[Linux] why can't I access some websites and how can I fix it ?
November 6, 2008 4:34 AM Subscribe
[Linux] I can't access some websites anymore - apparently not a DNS problem (the URL gets resolved) and although I'm at work, they are not blocked by my employer as I can access them from other computers. How can I fix that ?
More info (not sure if all is relevant):
Mandriva 2008, at my workplace (but I have superuser privileges to fix it if necessary)
my user account and such is on a network and mounted (I'm not sure how it all works but it has to do with LDAP server and NFS filesystem)-- yesterday before I left the computer slowed down a lot and I assumed it was a pb with the server and/or network as it often happens [it turns out my coworker's didn't get the same pb] - when I came back this morning the computer was completely frozen so I rebooted it. Ever since, I can't access some websites. My coworker's computer can get to them. I tried wget and the url resolves to the right IP adress, but then it gets no answer (a ping to this IP doesn't work either, works from another computer). To my knowledge, no change has been made either on the network or on my computer.
Any ideas ?
More info (not sure if all is relevant):
Mandriva 2008, at my workplace (but I have superuser privileges to fix it if necessary)
my user account and such is on a network and mounted (I'm not sure how it all works but it has to do with LDAP server and NFS filesystem)-- yesterday before I left the computer slowed down a lot and I assumed it was a pb with the server and/or network as it often happens [it turns out my coworker's didn't get the same pb] - when I came back this morning the computer was completely frozen so I rebooted it. Ever since, I can't access some websites. My coworker's computer can get to them. I tried wget and the url resolves to the right IP adress, but then it gets no answer (a ping to this IP doesn't work either, works from another computer). To my knowledge, no change has been made either on the network or on my computer.
Any ideas ?
Maybe, compare its IP address with that of your coworker's computer and see whether they're in completely different IP ranges? I've seen networks where desktops and servers are assigned IPs by different DHCP servers; perhaps your Linux system has been auto-identified as a server somehow and is hence firewalled differently?
posted by XMLicious at 5:07 AM on November 6, 2008
posted by XMLicious at 5:07 AM on November 6, 2008
What happens if you do a traceroute to the "unreachable" servers?
posted by jozxyqk at 5:15 AM on November 6, 2008
posted by jozxyqk at 5:15 AM on November 6, 2008
Response by poster: @theichibun : I certainly hadn't thought of this kind of problem. I couldn't find any anti-trojan for Linux though.
@XMLicious : the 2 addresses seem to be in the same range - anyway I think they're fixed so nothing should have changed since yesterday
posted by nalf at 5:17 AM on November 6, 2008
@XMLicious : the 2 addresses seem to be in the same range - anyway I think they're fixed so nothing should have changed since yesterday
posted by nalf at 5:17 AM on November 6, 2008
Start at a low level. Are you sure you're trying to reach the right address?
"Ping" doesn't necessarily tell you anything. If it's successful, good. If not, then it means nothing.
Open a terminal and "telnet $remoteaddress www". Does it connect? If so, type "GET / http/1.0". Do you get a web page's source?
If that works reliably, then it's your web browser acting wonky. If not, then it's the network or remote machine.
-----
"when I came back this morning the computer was completely frozen so I rebooted it."
...And?! That's not normal. You should be alarmed at that. This isn't Windows. You should start there looking for problems. That's a far bigger deal than not reaching web sites.
Check your logs from before the freeze/crash. Does anything look strange?
(Incidentally, if your buddy runs a unix also, you two should consider syslogging to each other's boxes so the one has a log of the important events on the other, and that will remove a lot of mystery. man syslogd.conf; man syslog. Make syslog accept messages from outside. Configure yours to send them out.)
posted by cmiller at 5:57 AM on November 6, 2008
"Ping" doesn't necessarily tell you anything. If it's successful, good. If not, then it means nothing.
Open a terminal and "telnet $remoteaddress www". Does it connect? If so, type "GET / http/1.0". Do you get a web page's source?
If that works reliably, then it's your web browser acting wonky. If not, then it's the network or remote machine.
-----
"when I came back this morning the computer was completely frozen so I rebooted it."
...And?! That's not normal. You should be alarmed at that. This isn't Windows. You should start there looking for problems. That's a far bigger deal than not reaching web sites.
Check your logs from before the freeze/crash. Does anything look strange?
(Incidentally, if your buddy runs a unix also, you two should consider syslogging to each other's boxes so the one has a log of the important events on the other, and that will remove a lot of mystery. man syslogd.conf; man syslog. Make syslog accept messages from outside. Configure yours to send them out.)
posted by cmiller at 5:57 AM on November 6, 2008
If you think you have a trojan, I'd back it up and mail it to experts, because it'd be one of the first in the wild for Linux, and experts are always looking to publish!
More seriously, grab a few different LiveCDs and see if they still exhibit the problem. If it goes away, it's something within Mandriva. If it persists, it's either the network or something Linux-ey not specific to Mandriva.
posted by pwnguin at 5:57 AM on November 6, 2008
More seriously, grab a few different LiveCDs and see if they still exhibit the problem. If it goes away, it's something within Mandriva. If it persists, it's either the network or something Linux-ey not specific to Mandriva.
posted by pwnguin at 5:57 AM on November 6, 2008
Is your system up to date with patches and fixes?
Did you install anything new recently?
Has your firewall been reconfigured in such a way that incoming data is rejected, even if it was requested?
