sudden loss of ability to access network (can ssh in but not ssh out)
 

I have a machine running Red Hat enterprise Linux. When I came in this morning it was unable to access the network in any way. Ping and ssh both time out, I can't access websites. However, I had an open ssh session up from a couple days ago where I was logged remotely onto a different computer and that did not break off and was still working normally. Also, I can still ssh into the Red Hat machine from a different machine (running OsX in this case). So somehow it seems able to accept connections going in but not going out.

I don't think I changed any settings or anything that should have affected internet connection between yesterday and today when this problem happened.

Does anyone have any ideas what could be causing this or how to fix it?!

Thanks,
Lena

Hmm...did anything change elsewhere, like your networking guys upgrading routers/switches/firewalls? If you can get to it, what do the routing tables and ifconfig's say? (ifconfig -a and netstat -nr). And is this box DHCP or static IP?

If you're feeling brave (since you're having spotty network access), you can try to (as root), run "/etc/init.d/network restart", which will bounce the interfaces. I've seen similar things happen here, when the ARP tables on the networking hardware get....confused.....

I tried running "/etc/init.d/network restart" it brought everything down and back up just fine (no error messages) but it didn't fix the problem.
The box is using static IP.


Here is the result of ifconfig -a:
eth0 Link encap:Ethernet HWaddr 00:19:B9:42:C4:91
inet addr:171.64.127.208 Bcast:171.64.255.255 Mask:255.255.0.0
inet6 addr: fe80::219:b9ff:fe42:c491/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:85 errors:0 dropped:0 overruns:0 frame:0
TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8254 (8.0 KiB) TX bytes:2224 (2.1 KiB)
Interrupt:169

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2437 errors:0 dropped:0 overruns:0 frame:0
TX packets:2437 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1802377 (1.7 MiB) TX bytes:1802377 (1.7 MiB)

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

Here is the result of netstat -nr:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
171.64.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 171.64.1.1 0.0.0.0 UG 0 0 0 eth0

Thanks for your help!
- Lena

You've got one interface, and I have to assume that the default route is right, although on our network here, it's usually xx.xx.xx.1, instead of the xx.xx.1.1 you have. If the default route is correct, things LOOK ok.

I'd pull your network guys in, make sure the default route is correct, and have them flush the ARP tables on your network equipment. And be sure to ask them if they've done anything that could cause this.

That did it! I switched the subnet mask and gateway to match one of the other computers in the lab (to xx.xx.xx.1) and did the /etc/init.d/network restart thingy and it started working. Apparently the department did something like a firewall migration this morning and didn't bother to tell us about it.

Thanks for your help!
Lena

Glad it worked.....:)