LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page No outgoing sockets
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-11-2004, 07:43 AM   #1
wetwet
LQ Newbie
 
Registered: Jun 2004
Posts: 6

Rep: Reputation: 0
No outgoing sockets

I got a server:

uname -a
Linux roquefort.di.unipi.it 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686 i686 i386 GNU/Linux

It runs a meta-search engine and does I/O async to many search engines.
It has no forwading and no masquerading.

Sometimes, the server

1) Accepts incominig connections on any ports (tested ssh, www)
2) It is not able to connect any server which is out of our LAN on some ports in particular port 80.
3) It is able to connect any server which is on our lan on any port.

This is a very strange behaviour, any suggestion or idea is helpful.
These are some tests i did

++

A) TEST OUTGOING CONNECTIONS

Port 80:

[root@roquefort meta]# telnet www.google.com 80
Trying 216.239.51.147...
Connected to www.google.com.
Escape character is '^]'.
GET / HTTP/1.0

it hangs

[root@roquefort root]# tcpdump -e host www.google.com
tcpdump: listening on eth0
13:41:42.713826 0:10:a7:1a:ee:25 0:0:cd:1:d6:b6 ip 74: roquefort.di.unipi.it.41500 > 216.239.51.147.http: S 3550439811:3550439811(0) win 5840 <mss 1460,sackOK,timestamp 9453361 0,nop,wscale 0> (DF) [tos 0x10]
13:41:42.819613 0:0:cd:1:d6:b6 0:10:a7:1a:ee:25 ip 60: 216.239.51.147.http > roquefort.di.unipi.it.41500: S 2252464564:2252464564(0) ack 3550439812 win 8190 <mss 1460> [tos 0x80]
13:41:42.819630 0:10:a7:1a:ee:25 0:0:cd:1:d6:b6 ip 54: roquefort.di.unipi.it.41500 > 216.239.51.147.http: . ack 1 win 5840 (DF) [tos 0x10]
13:41:48.931640 0:10:a7:1a:ee:25 0:0:cd:1:d6:b6 ip 70: roquefort.di.unipi.it.41500 > 216.239.51.147.http: P 1:17(16) ack 1 win 5840 (DF) [tos 0x10]
13:41:49.037154 0:0:cd:1:d6:b6 0:10:a7:1a:ee:25 ip 60: 216.239.51.147.http > roquefort.di.unipi.it.41500: . ack 17 win 8190 [tos 0x80]
13:41:49.460173 0:10:a7:1a:ee:25 0:0:cd:1:d6:b6 ip 56: roquefort.di.unipi.it.41500 > 216.239.51.147.http: P 17:19(2) ack 1 win 5840 (DF) [tos 0x10]
13:41:49.565854 0:0:cd:1:d6:b6 0:10:a7:1a:ee:25 ip 60: 216.239.51.147.http > roquefort.di.unipi.it.41500: . ack 17 win 31460 [tos 0x80]
13:41:49.782272 0:10:a7:1a:ee:25 0:0:cd:1:d6:b6 ip 56: roquefort.di.unipi.it.41500 > 216.239.51.147.http: P 17:19(2) ack 1 win 5840 (DF) [tos 0x10]
13:41:49.887790 0:0:cd:1:d6:b6 0:10:a7:1a:ee:25 ip 60: 216.239.51.147.http > roquefort.di.unipi.it.41500: . ack 19 win 31460 [tos 0x80]
13:41:54.899499 0:10:a7:1a:ee:25 0:0:cd:1:d6:b6 ip 59: roquefort.di.unipi.it.41500 > 216.239.51.147.http: P 19:24(5) ack 1 win 5840 (DF) [tos 0x10]
13:41:55.005216 0:0:cd:1:d6:b6 0:10:a7:1a:ee:25 ip 60: 216.239.51.147.http > roquefort.di.unipi.it.41500: . ack 24 win 31460 [tos 0x80]

[root@roquefort meta]# telnet www.tin.it 80
Trying 62.211.64.8...
Connected to www.tin.it.
Escape character is '^]'.
GET / HTTP/1.0

