LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-13-2016, 06:13 PM   #1
mark9117
LQ Newbie
 
Registered: Jun 2008
Posts: 18

Rep: Reputation: 0
Machine stops accepting packets from network


Greetings all!

I hope this is the correct forum for this qustion. It might be more appropriate in the Wireless Networking forum, but I don't think so. I seem to have a generic networking problem. At any rate, I invite mods to move this post at will.

Some Info:
Linux adamsmdk 4.4.16-desktop-1.mga5 #1 SMP Tue Jul 26 09:23:40 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

OpenSSH_6.6p1, OpenSSL 1.0.2j 26 Sep 2016

wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::7ec3:a1ff:feb5:d441 prefixlen 64 scopeid 0x20<link>
ether 7c:c3:a1:b5:d4:41 txqueuelen 1000 (Ethernet)
RX packets 187556892 bytes 227568728140 (211.9 GiB)
RX errors 0 dropped 5 overruns 0 frame 0
TX packets 148267712 bytes 40439069002 (37.6 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Firewall is Shorewall version 4.6.3.4


The Issue:
This machine is a media server in my bedroom closet connected to my network via wifi. It gets about 70-75% signal. It sends and receives packets flawlessly when it works.

The trouble is that it will randomly stop receiving incoming packets. I routinely maintain an ssh connection to that machine on my desktop and it works fine. I can shut that connection down and restart it with no trouble, until I can't. Occasionally, I will reboot my desktop or kill that ssh connection for one reason or another and it will not reconnect. Ssh finds "no route to host". The ssh host pings unreachable. An nmap scan shows that there are no hosts up at that ip address.

But when I access that machine physically, it can ping out with no trouble. It returns ping from my desktop, my file server, my router, google, just everywhere. When I test from that machine, it shows ports are up per the firewall configuration. Netstat -l shows it listening on all the ports it's supposed to listen on including my ssh port.

Cycling the firewall off and then on makes no difference. The only thing I've found that allows incoming traffic is cycling the network (systemctl restart network.service). Once the network comes back up, it not only sees it's ports open, but it allows incoming traffic.

It seems random. I find it curious that the ssh connection I've got running on my desktop will work just fine, but when I try to access a media player (or anything else) with my ipad or Android phone, I get a host is down response. I've tried running a cron job to restart the network at a specified time, but that's really not a fix, just a workaround. And it's hard to work on because I can't reproduce the condition at will.

Does anybody have a clue what's going on here, how to fix it or what I should do to troubleshoot it?

Thanks.

Mark
 
Old 11-14-2016, 03:41 PM   #2
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,838

Rep: Reputation: 160Reputation: 160
When it stop receiving incoming packets, does RX packets counter tick when you execute ifconfig?
 
Old 11-14-2016, 04:29 PM   #3
jefro
Moderator
 
Registered: Mar 2008
Posts: 21,886

Rep: Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615
Wonder if any /var logs might show info?
 
Old 11-15-2016, 12:22 AM   #4
mark9117
LQ Newbie
 
Registered: Jun 2008
Posts: 18

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by nini09 View Post
When it stop receiving incoming packets, does RX packets counter tick when you execute ifconfig?
I'm not sure. As I recall, the machine isn't receiving any packets from anywhere. The Rx counter isn't running as near as I can remember. I'm waiting for it to fail again so that I can try some things not tried already. I'll make note to verify this.

Thanks for the attention.

Mark
 
Old 11-15-2016, 12:33 AM   #5
mark9117
LQ Newbie
 
Registered: Jun 2008
Posts: 18

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by jefro View Post
Wonder if any /var logs might show info?
Shorewall dump: http://pastebin.com/G8yEfgPx

This is dump of my firewall settings. I'm kind of circling the idea of presenting this issue to the Shorewall folks, but I need to do what I can to verify that it is indeed a firewall issue and not some other networking trouble. There's a ton of stuff here and I can't really do much with it - I just don't really understand iptables that well.

Whatever is going on, the net result is that the machine stops allowing incoming packets on any and all ports.

Shorewall log segment: http://pastebin.com/tKkq0GkS

The log starts on 10/18 and you can see where it moves on to 10/21, then picks up again on 11/13. During the 13th you can see several firewall restarts. These represent me stopping and restarting the firewall in an effort to get the machine back on the network.

The weird thing about this situation is that it's just incoming packets that are affected. Outgoing packets are fine, at least to the extent that the machine can successfully ping out to anything on the network. I'm puzzled and really interested in knowing what is going on here.

