Fedora Networking :: Can Ping But Cannot Browse - Outgoing Packets Dropped
Oct 5, 2010
In my Fedora13 machine, while in mobile broadband, i can ping and skype outside, but cannot browse/yum etc. Few output that may be of relevence are here:
$ netstat -s
IP:
149468 total packets received
6 with invalid headers
16174 with invalid addresses
0 forwarded
0 incoming packets discarded
118821 incoming packets delivered
101331 requests sent out
124 outgoing packets dropped
866 dropped because of missing route .....
One of our RHEL 5.3 servers has trouble about 30% of the time with TCP-based communications, but it does not seem to be firewall issues. From another computer on the same switch, you can SSH to the server sometimes and other times the SSH command will just hang. When it hangs, you can often just Ctrl+C and try it again and it works. Same with HTTP connections. You'll get part of a web page and then FireFox will just hang waiting for the rest and eventually time out. Same goes for communication initiated FROM the server. SSH'ing from the server to any outside server or connecting to any web site works sometimes, but most times not. iptables if off. No other firewalls are running. Tcpdump shows communication gets so far and then stops. It does not matter whether tou run tcpdump on that server or the client connecting to it. Either way you see the connection stops working. MEANWHILE, pinging with small or large packets works flawlessly. 10,000 packets, zero drops.
I've recently installed Ubunter 9.10 Server Edition to use as a NAT firewall for the lab I run. I'm using iptables to do NAT forwarding and everything works great except that, occasionally, connections seem to break. Ssh connections close with "Connection reset by peer" and HTTP connections just stall out.I believe this has to do with the firewall's internal network interface occasionally dropping packets.
I am using ubuntu 9.10. Configuring my firewall using guarddog. I have setup a rule to allow traffic OUT on port 7078 UDP, and just because i'm having problems i added an IN rule.
# Create the filter chains # Create chain to filter traffic going from 'Internet' to 'Local' ipchains -N f0to1
I've run into a of a routing issue pertaining to packets leaving a firewall, traversing and IPSec tunnel, hitting the target and then returning via a different tunnel, finally arriving back on the source firewall but on a different interface from where it started. Once the packet has returned to the firewall it is dropped I've been unable to discover the reason for the drop. Two sides to the system, Firewall A and Firewall B. Each firewall provides the default gateway to its respective side and offers a backup IPSec tunnel to the high capacity tunnel handled internally. The Layer 3 Switch uses OSPF and takes care of the bulk of the behind the scenes routing between the sides. In case of failure the Layer 3 switches direct traffic to use the Firewall tunnels to route traffic.
I'm running a Debian Squeeze 6.0.1a box that's connected to my ISP via an L2TP connection that's managed by OpenL2TPD. The box is configured to perform NAT from local clients (on eth0) to the internet (on ppp0).
However, I'm having an issue with TCP packets that are sent from the box itself to the internet (packets originally coming from the local clients get sent and received over the internet just fine)
I'm using this Python app to test this:
Code: #!/usr/bin/env python import socket, time s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind(('', 5003)) s.listen(1) while 1: conn, addr = s.accept()
I'm using FC10 on my box at work. It is behind an anthenticated proxy for internet connection. In Gnome, I configured the Network Proxy through the GUI, as my browsers too.
So I can browse internet pages, install packages thru Add/Remove Software GUI, but I cant do it in the command line, using yum install, for example. Then trying to figure it out, I saw that it cant reach the package mirrors. It isnt a DNS problem, I set the /etc/resolv.conf correctly, as the host command works correclty. I can ping the local pcs on the network too. Firewall is disabled. Below some simple tests:
[rtovo@davinci ~]$ ping mirrors.fedoraproject.org connect: Network is unreachable [rtovo@davinci ~]$ host mirrors.fedoraproject.org mirrors.fedoraproject.org is an alias for wildcard.fedoraproject.org.
Background: In attempting to move from XP to linux, I have a F14 live USB stick -- can boot Dell M6400, see the internal drive and USB sticks. Wired ethernet network is seen only if ethernet cable is plugged in before booting. Then, I can ping sites by name (yahoo.com, google.com) -- however, FireFox does not load any web-page over the internet -- it does not put up an error message either, it just keeps waiting (it is in on-line mode).Info on the system
uname -a Code: Linux localhost.localdomain 2.6.35.6-45.fc14.x86_64 #1 SMP Mon Oct 18 23:57:44 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux [code]...
with my other ethernet card problem solved, I suddenly run into this:
Code: eth1 Link encap:Ethernet HWaddr 00:02:e3:16:37:4c inet addr:10.0.2.1 Bcast:10.0.2.255 Mask:255.255.255.0 inet6 addr: fe80::202:e3ff:fe16:374c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[Code]...
