Network troubleshooting, any experts?

Wed Apr 28 20:39:56 UTC 2004

Am Mi, den 28.04.2004 schrieb Elam Daly um 22:03:

Please do not highjack foreign threads. If not intending to reply to a
previous post, do not press reply and erase subject and body and
exchange it with your own. Use a plain fresh new mail. Thank you

> Hi list,
> 
> First let me say that the particular server that I am trying to 
> troubleshoot is not Fedora, but
> RedHat 9.  As I am subscribed to this list, I thought it would be a good 
> place to ask.
> 
> At this particular company we have a webserver, that sits behind a 
> firewall/router.  All incoming port 80
> traffic is directed to this server.  All computers in the company reside 
> internally on 123.123.123.* ip addresses.
> All DNS resolution is done externally.
> 
> Now the problem is that all computers on the network can browse the 
> internet and do various chores like
> telnet and ssh with no problem, except for the web server.  I can ssh, 
> telnet etc. to other computers on the internal network
> from the web server but not to the outside world.

Why shall it be possible to access the net from the webserver? Is it not
sufficient if the webserver respond to HTTP request from the net? Or
does even that not work? Then you have a wrong setup with your
firewall/router.

> Some oddities:
> 
> My resolv.conf file has the ip addresses of my DNS servers.  If I ping 
> an internet address I get back the ip resolution ok, yet I cannot
> telnet to either of my DNS servers on port 53 from the web server.  So 
> how am I getting back ip addresses when I ping?

ping is not the mighty master tool for everything. Primary name
resolution uses UDP, not TCP, nor ICMP like ping.

> Traceroute and ping respond ok, but no other utilities respond.  They 
> all time out.  I ran some tcpdump's telneting to yahoo.com and the DNS 
> server and I've
> included those below if it's helpful to anyone.

Then ICMP traffic is allowed and routed, all other at least partly
blocked.

> I have no firewall running, and just to be sure I've flushed the 
> iptables and ran the /etc/rc3.d/iptables script with the -stop flag.
> I've also talked to the isp( it's their router ) and they claim that if 
> all the other computers can get web access then so should
> the webserver.

Check the output of "route", check the firewalling/port forwarding rules
on the firewall/router, be sure the NIC, the cable and the switch port
are ok (no errors in the output of ifconfig).

> If anyone has ANY suggestions it would be most helpful.
> 
> Cheers,
> Elam Daly

Alexander

-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2188.nptl
Sirendipity 22:29:30 up 1 day, 21:18, load average: 0.23, 0.20, 0.23 
                   [ Γνωθι σ'αυτον - gnothi seauton ]
             my life is a planetarium - and you are the stars
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040428/b1664329/attachment-0001.sig>