Thank you for the time and attention. Let me know if I can do anything more to help.


Mark

Edit: I grepped shorewall in my syslog file and got this. Not sure if it helps. Seems to be the same as the shorewall.log contents.

http://pastebin.com/0ppkVGK8

Last edited by mark9117; 11-15-2016 at 03:01 PM.
 
Old 11-15-2016, 03:53 PM   #6
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,838

Rep: Reputation: 160Reputation: 160
Based on log, iptable might get trouble after WiFi is down. We can confirm it at next time based on Rx counter.
 
Old 11-16-2016, 12:18 AM   #7
mark9117
LQ Newbie
 
Registered: Jun 2008
Posts: 18

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by nini09 View Post
Based on log, iptable might get trouble after WiFi is down. We can confirm it at next time based on Rx counter.
Okay. Still waiting for it.
 
Old 11-19-2016, 01:16 AM   #8
mark9117
LQ Newbie
 
Registered: Jun 2008
Posts: 18

Original Poster
Rep: Reputation: 0
Okay, so around 9:30 pm Friday night (tonight), I caught another down episode. I noticed an issue when I was unable to access the CLI instance of VLC running on the media server from my iPad mini. This is the primary roll of this machine for the purposes of this issue.

I checked the link under ifconfig and found both RX and TX packet counters increasing - packets were moving to and from the machine. See attachments.

VLC is running on port 4212. Nmap -Pn <hostname> showed no open ports, but host was up.

In this case, however, the machine did return pings from other machines on the network. Previously, the machine was observed not responding to incoming icmp packets. I seemed to have flawless ssh access to the machine (typically, I don't have that access, hence, the attached photo images).

iptables show active:
Code:
# systemctl status iptables
● iptables.service - iptables Firewall for IPv4
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled)
   Active: active (exited) since Sun 2016-11-13 15:12:01 MST; 5 days ago
 Main PID: 15616 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/iptables.service
I restarted the firewall with "shorewall restart".

It did not resolve the issue. Nmap still could not see any open ports.
I verified that VLC was still running:

Code:
madams    6096  0.1  0.5 1165364 10808 ?       Ssl  Nov14   9:30 /usr/bin/vlc -I dummy --daemon
Checked netstat to see if the port was listening, it wasn't:
Code:
[root@adamsmdk madams]# netstat -l |grep 4212
[root@adamsmdk madams]#
I've got a vlc log running, but it isn't helpful. I don't see anything about why it's no longer on the network.

Dumping the tables via "shorweall dump"shows those ports open.

Code:
# shorewall dump|grep 4212
    0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:4212IFWLOG prefix 'NEW' 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 2812,10000,8484,4212,8080,10000,5902,5901,9512
grep: /proc/net/nf_conntrack: No such file or directory
I was unable to telnet to the port locally (127.0.0.1), by hostname, or from another machine on the network:

Code:
$ telnet adamsmdk 4212
Trying 192.168.1.100...
telnet: connect to address 192.168.1.100: Connection refused
I attempted to telnet into some random ports. I was able to telnet to port 80, 8080, and 5901, but 5902 was also rejected.

I'm not entirely sure telnet should have connected, but I'm pretty sure you can connect to any open port via telnet (good old telnet, how I love thee).

I restarted the VLC daemon successfully, did not resolve - ports still showing not open.

That's all I could think of. I restarted the network - "systemctl restart network.service".

And issue resolved.

I would still like to know why this is happening and how I can deal with it. I am deeply vexed.

Any ideas welcome. Thank you.

Mark
Attached Thumbnails
Click image for larger version

Name:	IMG_0050-18-11-16-09-55.jpg
Views:	6
Size:	128.9 KB
ID:	23571   Click image for larger version

Name:	IMG_0052-18-11-16-09-55.jpg
Views:	5
Size:	125.0 KB
ID:	23572  

Last edited by mark9117; 11-19-2016 at 01:20 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Network stack accepting packets coming in on the wrong interface o2blom Linux - Networking 6 02-19-2016 06:37 PM
Linux not accepting udp and tcp ethernet packets Praju26 Linux - Newbie 1 05-04-2015 12:47 PM
accepting packets on port 80 alsharifhoussam Linux - Server 4 05-04-2009 03:29 AM
vsftpd stops accepting chroot'd logins markverhyden Linux - Wireless Networking 0 05-29-2005 01:43 AM
Linux not accepting port forwarded packets? p_motch Linux - Networking 10 07-18-2004 10:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration