site works fine if I add '10.0.0.3 swatgear.com' to
> /etc/hosts. But of course that doesn't solve the problem for the outside
> world.
>
> First of all you might ask if someone has changed the configuration in
> the hardware firewall, nope. No changes at all. You might also think
> that iptables is getting in the way (see above). You might think that
> the configurations are different (see above).
>
> If I turn the old server on (which only stays up for about 5 minutes
> before it kicks the bucket) both sites work perfectly. As soon as I shut
> it off and turn on the new server only one of the sites will work while
> the other (www.swatgear.com) does not.
>
> I can't figure it out and I've been working on this ALL DAY so I'm
> pleading with the community to help me figure it out.
>
> What is driving me crazy is that one site works and the other does not.
> So inspite my 100% confidence in there being absolutely no difference
> between the configurations (of the parts that matter) of the two servers
> I can only be led to believe that it is in fact a misconfiguration and
> nothing else. Otherwise it just doesn't make sense.
>
> Another thing I should mention is that apache's logs for the website
> (that doesn't work) doesn't report anything! I mean, it appears that
> apache is not even SEEING the request for the site (unless I request it
> at 10.0.0.3). This says to me that it's something that precedes apache
> that is getting in the way and not apache itself (i.e. a configuration
> mistake).

Are you sure that there is not MAC Adresses filtering going on in the
firewall.  You said that no changes were made in the firewall, but if you
changed NICs on the new server and had MAC addresses filterning on the
firewall that might cause the problem.

You appear to have connectivity (you are able to use site via internal
IP).  I would also assume apache is correct since site is working.  The
problem sounds just like you mentioned.  A name request is not reaching
the server.

What do the firewall logs look like.  Does the request even reach the
firewall.

How about a tcp packet capture.  Outside of apache logs not seeing the
request, do you even see the traffic hitting the network interface on the
web server?

Hard to speculate without having access to the servers so I am just
throwing out some ideas.

Good Luck.