Inconsistent connection problems with CentOS, delay for inbound connections

Likeless · 11-22-2012, 09:54 AM

I have a CentOS 5.8 box that has been working fine for a couple of years. I am unaware of having made any changes at the time of this problem occuring.

Symptoms
The box seems to fluctuate between "good times" and "bad times". Sometimes it changes every 5 minutes, sometimes it stays one way for hours. It seems that a large number of inbound SSH connections trigger the "bad times". During the "good times", it more or less works as expected. During the bad times, the following occur:

When connection out from this box, the connection fails completely. A traceroute to Google.com fails at the 2nd or 3rd step.

When establishing an inbound connection via SSH, there is a delay of around 5 seconds when connecting, even over a local network where the connection time is normally instantaneous.

Is it server load?
Server load is in the 0.00-0.05 range and all other processes are responsive.

Is it my internet connection?
I have a CentOS 5.6 box and a Windows Vista machine on the same network. They are both able to run full traceroutes to Google.com and browse the web normally at all times.

Is it compromised?
I have run chkrootkit. There were no infections found.

Is it the firewall?
I have turned off iptables and run the traceroute and inbound connection tests. It made no difference.

Is it IPv6?
Google said it might be IPv6. I followed the instructions to disable (or unhook) the IPv6 module. It made no difference.

I do not know how to proceed from here. Any advice would be appreciated.

Wim Sturkenboom · 11-23-2012, 06:09 AM

With regards to incoming ssh, this might be a 'reverse lookup' issue where the ssh server tries to determine the hostname based on the ip-address. I had something similar where it took 20 seconds between supplying the user name and being prompted for my passphrase.

If you made changes to name resolving (or maybe your isp did), that might be the cause. My solution was to add the client to /etc/hosts on the server.

Can't help with outgoing. Maybe a traceroute result posted here will help others to help you. 2nd/3rd step does not mean much if we don't know how your network is setup / connected to the internet.

Likeless · 11-23-2012, 11:00 AM

Wim, thank you very much for the reply.

I tried adding an IP of a friend from another country to /etc/hosts. I also tried adding my IP on the same local network. In both cases, it seemed to make no difference.

My network setup is an ADSL router with a number of computers connected to it. The ADSL router is then connected to the internet. Here is the output from a couple of traceroutes:

Code:

[~]# traceroute google.com
traceroute to google.com (173.194.34.72), 30 hops max, 40 byte packets
 1   (192.168.1.1)  11.759 ms  27.506 ms  32.747 ms
 2   (212.74.102.15)  74.483 ms  74.609 ms  74.762 ms
 3   (10.72.4.49)  74.854 ms  75.029 ms  75.077 ms
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

[~]# traceroute google.com
traceroute to google.com (173.194.34.64), 30 hops max, 40 byte packets
 1   (192.168.1.1)  37.455 ms  67.902 ms  67.983 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

[~]# traceroute google.com
google.com: Temporary failure in name resolution
Cannot handle "host" cmdline arg `google.com' on position 1 (argc 1)