Network troubleshooting, any experts?
Michael Gargiullo
mgargiullo at warpdrive.net
Wed Apr 28 20:12:14 UTC 2004
On Wed, 2004-04-28 at 16:03, Elam Daly wrote:
> Hi list,
>
> First let me say that the particular server that I am trying to
> troubleshoot is not Fedora, but
> RedHat 9. As I am subscribed to this list, I thought it would be a good
> place to ask.
>
> At this particular company we have a webserver, that sits behind a
> firewall/router. All incoming port 80
> traffic is directed to this server. All computers in the company reside
> internally on 123.123.123.* ip addresses.
> All DNS resolution is done externally.
>
> Now the problem is that all computers on the network can browse the
> internet and do various chores like
> telnet and ssh with no problem, except for the web server. I can ssh,
> telnet etc. to other computers on the internal network
> from the web server but not to the outside world.
>
> Some oddities:
>
> My resolv.conf file has the ip addresses of my DNS servers. If I ping
> an internet address I get back the ip resolution ok, yet I cannot
> telnet to either of my DNS servers on port 53 from the web server. So
> how am I getting back ip addresses when I ping?
>
> Traceroute and ping respond ok, but no other utilities respond. They
> all time out. I ran some tcpdump's telneting to yahoo.com and the DNS
> server and I've
> included those below if it's helpful to anyone.
>
> I have no firewall running, and just to be sure I've flushed the
> iptables and ran the /etc/rc3.d/iptables script with the -stop flag.
> I've also talked to the isp( it's their router ) and they claim that if
> all the other computers can get web access then so should
> the webserver.
>
> If anyone has ANY suggestions it would be most helpful.
>
> Cheers,
> Elam Daly
> Whiteware Inc.
>
>
>
>
>
>
> TCPDUMP to YAHOO.COM telnet port 80:
>
> 15:20:05.621044 123.123.123.240.1065 > sprite.wwnet.net.domain: 29834+
> AAAA? www.yahoo.com. (31) (DF)
> 15:20:05.700534 sprite.wwnet.net.domain > 123.123.123.240.1065: 29834
> 1/1/0 (137)
> 15:20:05.700874 123.123.123.240.1065 > sprite.wwnet.net.domain: 29835+
> A? www.yahoo.com. (31) (DF)
> 15:20:05.723337 sprite.wwnet.net.domain > 123.123.123.240.1065: 29835
> 9/9/9 CNAME[|domain]
> 15:20:05.724132 123.123.123.240.1065 > sprite.wwnet.net.domain: 1558+
> PTR? 68.118.109.216.in-addr.arpa. (45) (DF)
> 15:20:05.830093 sprite.wwnet.net.domain > 123.123.123.240.1065: 1558*
> 1/5/5 (276)
> 15:20:05.830519 123.123.123.240.1065 > sprite.wwnet.net.domain: 1559+
> PTR? 65.118.109.216.in-addr.arpa. (45) (DF)
> 15:20:05.893671 sprite.wwnet.net.domain > 123.123.123.240.1065: 1559*
> 1/5/5 (276)
> 15:20:05.894048 123.123.123.240.1065 > sprite.wwnet.net.domain: 1560+
> PTR? 108.117.109.216.in-addr.arpa. (46) (DF)
> 15:20:06.000311 sprite.wwnet.net.domain > 123.123.123.240.1065: 1560*
> 1/5/5 (279)
> 15:20:06.000687 123.123.123.240.1065 > sprite.wwnet.net.domain: 1561+
> PTR? 70.118.109.216.in-addr.arpa. (45) (DF)
> 15:20:06.060732 sprite.wwnet.net.domain > 123.123.123.240.1065: 1561*
> 1/5/5 (276)
> 15:20:06.061147 123.123.123.240.1065 > sprite.wwnet.net.domain: 1562+
> PTR? 73.118.109.216.in-addr.arpa. (45) (DF)
> 15:20:06.199215 sprite.wwnet.net.domain > 123.123.123.240.1065: 1562*
> 1/5/5 (277)
> 15:20:06.199595 123.123.123.240.1065 > sprite.wwnet.net.domain: 1563+
> PTR? 66.118.109.216.in-addr.arpa. (45) (DF)
> 15:20:06.256277 sprite.wwnet.net.domain > 123.123.123.240.1065: 1563*
> 1/5/5 (276)
> 15:20:06.256652 123.123.123.240.1065 > sprite.wwnet.net.domain: 1564+
> PTR? 74.118.109.216.in-addr.arpa. (45) (DF)
> 15:20:06.320372 sprite.wwnet.net.domain > 123.123.123.240.1065: 1564*
> 1/5/5 (277)
> 15:20:06.320748 123.123.123.240.1065 > sprite.wwnet.net.domain: 1565+
> PTR? 205.117.109.216.in-addr.arpa. (46) (DF)
> 15:20:06.383390 sprite.wwnet.net.domain > 123.123.123.240.1065: 1565*
> 1/5/5 (279)
> 15:20:06.384242 123.123.123.240.3796 > p5.www.dcn.yahoo.com.http: S
> 1740721116:1740721116(0) win 5840 <mss 1460,sackOK,timestamp 8969937
> 0,nop,wscale 0> (DF) [tos 0x10]
> 15:20:09.375214 123.123.123.240.3796 > p5.www.dcn.yahoo.com.http: S
> 1740721116:1740721116(0) win 5840 <mss 1460,sackOK,timestamp 8970237
> 0,nop,wscale 0> (DF) [tos 0x10]
> 15:20:15.375192 123.123.123.240.3796 > p5.www.dcn.yahoo.com.http: S
> 1740721116:1740721116(0) win 5840 <mss 1460,sackOK,timestamp 8970837
> 0,nop,wscale 0> (DF) [tos 0x10]
>
> TCPDUMP to DNS SERVER, telnet port 53:
>
> 15:28:23.096096 123.123.123.240.1066 > sprite.wwnet.net.domain: 32519+
> AAAA? sprite.wwnet.net. (34) (DF)
> 15:28:23.115363 sprite.wwnet.net.domain > 123.123.123.240.1066: 32519*
> 0/1/0 (85)
> 15:28:23.115706 123.123.123.240.1066 > sprite.wwnet.net.domain: 32520+
> AAAA? sprite.wwnet.net.localdomain. (46) (DF)
> 15:28:23.134217 sprite.wwnet.net.domain > 123.123.123.240.1066: 32520
> NXDomain 0/1/0 (121)
> 15:28:23.134782 123.123.123.240.1066 > sprite.wwnet.net.domain: 32521+
> A? sprite.wwnet.net. (34) (DF)
> 15:28:23.154865 sprite.wwnet.net.domain > 123.123.123.240.1066: 32521*
> 1/2/2 A sprite.wwnet.net (119)
> 15:28:23.155665 123.123.123.240.1066 > sprite.wwnet.net.domain: 21669+
> PTR? 2.211.142.209.in-addr.arpa. (44) (DF)
> 15:28:23.176607 sprite.wwnet.net.domain > 123.123.123.240.1066: 21669*
> 1/2/2 (143)
> 15:28:23.177382 123.123.123.240.3799 > sprite.wwnet.net.domain: S
> 2259943146:2259943146(0) win 5840 <mss 1460,sackOK,timestamp 9019617
> 0,nop,wscale 0> (DF) [tos 0x10]
> 15:28:26.175190 123.123.123.240.3799 > sprite.wwnet.net.domain: S
> 2259943146:2259943146(0) win 5840 <mss 1460,sackOK,timestamp 9019917
>
How about a traceroute to yahoo.com ?
More information about the fedora-list
mailing list