Have your network settings been changed in some way?
Do you have a Hosts file that is now rejecting data from this server?
Are you running anything like DenyHosts that blocks known bad hosts? If so, has this server been added to that list? (And if you're not running it, why not?)
Have you checked
Have you checked your other system logs for obvious problems?
Start with that list. Go from there.
posted by caution live frogs at 6:21 AM on November 6, 2008
Did you install anything new recently?
Has your firewall been reconfigured in such a way that incoming data is rejected, even if it was requested?
Have your network settings been changed in some way?
Do you have a Hosts file that is now rejecting data from this server?
Are you running anything like DenyHosts that blocks known bad hosts? If so, has this server been added to that list? (And if you're not running it, why not?)
Have you checked
/var/log/auth.log to see if anyone that should not have access has successfully logged in to your machine through an SSH attack?Have you checked your other system logs for obvious problems?
Start with that list. Go from there.
posted by caution live frogs at 6:21 AM on November 6, 2008
Response by poster: thanks everyone for your input
@cmiller :
1. telnet does not connect at all
2. re frozen computer, it does happen very regularly here : lots of things are somewhere else on the network (and by lots of things I mean: my home directory, a vast majority of the programs I run...) and whenever the server goes down nothing works at all. Most of the time everything gets back to normal whenever the server goes back up, but sometimes you do have to reboot. Anyway, I did check the logs, and what it said was "could not connect to LDAP server".
@pwnguin :
1. I had the same reaction but then I looked it up on the internet and it seems trojans do exist on linux... I don't know.
2. the liveCD idea is good, but I don't have any right now and I'm not even sure I can boot from the CD drive on this machine
@caution live frogs :
wow, that's a big list...
Is your system up to date with patches and fixes? Did you install anything new recently? the answer would be no to both questions... we are under strict orders to not install or update anything... on the other hand, every machine in the building is running the same system without any recent patches...
Has your firewall been reconfigured in such a way that incoming data is rejected, even if it was requested?
I guess there is no firewall directly on the machine, it is at the entry point of the network
Have your network settings been changed in some way?
not that I know of
Do you have a Hosts file that is now rejecting data from this server?
nothing in the Hosts file
Are you running anything like DenyHosts that blocks known bad hosts? If so, has this server been added to that list? (And if you're not running it, why not?)
I'm not sure, but one of the websites I can't access is sourceforge.net and I see no reason why it would be on that list
Have you checked /var/log/auth.log to see if anyone that should not have access has successfully logged in to your machine through an SSH attack?
checked, nothing suspicious
Have you checked your other system logs for obvious problems?
I checked various things, might have missed some but everything seemed normal
posted by nalf at 6:50 AM on November 6, 2008
@cmiller :
1. telnet does not connect at all
2. re frozen computer, it does happen very regularly here : lots of things are somewhere else on the network (and by lots of things I mean: my home directory, a vast majority of the programs I run...) and whenever the server goes down nothing works at all. Most of the time everything gets back to normal whenever the server goes back up, but sometimes you do have to reboot. Anyway, I did check the logs, and what it said was "could not connect to LDAP server".
@pwnguin :
1. I had the same reaction but then I looked it up on the internet and it seems trojans do exist on linux... I don't know.
2. the liveCD idea is good, but I don't have any right now and I'm not even sure I can boot from the CD drive on this machine
@caution live frogs :
wow, that's a big list...
Is your system up to date with patches and fixes? Did you install anything new recently? the answer would be no to both questions... we are under strict orders to not install or update anything... on the other hand, every machine in the building is running the same system without any recent patches...
Has your firewall been reconfigured in such a way that incoming data is rejected, even if it was requested?
I guess there is no firewall directly on the machine, it is at the entry point of the network
Have your network settings been changed in some way?
not that I know of
Do you have a Hosts file that is now rejecting data from this server?
nothing in the Hosts file
Are you running anything like DenyHosts that blocks known bad hosts? If so, has this server been added to that list? (And if you're not running it, why not?)
I'm not sure, but one of the websites I can't access is sourceforge.net and I see no reason why it would be on that list
Have you checked /var/log/auth.log to see if anyone that should not have access has successfully logged in to your machine through an SSH attack?
checked, nothing suspicious
Have you checked your other system logs for obvious problems?
I checked various things, might have missed some but everything seemed normal
posted by nalf at 6:50 AM on November 6, 2008
is your IP address assigned via DHCP? is it possible some other computer on the network has an IP address manually assigned? this seems like a classic "two machines on the network with the same IP address"
posted by jrishel at 10:18 AM on November 6, 2008
posted by jrishel at 10:18 AM on November 6, 2008
"telnet does not connect at all"
Ah! Interesting. Use Wireshark to see what's going on. Look for ARP and ICMP, especially. While listening, try telnet to port 80 again.
You might also yry "tcptraceroute" to try port 80 to see at what point along the route it stops working, if it's not local link-local brokenness (like a sibling machine using your address).
posted by cmiller at 5:59 PM on November 6, 2008
Ah! Interesting. Use Wireshark to see what's going on. Look for ARP and ICMP, especially. While listening, try telnet to port 80 again.
You might also yry "tcptraceroute" to try port 80 to see at what point along the route it stops working, if it's not local link-local brokenness (like a sibling machine using your address).
posted by cmiller at 5:59 PM on November 6, 2008
This thread is closed to new comments.
posted by theichibun at 4:51 AM on November 6, 2008