Web server is up, but not responding.

synapse913 · July 8, 2020, 7:32am

I’m a happy user of CRS326-24G-2S+. It worked quite stable, until today. I use web interface almost daily to enable/disable a few firewall rules. It worked fine yesterday. Suddenly, web interface stopped answering today.

It’s not a big problem, because i was able to switch firewall rule via SSH. There is no need to reboot CRS immediately.
Therefore I would like to try finding a reason of that issue and hopefully let it be fixed by the RouterOS developers.
Would you help me with that?

The current state is described below.

/system resource print
                   uptime: 1w10h52m29s
                  version: 6.46.6 (testing)
               build-time: Apr/27/2020 10:32:16
         factory-software: 6.41
              free-memory: 475.9MiB
             total-memory: 512.0MiB
                      cpu: ARMv7
                cpu-count: 1
            cpu-frequency: 800MHz
                 cpu-load: 1%
           free-hdd-space: 2200.0KiB
          total-hdd-space: 16.0MiB
  write-sect-since-reboot: 10449
         write-sect-total: 63006
               bad-blocks: 0%
        architecture-name: arm
               board-name: CRS326-24G-2S+
                 platform: MikroTik

Interesting fact: a new file autosupout.rif was created yesterday. I did not upload it.

/file print detail 
 0 name="autosupout.rif" type=".rif file" size=598.6KiB creation-time=jul/06/2020 13:24:58 
 1 name="flash" type="disk" creation-time=jan/01/1970 02:00:23 
 2 name="flash/skins" type="directory" creation-time=jan/01/1970 02:00:24 
 3 name="flash/pub" type="directory" creation-time=dec/09/2019 18:24:34 
 4 name="flash/auto-before-reset.backup" type="backup" size=55.1KiB creation-time=jan/01/1970 02:00:29

The 80/tcp port is open, the web server accepts HTTP connection. It also accepts the HTTP request (i.e., responds with TCP ACK on the request packet), but then closes connection without an answer:

$ nmap 192.168.178.254 
Host is up (0.00069s latency).
Not shown: 994 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
23/tcp   open  telnet
80/tcp   open  http
2000/tcp open  cisco-sccp
8291/tcp open  unknown

$ time curl -v http://192.168.178.254/
*   Trying 192.168.178.254...
* TCP_NODELAY set
* Connected to 192.168.178.254 (192.168.178.254) port 80 (#0)
> GET / HTTP/1.1
> Host: 192.168.178.254
> User-Agent: curl/7.58.0
> Accept: */*
> 
>>>>>>>>>>>>>>>Waiting here for almost 2 minutes)<<<<<<<<<<<<<<
* Recv failure: Connection reset by peer
* stopped the pause stream!
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer

real	1m45.210s
user	0m0.024s
sys	0m0.021s

So, it looks like the web server is up and running, but the backend rendering process does not return the index page. Then, web server reaches timeout waiting for its backed, and rends TCP RST back to my curl HTTP client.

Could you give me a hint on how to find why it happened?

mutluit · July 8, 2020, 4:57pm

Maybe an issue with the web-browser. Try another one. Hmm. I see you already tried curl.
Then it seems to be a firewall issue, IMO.
Check the rules under “/ip firewall filter” etc.
And if applicable also those under “/interface ethernet switch rule” for ACL rules.

You can also add a temporary accept rule for debugging for port 80 and dst-address=IP_of_router at top of your firewall and see whether it works. If it works then it’s a firewall issue…
In CLI you can use the “move” command to move a rule to another position…

synapse913 · July 9, 2020, 1:32pm

It cannot be firewall. See nmap and curl output. Clearly, TCP connection is accepted. The TCP 3-way handshake goes well.

nje431 · July 9, 2020, 3:02pm

By chance, have you checked your user group policies to make sure “web” didn’t get disabled somehow?

mutluit · July 9, 2020, 3:17pm

It could be also an issue with the local firewall on the PC.

anav · July 9, 2020, 9:31pm

Sounds like a good possibility to check out!!