JonTrainer
2004-01-10, 09:04 AM
I've been experiencing an issue on a periodic, but fairly regular basis, since I got my server (several months).
The server locks me out from all services (ssh, www, webmin, pop, imap, etc.) but, seemingly only from my IP (tried two computers running Mac OS X (panther) from my home office network on the same static IP).
But, if I VPN to a client's network and use a PC with putty to ssh in to the server, no problem. Using this other PC to view the /var/log/messages log file I find this APF firewall entry listing an entry for my home IP being allowed in:
Jan 10 13:43:11 dragon kernel: ** SSH ** IN=eth0 OUT= MAC=00:02:b3:96:4a:6b:00:0a:f4:02:51:80:08:00 SRC=xxx.xxx.xxx.99 DST=66.139.73.35 LEN=60 TOS=0x04 PREC=0x00 TTL=46 ID=23703 DF PROTO=TCP SPT=6999 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
Yet, ssh times out.
Running sar reveals a 96-99% cpu idle time for the past 24 hours, so the server is not bogged down.
I have no trouble pinging the server:
PING dragon (66.139.73.35): 56 data bytes
64 bytes from 66.139.73.35: icmp_seq=0 ttl=49 time=67.67 ms
64 bytes from 66.139.73.35: icmp_seq=1 ttl=49 time=66.707 ms
64 bytes from 66.139.73.35: icmp_seq=2 ttl=49 time=68.546 ms
Traceroute seems to look okay as well:
traceroute to dragon (66.139.73.35), 30 hops max, 40 byte packets
1 * * *
2 * * *
3 vl200.cat1.sbo.ma.rcn.net (209.6.160.100) 7.774 ms 7.838 ms 7.488 ms
4 ge4-0.core3.sbo.ma.rcn.net (207.172.15.147) 17.385 ms 7.105 ms 7.965 ms
5 pos5-0.core3.nyw.ny.rcn.net (207.172.19.5) 12.97 ms 12.663 ms 12.445 ms
6 ge3-0.border3.nyw.ny.rcn.net (207.172.15.68) 12.721 ms 11.853 ms 12.373 ms
7 207.96.92.118 (207.96.92.118) 12.137 ms 12.846 ms 12.008 ms
8 jfk11-core1-s0-7-1-0.atlas.algx.net (165.117.192.93) 13.62 ms 12.954 ms 13.795 ms
9 jfk11-core2-so-1-0-0-0.atlas.algx.net (165.117.192.30) 14.452 ms 13.459 ms 14.537 ms
10 ord10-core1-so-0-2-0-0.atlas.algx.net (165.117.200.34) 35.351 ms 38.217 ms 35.935 ms
11 ord10-core2-so-0-1-0-0.atlas.algx.net (165.117.192.14) 34.79 ms 35.797 ms 36.36 ms
12 dfw10-core1-so-7-1-0-0.atlas.algx.net (165.117.200.49) 64.008 ms 61.47 ms 61.253 ms
13 iah10-core2-so-2-0-0-0.atlas.algx.net (165.117.200.54) 65.477 ms 65.05 ms 66.238 ms
14 iah10-core1-so-1-0-0-0.atlas.algx.net (165.117.192.21) 66.145 ms 65.685 ms 67.986 ms
15 sat10-core2-so-2-0-0-0.atlas.algx.net (165.117.200.58) 68.232 ms 70.21 ms 99.428 ms
16 sat10-edge1-pos7-0.atlas.algx.net (165.117.59.22) 69.125 ms 67.105 ms 68.407 ms
17 209.49.35.10 (209.49.35.10) 66.88 ms 68.993 ms 66.834 ms
18 * * *
I've tried shorewall firewall and now apf firewall, thinking maybe something was broken. I have DoS protection turned off for apf. As listed above, the firewall lets me through, but the services don't seem to connect.
Then, just as sudden I'm able to connect again. I've checked crontab and I have no jobs running during the "outage". I'm able to connect from different IP addresses, and DoS protection is turned off.
