BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] web server can't see out but others can see in

Subject: [Discuss] web server can't see out but others can see in
From: eric at aaca-boston.org (Eric Chadbourne)
Date: Thu, 27 Sep 2012 14:28:46 -0400
In-reply-to: <D1B1A95FBDCF7341AC8EB0A97FCCC477197C4276@SN2PRD0410MB372.namprd04.prod.outlook.com>
References: <CADVqGWB_=dyrxNRXMPLr3kLtMaoGS9McPX1WLUV0eqH3=EXy4g@mail.gmail.com> <CA+h9Qs5k-8tmYgCvEj3ZFT66tb=paD2D9dyv4=yFFJWOsuaFmw@mail.gmail.com> <CADVqGWDtBcQDgPgNFNWD=ZsLLygx_pg4dXwi9sJ1yzPpJm8RYQ@mail.gmail.com> <CADVqGWDs_pC_N7vKb5c5zNTZj3HRKVedTEus4ZAS-SCF8bw8SA@mail.gmail.com> <D1B1A95FBDCF7341AC8EB0A97FCCC477197C4276@SN2PRD0410MB372.namprd04.prod.outlook.com>

Sorry for the top post but it just seems easier at the moment.  I will
resolve this issue today come hell or high water.  Thanks for the
excellent advice all.  That's why I love BLU.

- Eric
"damn dns!"

On Thu, Sep 27, 2012 at 2:17 PM, Edward Ned Harvey (blu)
<blu at nedharvey.com> wrote:
>> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
>> bounces+blu=nedharvey.com at blu.org] On Behalf Of Eric Chadbourne
>>
>> eric at webserver1:~$ ping google.com
>> ping: unknown host google.com
>
> That's a pretty conclusive dns failure...
>
>
>> eric at webserver1:~$ ping 173.194.43.38
>> PING 173.194.43.38 (173.194.43.38) 56(84) bytes of data.
>> < hangs forever here >
>
> I don't know what that IP address is, but it should be pingable.  The failure to reply certainly indicates an ICMP failure as well as DNS failure...
>
>
>> eric at webserver1:~$ ping 10.0.0.15
>
> Oh dear.  You should never use the 0 or 255 networks either.  While this is ok sometimes, the problem is:  Some devices just assume a netmask derived from the zero's, or just assume a broadcast because of the 255.  I had this situation (granted, 10 years ago) where my boss gave me a router, told me to configure the following networks (insert network diagram here).  It was a cisco router, and the syntax for creating the routes did not allow me to explicitly specify the netmask - The 10.0.0.0 was implied to be 10.0.0.0/8, while 10.1.1.0 was implied to be 10.1.1.0/24.  Hopefully this sort of thing is becoming antiquated and phased out in the modern day.
>
>
>> eric at webserver1:/etc$ sudo tail -100 resolv.conf
>> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
>> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE
>> OVERWRITTEN
>> nameserver 4.4.8.8
>> nameserver 8.8.8.8
>
> Google's nameservers are 8.8.8.8 and 8.8.4.4
> That's a type-o.
>
> Still, I think it's safe to conclude that your firewall is blocking both outbound ICMP and DNS.
>

References:
- [Discuss] web server can't see out but others can see in
  - From: eric at aaca-boston.org (Eric Chadbourne)
- [Discuss] web server can't see out but others can see in
  - From: eric at aaca-boston.org (Eric Chadbourne)
- [Discuss] web server can't see out but others can see in
  - From: blu at nedharvey.com (Edward Ned Harvey (blu))

Prev by Date: [Discuss] web server can't see out but others can see in
Next by Date: [Discuss] Running Android on a PC such as Android X86 Project
Previous by thread: [Discuss] web server can't see out but others can see in
Next by thread: [Discuss] web server can't see out but others can see in
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org