Network troubleshooting, any experts?

Michael Gargiullo mgargiullo at warpdrive.net
Wed Apr 28 20:12:14 UTC 2004 

On Wed, 2004-04-28 at 16:03, Elam Daly wrote:
> Hi list,
> 
> First let me say that the particular server that I am trying to 
> troubleshoot is not Fedora, but
> RedHat 9.  As I am subscribed to this list, I thought it would be a good 
> place to ask.
> 
> At this particular company we have a webserver, that sits behind a 
> firewall/router.  All incoming port 80
> traffic is directed to this server.  All computers in the company reside 
> internally on 123.123.123.* ip addresses.
> All DNS resolution is done externally.
> 
> Now the problem is that all computers on the network can browse the 
> internet and do various chores like
> telnet and ssh with no problem, except for the web server.  I can ssh, 
> telnet etc. to other computers on the internal network
> from the web server but not to the outside world.
> 
> Some oddities:
> 
> My resolv.conf file has the ip addresses of my DNS servers.  If I ping 
> an internet address I get back the ip resolution ok, yet I cannot
> telnet to either of my DNS servers on port 53 from the web server.  So 
> how am I getting back ip addresses when I ping?
> 
> Traceroute and ping respond ok, but no other utilities respond.  They 
> all time out.  I ran some tcpdump's telneting to yahoo.com and the DNS 
> server and I've
> included those below if it's helpful to anyone.
> 
> I have no firewall running, and just to be sure I've flushed the 
> iptables and ran the /etc/rc3.d/iptables script with the -stop flag.
> I've also talked to the isp( it's their router ) and they claim that if 
> all the other computers can get web access then so should
> the webserver.
> 
> If anyone has ANY suggestions it would be most helpful.
> 
> Cheers,
> Elam Daly
> Whiteware Inc.
> 
> 
> 
> 
> 
> 
> TCPDUMP to YAHOO.COM telnet port 80:
> 
> 15:20:05.621044 123.123.123.240.1065 > sprite.wwnet.net.domain:  29834+ 
> AAAA? www.yahoo.com. (31) (DF)
> 15:20:05.700534 sprite.wwnet.net.domain > 123.123.123.240.1065:  29834 
> 1/1/0 (137)
> 15:20:05.700874 123.123.123.240.1065 > sprite.wwnet.net.domain:  29835+ 
> A? www.yahoo.com. (31) (DF)
> 15:20:05.723337 sprite.wwnet.net.domain > 123.123.123.240.1065:  29835 
> 9/9/9 CNAME[|domain]
> 15:20:05.724132 123.123.123.240.1065 > sprite.wwnet.net.domain:  1558+ 
> PTR? 68.118.109.216.in-addr.arpa. (45) (DF)
> 15:20:05.830093 sprite.wwnet.net.domain > 123.123.123.240.1065:  1558* 
> 1/5/5 (276)
> 15:20:05.830519 123.123.123.240.1065 > sprite.wwnet.net.domain:  1559+ 
> PTR? 65.118.109.216.in-addr.arpa. (45) (DF)
> 15:20:05.893671 sprite.wwnet.net.domain > 123.123.123.240.1065:  1559* 
> 1/5/5 (276)
> 15:20:05.894048 123.123.123.240.1065 > sprite.wwnet.net.domain:  1560+ 
> PTR? 108.117.109.216.in-addr.arpa. (46) (DF)
> 15:20:06.000311 sprite.wwnet.net.domain > 123.123.123.240.1065:  1560* 