Any ideas?
The server locks me out from all services (ssh, www, webmin, pop, imap, etc.) but, seemingly only from my IP (tried two computers running Mac OS X (panther) from my home office network on the same static IP).
But, if I VPN to a client's network and use a PC with putty to ssh in to the server, no problem. Using this other PC to view the /var/log/messages log file I find this APF firewall entry listing an entry for my home IP being allowed in:
Jan 10 13:43:11 dragon kernel: ** SSH ** IN=eth0 OUT= MAC=00:02:b3:96:4a:6b:00:0a:f4:02:51:80:08:00 SRC=xxx.xxx.xxx.99 DST=66.139.73.35 LEN=60 TOS=0x04 PREC=0x00 TTL=46 ID=23703 DF PROTO=TCP SPT=6999 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
Yet, ssh times out.
Running sar reveals a 96-99% cpu idle time for the past 24 hours, so the server is not bogged down.
I have no trouble pinging the server:
PING dragon (66.139.73.35): 56 data bytes
64 bytes from 66.139.73.35: icmp_seq=0 ttl=49 time=67.67 ms
64 bytes from 66.139.73.35: icmp_seq=1 ttl=49 time=66.707 ms
64 bytes from 66.139.73.35: icmp_seq=2 ttl=49 time=68.546 ms
Traceroute seems to look okay as well:
traceroute to dragon (66.139.73.35), 30 hops max, 40 byte packets
1 * * *
2 * * *
3 vl200.cat1.sbo.ma.rcn.net (209.6.160.100) 7.774 ms 7.838 ms 7.488 ms
4 ge4-0.core3.sbo.ma.rcn.net (207.172.15.147) 17.385 ms 7.105 ms 7.965 ms
5 pos5-0.core3.nyw.ny.rcn.net (207.172.19.5) 12.97 ms 12.663 ms 12.445 ms
6 ge3-0.border3.nyw.ny.rcn.net (207.172.15.68) 12.721 ms 11.853 ms 12.373 ms
7 207.96.92.118 (207.96.92.118) 12.137 ms 12.846 ms 12.008 ms
8 jfk11-core1-s0-7-1-0.atlas.algx.net (165.117.192.93) 13.62 ms 12.954 ms 13.795 ms
9 jfk11-core2-so-1-0-0-0.atlas.algx.net (165.117.192.30) 14.452 ms 13.459 ms 14.537 ms
10 ord10-core1-so-0-2-0-0.atlas.algx.net (165.117.200.34) 35.351 ms 38.217 ms 35.935 ms
11 ord10-core2-so-0-1-0-0.atlas.algx.net (165.117.192.14) 34.79 ms 35.797 ms 36.36 ms
12 dfw10-core1-so-7-1-0-0.atlas.algx.net (165.117.200.49) 64.008 ms 61.47 ms 61.253 ms
13 iah10-core2-so-2-0-0-0.atlas.algx.net (165.117.200.54) 65.477 ms 65.05 ms 66.238 ms
14 iah10-core1-so-1-0-0-0.atlas.algx.net (165.117.192.21) 66.145 ms 65.685 ms 67.986 ms
15 sat10-core2-so-2-0-0-0.atlas.algx.net (165.117.200.58) 68.232 ms 70.21 ms 99.428 ms
16 sat10-edge1-pos7-0.atlas.algx.net (165.117.59.22) 69.125 ms 67.105 ms 68.407 ms
17 209.49.35.10 (209.49.35.10) 66.88 ms 68.993 ms 66.834 ms
18 * * *
I've tried shorewall firewall and now apf firewall, thinking maybe something was broken. I have DoS protection turned off for apf. As listed above, the firewall lets me through, but the services don't seem to connect.
Then, just as sudden I'm able to connect again. I've checked crontab and I have no jobs running during the "outage". I'm able to connect from different IP addresses, and DoS protection is turned off.
Any ideas?