[root@roquefort root]# tcpdump -e host www.tin.it
tcpdump: listening on eth0
13:34:44.154040 0:10:a7:1a:ee:25 0:0:cd:1:d6:b6 ip 74: roquefort.di.unipi.it.41489 > www.tin.it.http: S 3105930511:3105930511(0) win 5840 <mss 1460,sackOK,timestamp 9411505 0,nop,wscale 0> (DF) [tos 0x10]
13:34:44.163340 0:0:cd:1:d6:b6 0:10:a7:1a:ee:25 ip 78: www.tin.it.http > roquefort.di.unipi.it.41489: S 605351882:605351882(0) ack 3105930512 win 10136 <nop,nop,timestamp 24865175 9411505,nop,wscale 0,nop,nop,sackOK,mss 1460> (DF)
13:34:44.163361 0:10:a7:1a:ee:25 0:0:cd:1:d6:b6 ip 66: roquefort.di.unipi.it.41489 > www.tin.it.http: . ack 1 win 5840 <nop,nop,timestamp 9411506 24865175> (DF) [tos 0x10]
13:34:53.147920 0:10:a7:1a:ee:25 0:0:cd:1:d6:b6 ip 82: roquefort.di.unipi.it.41489 > www.tin.it.http: P 1:17(16) ack 1 win 5840 <nop,nop,timestamp 9412404 24865175> (DF) [tos 0x10]
13:34:53.352273 0:10:a7:1a:ee:25 0:0:cd:1:d6:b6 ip 82: roquefort.di.unipi.it.41489 > www.tin.it.http: P 1:17(16) ack 1 win 5840 <nop,nop,timestamp 9412425 24865175> (DF) [tos 0x10]
13:34:53.361294 0:0:cd:1:d6:b6 0:10:a7:1a:ee:25 ip 66: www.tin.it.http > roquefort.di.unipi.it.41489: . ack 17 win 10136 <nop,nop,timestamp 24866094 9412425> (DF)
13:34:53.643714 0:10:a7:1a:ee:25 0:0:cd:1:d6:b6 ip 68: roquefort.di.unipi.it.41489 > www.tin.it.http: P 17:19(2) ack 1 win 5840 <nop,nop,timestamp 9412454 24866094> (DF) [tos 0x10]
13:34:53.852276 0:10:a7:1a:ee:25 0:0:cd:1:d6:b6 ip 68: roquefort.di.unipi.it.41489 > www.tin.it.http: P 17:19(2) ack 1 win 5840 <nop,nop,timestamp 9412475 24866094> (DF) [tos 0x10]
13:34:54.272273 0:10:a7:1a:ee:25 0:0:cd:1:d6:b6 ip 68: roquefort.di.unipi.it.41489 > www.tin.it.http: P 17:19(2) ack 1 win 5840 <nop,nop,timestamp 9412517 24866094> (DF) [tos 0x10]
13:34:54.282961 0:0:cd:1:d6:b6 0:10:a7:1a:ee:25 ip 66: www.tin.it.http > roquefort.di.unipi.it.41489: . ack 19 win 10136 <nop,nop,timestamp 24866187 9412454> (DF)

it hangs

[root@roquefort meta]# telnet www.askjeeves.com 80
Trying 65.214.39.203...
Connected to www.askjeeves.com.
Escape character is '^]'.
GET / HTTP/1.0

On port different from 80, it works

[root@roquefort meta]# telnet proxy.unipi.it 8080
Trying 131.114.21.11...
Connected to proxy.unipi.it.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.0 400 Bad Request
Server: Squid/2.3.STABLE5
Mime-Version: 1.0
Date: Sun, 11 Jul 2004 11:53:43 GMT
Content-Type: text/html
Content-Length: 793
Expires: Sun, 11 Jul 2004 11:53:43 GMT
X-Squid-Error: ERR_INVALID_URL 0
X-Cache: MISS from croci.unipi.it
Proxy-Connection: close