This card was working perfectly fine up until....an hour ago and it started doing this. My iptables isn't blocking it somehow, because I didn't change anything. I tried reverting to an older kernel and that didn't help. It's not the network cable, it works fine in any other card. Also, the dropped packets seem to count down? It seems to go down by exactly one every time I run ifconfig, no matter the length of time in between running it.
I have a small Dell PowerEdge 1650 server with Fedora 12 loaded. We can access the internet, (Google, our home page, Etc.) but can not ping any local or outside IP addressed. Our internal computers can ping each other but not the server. No, it is not the server firewall because we also disabled it and still the same results.
Node A to Vlan Switch Node B to Vlan Switch Node C to Vlan Switch Node B is set up to be a middle man between A and C. All nodes have 1 NIC.
They are all linux boxes. Node B can ping Node C. When I try to ping Node C from Node A, the ping just hangs forever.
When I use Wireshark to sniff What's going on with Node B during a ping from Node A to Node C, I can see an ICMP request with src = Node A and dest = Node C. I'd like to know if that ICMP packet was received by B from A or if it is going out. If it's going out, that makes no sense since B knows how to send to C. If B is only getting the requests but not forwarding them, then I know there is something wrong with B's configuration.
So I'd like to be able to sniff incoming packets only, or outgoing packets only. Is there a way to do this?
As is known, there is a queue lies between the kernel subsystem and the network driver for incoming data. And if data come when this queue has no space for it, the data got dropped by kernel. Is there some way to see how many packets are dropped due to this buff penury? I tried netstat -s but could not find something useful. On the other hand, I found this 12176 packets collapsed in receive queue due to low socket buffer from netstat -s. I think this is something related to the per-socket buffer, but not the incoming queue between the network driver and kernel. Is this right?
new installation of fedora 14 intel pro/wireless 29251abgeverything ppears to be workingbut ping doesn't workand firefox doesn't workping resolves names but doesn't ping??
On our webhosting servers, where is primary running apache, sometimes starts huge outgoing traffic to random IP addressess (each time of attack is it just one IP). It's always UDP,and according to my investigation tcpdump, it looks like p2p. The problem is in big outgoing traffic, and secondly in filling ip_conntract table /proc/net/ip_conntrack. I think, that one of our webhosting users has some virus uploaded on his FTP, which is time to time ran. I think, that if I can map outgoing traffic to particular process ID, it will be easy to find the PID in access log of webserver and than see what URL it causes.
What I have checked already:
- outgoing UDP connections are not listed in netstat - so cannot get PID from there - Apache with PHP is in safe mode - cannot exec binaries, cgi is disabled - I can see tons of records in tcpdump, but from the dump I'm not able to get PID - In time of attack I was trying to run `lsof`, but nothing to see - didn't found the attacker - I went through apache access log - I took time of attack -i.e. 02:22 am - grep from access log all hits between 02:20 and 02:29 am and try to call all them again - problem didn't occured - checked the POST records from access log - nothing - grepped all php files for keyword 'fsockopen' and 'torrent' - from iptables --log-uid I have found user nobody (under apache is ran)
I think that the key is able to match outgoing connection to PID, than it will be easy.
I've been trying to redirect all outgoing packets (destined for a specified ip address) from my slack box back to itself. I thought this could be done with iptables, but if I fire up wireshark I can clearly see that the packets are getting out to the real server and I'm getting responses from it.
So here's what I tried:
All looks good and fine, and then I even try to visit 194.28.157.42 with firefox (by the way I am running a webserver, that is set to show a page when you visit 127.0.0.1) and I get an error page that reads: 502 Bad Gateway.
I ignored this message to see what the program I'm trying to interrupt does, and when I start wireshark and then start the program that is using that website, I can clearly see that the packets make it to the real 194.28.157.42 and get back responses.
My server ended up on 1 (just 1) block list and I'm finding it very difficult to convince myself that it was just an error of some kind.Can anyone think of any giveaways at the packet or port level that some program is sending spam from my server without using the normal MTA (nothing suspicious is showing up in the sendmail logs)
I switched over to Fedora a couple of days ago. I'm using the built-in firewall shipped with it but I can't find out how to enable logging of dropped packets. Among others I'd like to use psad that needs firewall logging. Is there an easy way to do this? I'm not an iptables "expert".
my NIC drives me crazy and I need some help to gather all relevant informations to file a decent bug report. Maybe someone could guide me through this process.My mainboard is an AsRock Z68 Pro3
[URL]
I use a dual-boot setup with Windows7 installed in parallel to Fedora 15-x64. Whenever I had Windows in use and jjust reboot the system into Fedora, the NIC does not work as expected. Instead it goes in an endless "em1: link up" loop which results in very low bandwith or even complete network timeouts. This happens in Firefox as well as with yum or ping.
