Panel server not serving pages

Derek

I'm recovering from a nightmare of a firewall migration. In the end I needed to call my ISP, and when they looked at the /29 on my network, for some reason one IP address wasn't on the list that was supposed to be there.

While this was going on after the first set of changes the technician made:

I could ping 8.8.8.8 from one enhance server
I could ping 8.8.8.8 from the other Enhance server
I could NOT PING 8.8.8.8 from my Panel server

They re-added the panel server IP and immediately pings started working from the panel server. The panel server IP address was the one that was missing.

But now (after hours, of course) I find that while I can access the Internet from my panel server, the panel server itself isn't serving web sites. Pings to its own DNS name work. curl ifconfig.me pulls my correct routable IP address. DNAT and SNAT rules appear to be identical to those of the sites that are working. It's just not serving web pages.

I'm not sure what to do to diagnose it at this point. Any ideas?

nhybgtvfr

is the enhance panel itself working? is the apache/nginx/OLS process running?
is the firewall running directly on the panel server or is it in front of it?
icmp doesn't use tcp/udp or port numbers, are those protocols open to the needed ports for the panel server ip in the firewall?
you say the panel server can access the internet, but is that just using ping?
have you tried telnetting to external servers, eg smtp.gmail.com:25, or wget or curl to https://google.com ?

if the firewall is in front of the panel server, have you tried using wget on the panel server to access a website hosted on itself ?
if you're using nat, you might need to set the local ip and hostname, eg '192.168.20.5 www.mysite.com mysite.com' in the local hosts file to stop it looking up the public ip and having the wget request going out to the edge of the firewall and back in across nat to test this. this one should at least let you know if the panel server itself is actually serving websites properly and if so, the problem is either the firewall or the isp's network..

Derek

Apache is running, but that hints at a new problem:

May 12 21:50:29 panel systemd[1]: apache2.service: Scheduled restart job, restart counter is at 3.

May 12 21:50:29 panel systemd[1]: Stopped The Apache HTTP Server.
May 12 21:50:29 panel systemd[1]: Starting The Apache HTTP Server...
May 12 21:50:48 panel apachectl[2581]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
May 12 21:50:48 panel systemd[1]: Started The Apache HTTP Server.

Please note that this has been running fine, on this server, on this IP address, for probably 2 years now. Until the firewall change, so something there broke this.

Curl works fine. The internet is accessible. apt-get update works, though I get a complaint about a mariadb GPG key issue.

Yep - external firewall, though currently it's forwarding all packets and depending on ufw to keep things clean.

And I'll try editing the hosts file and see what happens. Can't hurt, and may explain that apache2 message. Though I'm unclear why it was working with this configuration a couple of hours ago, and the new firewall with DNAT, SNAT, and a hairpin rule working. Well, I assume the hairpin is working correctly - my other servers seem to be serving fine with the same policy.

Ummm, did some more digging, using AI this time because I'm out of ideas, and it had me ping enhancecp.com. Which isn't resolving - 8.8.8.8 says the connection to the DNS server was refused.

dig enhancecp.com
dig @8.8.8.8 enhancecp.com

; <<>> DiG 9.18.39-0ubuntu0.22.04.3-Ubuntu <<>> enhancecp.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 52615
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; EDE: 22 (No Reachable Authority): (delegation enhancecp.com)
;; QUESTION SECTION:
;enhancecp.com. IN A

;; Query time: 384 msec
;; SERVER: 192.168.20.1#53(192.168.20.1) (UDP)
;; WHEN: Tue May 12 23:47:09 UTC 2026
;; MSG SIZE rcvd: 72

; <<>> DiG 9.18.39-0ubuntu0.22.04.3-Ubuntu <<>> @8.8.8.8 enhancecp.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63077
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; EDE: 23 (Network Error): ([216.239.34.108] rcode=REFUSED for enhancecp.com/a)
; EDE: 23 (Network Error): ([216.239.36.108] rcode=REFUSED for enhancecp.com/a)
; EDE: 23 (Network Error): ([216.239.32.108] rcode=REFUSED for enhancecp.com/a)
; EDE: 23 (Network Error): ([216.239.38.108] rcode=REFUSED for enhancecp.com/a)
; EDE: 22 (No Reachable Authority): (At delegation enhancecp.com for enhancecp.com/a)
;; QUESTION SECTION:
;enhancecp.com. IN A

;; Query time: 212 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Tue May 12 23:47:09 UTC 2026
;; MSG SIZE rcvd: 319

Does the panel need to phone home to start up correctly, and this was just really bad timing?