<HTML><HEAD>
<TITLE>ERROR: The requested URL could not be retrieved</TITLE>
</HEAD><BODY>
<H1>ERROR</H1>
<H2>The requested URL could not be retrieved</H2>
<HR>
<P>
While trying to retrieve the URL:
<A HREF="/">/</A>
<P>
The following error was encountered:
<UL>
<LI>
<STRONG>
Invalid URL
</STRONG>
</UL>

<P>
Some aspect of the requested URL is incorrect. Possible problems:
<UL>
<LI>Missing or incorrect access protocol (should be `http://'' or similar)
<LI>Missing hostname
<LI>Illegal double-escape in the URL-Path
<LI>Illegal character in hostname; underscores are not allowed
</UL>
<P>Your cache administrator is <A HREF="mailto:webmaster">webmaster</A>.

<br clear="all">
<hr noshade size=1>
Generated Sun, 11 Jul 2004 11:53:43 GMT by croci.unipi.it (Squid/2.3.STABLE5)
</BODY></HTML>

and if suddendly do a

[root@roquefort meta]# telnet www.google.com 80
Trying 216.239.51.104...
Connected to www.google.com.
Escape character is '^]'.
GET / HTTP/1.0

it hangs

Ancora:
[root@roquefort meta]# telnet www.iol.it 80
Trying 195.210.91.83...
Connected to www.iol.it.
Escape character is '^]'.
GET / HTTP/1.0

it hangs


telnet proxy.unimi.it 8080
Trying 159.149.102.4...
GET /

Connected to proxy.unimi.it.
Escape character is '^]'.
GET /

it hangs

BUT, on a local lan

/usr/sbin/traceroute www.google.com
traceroute: Warning: www.google.com has multiple addresses; using 216.239.51.147
traceroute to www.google.akadns.net (216.239.51.147), 30 hops max, 38 byte packets
1 di-gw (131.114.3.2) 0.374 ms 0.321 ms 0.319 ms
2 131.114.191.126 (131.114.191.126) 16.973 ms 0.712 ms 0.685 ms

i always get:

telnet www.di.unipi.it 80
Trying 131.114.3.11...
Connected to www.di.unipi.it.
Escape character is '^]'.
GET / HTTP/1.0
...
<ul id="topmenu">
<li><a href="http://virmap.unipi.it/~virmap/">Virtual map</a></li>
<li><a href="http://www.bibmif.unipi.it/">Library</a>
<ul>
<li><a href="biblio/">On-line catalog</a></li>
<li><a href="http://www.bibmif.unipi.it/riviste/periodici.php">On-line journals</a></li>
<li><a href="http://www.bibmif.unipi.it/riviste/collezioni.php">Series</a></li>
</ul>
</li>
<li><a href="http://www.isti.cnr.it/Library/">ISTI library</a></li>
<li><a href="http://library.isti.cnr.it:8080/index.php?page=catalog1">On-line

