LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-23-2004, 03:48 PM   #1
StinkiePhish
LQ Newbie
 
Registered: Jun 2004
Posts: 2

Rep: Reputation: 0
Problem with one website


Here's the situation I'm in:

We are trying to send and receive email from someone but neither of our servers can connect to one another. I can not get a connection with ping, http, or SMTP from our EV1 Server.

From my office computer here, I can connect with all three mentioned services, everything works fine.

Comparing traceroutes, the last jump to their domain's IP will not connect from our server.

What makes this bizarre is that after talking to their system admin, they do not run any blacklist/blackhole services and their computer has been up for over 300 days without significant change. Our server had also been up for around 200 days, untouched, and without a blacklist service. Email WAS working about a month ago between us. All other email is working from our server; this is the only domain that is suddenly giving us trouble.

I have even tried pinging from a secondary IP address we were assigned, to no avail. I've searched through all the log files and have found no reference to their IP address that is significant.

I originally asked in this post for someone else to traceroute the server to make sure that it wasn't the whole EV1 range that was blocked, Lippy did so below with success, so the problem is either my server or the other domain's.

My questions are:

1. If there was a hidden firewall rule or something of that nature on our server, would a traceroute even attempt to connect the path?

2. Where would a block of this nature be logged (if at all)? (/var/log/messages?)

3. If my traceroute gets all the way to the last jump before his server, does that necessarily mean that it is his server blocking me?

4. Any ideas on anything else that could cause this, or on possible ways I can at least get an error message to determine if it is my problem or his?

Thank you! I'm completely dumbfounded by this problem!

RedHat 9, fully updated with YUM and AtomicRocketTurtle's repos
Plesk 6, only one domain
 
Old 06-23-2004, 05:50 PM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,536

Rep: Reputation: 148Reputation: 148
Re: Problem with one website

Quote:
Originally posted by StinkiePhish
Here's the situation I'm in:

...

1. If there was a hidden firewall rule or something of that nature on our server, would a traceroute even attempt to connect the path?
Yes. It would.

Quote:
2. Where would a block of this nature be logged (if at all)? (/var/log/messages?)
In most cases, all firewall rules will be shown when you use 'iptables -L'. I don't think the rule is build in iptables module in your case, so the command should show everything.

Quote:
3. If my traceroute gets all the way to the last jump before his server, does that necessarily mean that it is his server blocking me?
Nope. It may mean that there's a problem with the last server before that one.

Quote:
4. Any ideas on anything else that could cause this, or on possible ways I can at least get an error message to determine if it is my problem or his?
I'd try to emulate http or smtp using telnet. For example
telnet someIP http
Ping can be blocked, so I wouldn't care much if it succeedes or not.
It's only one domain... Was there recently a change of IP (that may be still not recognized by the second server)?
 
Old 06-24-2004, 09:37 AM   #3
StinkiePhish
LQ Newbie
 
Registered: Jun 2004
Posts: 2

Original Poster
Rep: Reputation: 0
I really appreciate your reply.

iptables -L does not list anything with his IP address. I just recently set up APF in the past week, and this problem has been for over a month, so I don't think the new rules are the cause. Even if I disable APF and iptables -L lists nothing, I cannot connect to his server.

Using telnet to try to connect to other ports was a good suggestion, but that is what I did initially and realized that it wasn't just SMTP, or just pings, that wasn't getting through and I had bigger problems on my hands. Nothing can connect it seems.

I tried pinging and connecting from another IP on my server, using the ping -I command, and that didn't even work. That is what makes me think that there is something low level on my server (or on the path to his server). But what makes it even more strange is that I had someone with a different server in my IP range try and connect, and was successful.

The IP on my server has been the same for over a year, and there have been no changes besides adding the occasional new employee email user.

Pinging, telnet'ing, and http all work from my computer here in the office to his server.

I had done a kernel upgrade probably 2 weeks ago (2.4.20 19 to 31 something... through yum update and the Fedora Legacy RH 9 Repository), and just tried to boot into the old kernel. Didn't work either, and now I'm back on the newer version.
 
Old 06-25-2004, 11:53 AM   #4
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,536

Rep: Reputation: 148Reputation: 148
Could you ask the other server owner to traceroute you? It'd probably break at some point, but it may be important where.
 
Old 12-02-2005, 08:11 AM   #5
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
First check if your ip is listed at http://www.ordb.org/lookup/

If not, you will need to map out the connection failures and successes..

I suggest using hping2 to test the tcp & udp paths as well as the icmp paths.
From your secondary ip, make tcp pings to get a good connection mapped across the ports needed and also port 0

Then do this from the EV1 server and compare where the failures are.
Then, send pings from the EV1 server using the secondary ip as a source address, and look for replies to them at the secondary ip connection.

It is quite possible to have been blocked by an upstream router due to bad behaviour, either yours or the remote end, or even from an attack by someone else hoping to put you into an auto blocklist. The failure point can show you who to talk to for remedial action.
I have found several ISPs using email and other proxies without telling anyone and adding banned hosts to routers.

A temporary solution could be to change your dns settings and add your secondary ip address as a backup MX server, then get the two connected. Make a rewriting rule to send to the affected domain from the secondary ip number. If both addresses come from the same link, you could use a virtual ip address on the EV1 server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with Mandriva website rjw1678 Mandriva 4 10-28-2005 10:26 AM
website problem robertngo Linux - Software 3 07-20-2005 10:34 PM
View Website Problem? TimmyWa Linux - Networking 1 02-25-2005 03:05 PM
View Website Problem? TimmyWa Red Hat 1 02-25-2005 02:14 PM
Website Request Problem fuelinjection Linux - General 2 12-29-2003 08:38 AM


All times are GMT -5. The time now is 09:22 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration