varnish-misc Digest, Vol 69, Issue 7
Ivan Martinez
ivan.martinez at masterion.com
Wed Dec 7 19:54:50 CET 2011
Thank you Hugo, looks like I'm blocking internal traffic:
[root at server ivanmr]# varnishadm -T 127.0.0.1:6082 debug.health
Connection failed (127.0.0.1:6082)
[root at server ivanmr]# nmap 127.0.0.1 -p 8000
Starting Nmap 5.21 ( http://nmap.org ) at 2011-12-07 18:52 UTC
sendto in send_ip_packet: sendto(4, packet, 44, 0, 127.0.0.1, 16) =>
Operation not permitted
Offending packet: TCP 127.0.0.1:43982 > 127.0.0.1:8000 S ttl=52
id=29152 iplen=44 seq=521959048 win=1024 <mss 1460>
sendto in send_ip_packet: sendto(4, packet, 44, 0, 127.0.0.1, 16) =>
Operation not permitted
Offending packet: TCP 127.0.0.1:43983 > 127.0.0.1:8000 S ttl=48
id=55619 iplen=44 seq=522024585 win=1024 <mss 1460>
Nmap scan report for localhost (127.0.0.1)
Host is up.
PORT STATE SERVICE
8000/tcp filtered http-alt
Nmap done: 1 IP address (1 host up) scanned in 2.07 seconds
I will review my firewall configuration again... :-(
Ivan
> Message: 3
> Date: Wed, 7 Dec 2011 15:04:48 -0200
> From: "Hugo Cisneiros (Eitch)" <hugo.cisneiros at gmail.com>
> To: varnish-misc at varnish-cache.org
> Subject: Re: 503 Service Unavailable when using firewall
> Message-ID:
> <CA+KACLncc4sgiFdHoPnnw8ESgGRO01e9EwYT2x9zkZmfh1jywg at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
>
> Error 503 happens when Varnish could not contact any backends. You
> can
> check if a backend is up and healthy using the command:
>
> varnishadm -T localhost:<adm_port> debug.health
>
> The backend must be healthy. If it's sick, it means that varnish
> can't
> connect on port server:8000 on your site for some reason
> (nc/telnet/wget/curl can be useful to test here). Check if the
> firewall is
> blocking the output, and it's accepting established/related
> connections on
> the backend.
>
> --
> []'s
> Hugo
> www.devin.com.br
More information about the varnish-misc
mailing list