[root@roquefort root]# tcpdump -e host www.di.unipi.it
tcpdump: listening on eth0
13:37:55.164590 0:10:a7:1a:ee:25 0:4:75:ae:7f:9c ip 74: roquefort.di.unipi.it.41493 > anubis.di.unipi.it.http: S 3312398006:3312398006(0) win 5840 <mss 1460,sackOK,timestamp 9430606 0,nop,wscale 0> (DF) [tos 0x10]
13:37:55.164715 0:4:75:ae:7f:9c 0:10:a7:1a:ee:25 ip 74: anubis.di.unipi.it.http > roquefort.di.unipi.it.41493: S 3131212901:3131212901(0) ack 3312398007 win 5792 <mss 1460,sackOK,timestamp 594320324 9430606,nop,wscale 0> (DF)
13:37:55.164736 0:10:a7:1a:ee:25 0:4:75:ae:7f:9c ip 66: roquefort.di.unipi.it.41493 > anubis.di.unipi.it.http: . ack 1 win 5840 <nop,nop,timestamp 9430606 594320324> (DF) [tos 0x10]
13:38:03.373378 0:10:a7:1a:ee:25 0:4:75:ae:7f:9c ip 82: roquefort.di.unipi.it.41493 > anubis.di.unipi.it.http: P 1:17(16) ack 1 win 5840 <nop,nop,timestamp 9431427 594320324> (DF) [tos 0x10]
13:38:03.373495 0:4:75:ae:7f:9c 0:10:a7:1a:ee:25 ip 66: anubis.di.unipi.it.http > roquefort.di.unipi.it.41493: . ack 17 win 5792 <nop,nop,timestamp 594321145 9431427> (DF)
13:38:04.319649 0:10:a7:1a:ee:25 0:4:75:ae:7f:9c ip 68: roquefort.di.unipi.it.41493 > anubis.di.unipi.it.http: P 17:19(2) ack 1 win 5840 <nop,nop,timestamp 9431521 594321145> (DF) [tos 0x10]
13:38:04.319756 0:4:75:ae:7f:9c 0:10:a7:1a:ee:25 ip 66: anubis.di.unipi.it.http > roquefort.di.unipi.it.41493: . ack 19 win 5792 <nop,nop,timestamp 594321240 9431521> (DF)
13:38:04.320802 0:4:75:ae:7f:9c 0:10:a7:1a:ee:25 ip 1514: anubis.di.unipi.it.http > roquefort.di.unipi.it.41493: . 1:1449(1448) ack 19 win 5792 <nop,nop,timestamp 594321240 9431521> (DF)
13:38:04.320812 0:10:a7:1a:ee:25 0:4:75:ae:7f:9c ip 66: roquefort.di.unipi.it.41493 > anubis.di.unipi.it.http: . ack 1449 win 8688 <nop,nop,timestamp 9431521 594321240> (DF) [tos 0x10]
13:38:04.320927 0:4:75:ae:7f:9c 0:10:a7:1a:ee:25 ip 1514: anubis.di.unipi.it.http > roquefort.di.unipi.it.41493: . 1449:2897(1448) ack 19 win 5792 <nop,nop,timestamp 594321240 9431521> (DF)
13:38:04.320945 0:10:a7:1a:ee:25 0:4:75:ae:7f:9c ip 66: roquefort.di.unipi.it.41493 > anubis.di.unipi.it.http: . ack 2897 win 11584 <nop,nop,timestamp 9431521 594321240> (DF) [tos 0x10]
13:38:04.321274 0:4:75:ae:7f:9c 0:10:a7:1a:ee:25 ip 1514: anubis.di.unipi.it.http > roquefort.di.unipi.it.41493: P 2897:4345(1448) ack 19 win 5792 <nop,nop,timestamp 594321240 9431521> (DF)
13:38:04.321289 0:10:a7:1a:ee:25 0:4:75:ae:7f:9c ip 66: roquefort.di.unipi.it.41493 > anubis.di.unipi.it.http: . ack 4345 win 14480 <nop,nop,timestamp 9431521 5
13:38:04.320927 0:4:75:ae:7f:9c 0:10:a7:1a:ee:25 ip 1514: anubis.di.unipi.it.http > roquefort.di.unipi.it.41493: . 1449:2897(1448) ack 19 win 5792 <nop,nop,timestamp 594321240 9431521> (DF)
13:38:04.320945 0:10:a7:1a:ee:25 0:4:75:ae:7f:9c ip 66: roquefort.di.unipi.it.41493 > anubis.di.unipi.it.http: . ack 2897 win 11584 <nop,nop,timestamp 9431521 594321240> (DF) [tos 0x10]
13:38:04.321274 0:4:75:ae:7f:9c 0:10:a7:1a:ee:25 ip 1514: anubis.di.unipi.it.http > roquefort.di.unipi.it.41493: P 2897:4345(1448) ack 19 win 5792 <nop,nop,timestamp 594321240 9431521> (DF)
13:38:04.321289 0:10:a7:1a:ee:25 0:4:75:ae:7f:9c ip 66: roquefort.di.unipi.it.41493 > anubis.di.unipi.it.http: . ack 4345 win 14480 <nop,nop,timestamp 9431521 594321240> (DF) [tos 0x10]
13:38:04.321399 0:4:75:ae:7f:9c 0:10:a7:1a:ee:25 ip 1514: anubis.di.unipi.it.http > roquefort.di.unipi.it.41493: . 4345:5793(1448) ack 19 win 5792 <nop,nop,timestamp 594321240 9431521> (DF)
13:38:04.321412 0:10:a7:1a:ee:25 0:4:75:ae:7f:9c ip 66: roquefort.di.unipi.it.41493 > anubis.di.unipi.it.http: . ack 5793 win 17376 <nop,nop,timestamp 9431521 594321240> (DF) [tos 0x10]
13:38:04.321523 0:4:75:ae:7f:9c 0:10:a7:1a:ee:25 ip 1514: anubis.di.unipi.it.http > roquefort.di.unipi.it.41493: . 5793:7241(1448) ack 19 win 5792 <nop,nop,timestamp 594321240 9431521> (DF)
13:38:04.321535 0:10:a7:1a:ee:25 0:4:75:ae:7f:9c ip 66: roquefort.di.unipi.it.41493 > anubis.di.unipi.it.http: . ack 7241 win 20272 <nop,nop,timestamp 9431521 594321240> (DF) [tos 0x10]
13:38:04.321630 0:4:75:ae:7f:9c 0:10:a7:1a:ee:25 ip 1337: anubis.di.unipi.it.http > roquefort.di.unipi.it.41493: FP 7241:8512(1271) ack 19 win 5792 <nop,nop,timestamp 594321240 9431521> (DF)
13:38:04.322226 0:10:a7:1a:ee:25 0:4:75:ae:7f:9c ip 66: roquefort.di.unipi.it.41493 > anubis.di.unipi.it.http: F 19:19(0) ack 8513 win 23168 <nop,nop,timestamp 9431521 594321240> (DF) [tos 0x10]
13:38:04.322335 0:4:75:ae:7f:9c 0:10:a7:1a:ee:25 ip 66: anubis.di.unipi.it.http > roquefort.di.unipi.it.41493: . ack 20 win 5792 <nop,nop,timestamp 594321240 9431521> (DF)