> 1/5/5 (279)
> 15:20:06.000687 123.123.123.240.1065 > sprite.wwnet.net.domain:  1561+ 
> PTR? 70.118.109.216.in-addr.arpa. (45) (DF)
> 15:20:06.060732 sprite.wwnet.net.domain > 123.123.123.240.1065:  1561* 
> 1/5/5 (276)
> 15:20:06.061147 123.123.123.240.1065 > sprite.wwnet.net.domain:  1562+ 
> PTR? 73.118.109.216.in-addr.arpa. (45) (DF)
> 15:20:06.199215 sprite.wwnet.net.domain > 123.123.123.240.1065:  1562* 
> 1/5/5 (277)
> 15:20:06.199595 123.123.123.240.1065 > sprite.wwnet.net.domain:  1563+ 
> PTR? 66.118.109.216.in-addr.arpa. (45) (DF)
> 15:20:06.256277 sprite.wwnet.net.domain > 123.123.123.240.1065:  1563* 
> 1/5/5 (276)
> 15:20:06.256652 123.123.123.240.1065 > sprite.wwnet.net.domain:  1564+ 
> PTR? 74.118.109.216.in-addr.arpa. (45) (DF)
> 15:20:06.320372 sprite.wwnet.net.domain > 123.123.123.240.1065:  1564* 
> 1/5/5 (277)
> 15:20:06.320748 123.123.123.240.1065 > sprite.wwnet.net.domain:  1565+ 
> PTR? 205.117.109.216.in-addr.arpa. (46) (DF)
> 15:20:06.383390 sprite.wwnet.net.domain > 123.123.123.240.1065:  1565* 
> 1/5/5 (279)
> 15:20:06.384242 123.123.123.240.3796 > p5.www.dcn.yahoo.com.http: S 
> 1740721116:1740721116(0) win 5840 <mss 1460,sackOK,timestamp 8969937 
> 0,nop,wscale 0> (DF) [tos 0x10]
> 15:20:09.375214 123.123.123.240.3796 > p5.www.dcn.yahoo.com.http: S 
> 1740721116:1740721116(0) win 5840 <mss 1460,sackOK,timestamp 8970237 
> 0,nop,wscale 0> (DF) [tos 0x10]
> 15:20:15.375192 123.123.123.240.3796 > p5.www.dcn.yahoo.com.http: S 
> 1740721116:1740721116(0) win 5840 <mss 1460,sackOK,timestamp 8970837 
> 0,nop,wscale 0> (DF) [tos 0x10]
> 
> TCPDUMP to DNS SERVER, telnet port 53:
> 
> 15:28:23.096096 123.123.123.240.1066 > sprite.wwnet.net.domain:  32519+ 
> AAAA? sprite.wwnet.net. (34) (DF)
> 15:28:23.115363 sprite.wwnet.net.domain > 123.123.123.240.1066:  32519* 
> 0/1/0 (85)
> 15:28:23.115706 123.123.123.240.1066 > sprite.wwnet.net.domain:  32520+ 
> AAAA? sprite.wwnet.net.localdomain. (46) (DF)
> 15:28:23.134217 sprite.wwnet.net.domain > 123.123.123.240.1066:  32520 
> NXDomain 0/1/0 (121)
> 15:28:23.134782 123.123.123.240.1066 > sprite.wwnet.net.domain:  32521+ 
> A? sprite.wwnet.net. (34) (DF)
> 15:28:23.154865 sprite.wwnet.net.domain > 123.123.123.240.1066:  32521* 
> 1/2/2 A sprite.wwnet.net (119)
> 15:28:23.155665 123.123.123.240.1066 > sprite.wwnet.net.domain:  21669+ 
> PTR? 2.211.142.209.in-addr.arpa. (44) (DF)
> 15:28:23.176607 sprite.wwnet.net.domain > 123.123.123.240.1066:  21669* 
> 1/2/2 (143)
> 15:28:23.177382 123.123.123.240.3799 > sprite.wwnet.net.domain: S 
> 2259943146:2259943146(0) win 5840 <mss 1460,sackOK,timestamp 9019617 
> 0,nop,wscale 0> (DF) [tos 0x10]
> 15:28:26.175190 123.123.123.240.3799 > sprite.wwnet.net.domain: S 
> 2259943146:2259943146(0) win 5840 <mss 1460,sackOK,timestamp 9019917
> 



How about a traceroute to yahoo.com ?

More information about the fedora-list mailing list