Quote:
Originally Posted by dmesg [ 58.763294] r8169 0000:05:00.0: em1: link up [ 59.686773] r8169 0000:05:00.0: em1: link up [ 61.936454] r8169 0000:05:00.0: em1: link up
[code]....
If I directly cold boot into Fedora (after the power cord has been removed and the system got completely re-initialized) there are no problems at alll and I get a fast and stable network conection. This also happens with other linux distributions, for example SysRescCD.
recently I got new wireless card, att usb Quicksilver(based/produce by Option?), for att.Regular gnome network manager freezes the computer when I am plugging it it therefore I installed the one from wicd.net.Also, I am using HSOConnect (to connect by to G3 network), and sometimes I connect to regular wireless g connection through router.
Under both cases I can ping the website by IP and can access the website by ip (ex. google) but can not ping or browse by name.As a side note... I can use and access Skype fine under g3 network and normal wireless.I tried browsing and finding other solutions in past few days but ended up breaking everything and reinstalling to get back to the point I am at now.I am working on the road, so not being to broswse is rather crippling to me.... also I can access internet normally only from home from different computer now.
I've just done a clean install of F14.have a wired ethernet connection (no wifi).Initially, I was able to browse the web with Konqueror... but after doing a big package update, and installing Firefox, I can no longer browse any website (Unknown host errors).The strange thing about this is that I can ping successfully via hostname
I am trying to figure out what command to use to show the number of DROPPED and INVALID packets that the firewall is handling.I'm going to put these commands into a log analyzer script which will run every 15 minutes with cron. The firewall is running and operating the way I want it to. I'm running CentOS 5.4.
When I ping our Microsoft Windows terminal server "cluster" farm, I get ICMP warnings that there are duplicate packets. I am able to rdesktop to the cluster with no problems. We are trying to setup nagios to run on this Ubuntu configuration and nagios is reporting the following error: "PING WARNING - DUPLICATES! Packet Loss=0%, RTA=.98ms. FPing reports duplicates as well. Is there a setting in the Arp table that needs to be set differently because the "Cluster" MAC address isn't an actual hardware MAC but a virtual MAC address?
I'm running Lucid (10.04), dualboot vista, but I'm having some issues with my wireless USB dongle. Previously (in a different) location, the network wasn't showing in my wireless network tab, and that was never resolved. But now I'm in a new place, and what I'm finding is that my network is showing up in the networks tab, and I can select it, enter the PSK, and it starts to interrogate, but never seems to manage all the way through to getting internet.
Im not sure whether the machine is able to connect to the network, but not the wider internet, or what. The only indication I'm getting is that its connecting for a length of time, then gives up. I have managed to get the update tool pop up - so I'm not sure if thats an indicator of some internet connection or not (presumably it only generates the list of packages to update when it can connect to the net and see what updates are required...) I believe its also managed to get 1 or 2 ping packets through to the internet. I'm driving a belkin N-wireless USB adapter, N10117.
I'm looking for an open source/free network emulator tool that I could use on Mac OS X, to simulate a slow network connection, limited bandwidth and other network characteristics such as dropped packets etc for both UDP/TCP connections (or even on the physical layer).
I'm looking for the simplest solution that would allow me to run TCP/UDP servers and have a few clients connect to them on localhost emulating various network connections. I'm mainly wondering if I can use something like Linux's netem on Mac OS X (or even better cross-platform Windows/Linux/Mac). Perhaps I can run VirtualBox and a Linux kernel running netem, has anyone had luck with that?[URL]...
I've been receiving a LOT of log cruft ever since I installed my WUSB100V2 (using the rt2870sta community driver from the Linux kernel) and was wondering what it all meant.
Many times when these messages occur it is accompanied by slow network speeds and many DNS queries and outgoing SYNs being dropped. I have searched for documentation for these (error?) messages and have come up empty as far as what they mean or how I can stop them from occurring.
I reside on the opposite side of the building from my WAP. I have taken steps to improve the signal strength, but the signal quality hovers between 50% and 70%, sometimes dropping to 40% for unknown reasons.