the same on the local lan

[root@roquefort meta]# telnet compass.di.unipi.it 80
Trying 131.114.3.24...
Connected to compass.di.unipi.it.
Escape character is '^]'.
GET / HTTP/1.0

...<body bgcolor="#ffffcc">
<h1 align="Center">Per utilizzare CompAss &egrave; necessario Netscape Communicator 4.0 (o sup.) o InternetExplorer 3.0 (o sup.)</h1>
</body>
<!--
*/
//-->
</script>
</HTML>

Connection closed by foreign host.

Proviamo ad andare fuori dalla nostra LAN con connessione SSH:

ssh -v -v -v -v -l some anna.ideare.com
OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to anna.ideare.com [212.123.95.5] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version 3.2.9.1 SSH Secure Shell (non-commercial)
debug1: no match: 3.2.9.1 SSH Secure Shell (non-commercial)
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2
debug1: SSH2_MSG_KEXINIT sent

it hangs

Local lan on ssh OK

ssh -v -v -v -v -l gulli bach.di.unipi.it
OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to bach.di.unipi.it [131.114.2.96] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat OpenSSH_3.2*,OpenSSH_3.3*,OpenSSH_3.4*,OpenSSH_3.5*
.....
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
some@bach.di.unipi.it's password:
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking outgoing TCP ¿F M J¿ Linux - Networking 13 09-06-2005 12:59 AM
outgoing mail not working BillyB Linux - Newbie 6 04-19-2005 04:51 PM
No outgoing sockets, ingoing is ok wetwet Linux - Networking 1 06-25-2004 12:55 AM
firewall outgoing connections hotrodowner Linux - Security 2 02-22-2004 12:51 PM
outgoing connections DonMiner Linux - Networking 2 05-02-2003 09:51 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:05 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration