Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] web server can't see out but others can see in



Sorry for the top post but it just seems easier at the moment.  I will
resolve this issue today come hell or high water.  Thanks for the
excellent advice all.  That's why I love BLU.

- Eric
"damn dns!"

On Thu, Sep 27, 2012 at 2:17 PM, Edward Ned Harvey (blu)
<blu at nedharvey.com> wrote:
>> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
>> bounces+blu=nedharvey.com at blu.org] On Behalf Of Eric Chadbourne
>>
>> eric at webserver1:~$ ping google.com
>> ping: unknown host google.com
>
> That's a pretty conclusive dns failure...
>
>
>> eric at webserver1:~$ ping 173.194.43.38
>> PING 173.194.43.38 (173.194.43.38) 56(84) bytes of data.
>> < hangs forever here >
>
> I don't know what that IP address is, but it should be pingable.  The failure to reply certainly indicates an ICMP failure as well as DNS failure...
>
>
>> eric at webserver1:~$ ping 10.0.0.15
>
> Oh dear.  You should never use the 0 or 255 networks either.  While this is ok sometimes, the problem is:  Some devices just assume a netmask derived from the zero's, or just assume a broadcast because of the 255.  I had this situation (granted, 10 years ago) where my boss gave me a router, told me to configure the following networks (insert network diagram here).  It was a cisco router, and the syntax for creating the routes did not allow me to explicitly specify the netmask - The 10.0.0.0 was implied to be 10.0.0.0/8, while 10.1.1.0 was implied to be 10.1.1.0/24.  Hopefully this sort of thing is becoming antiquated and phased out in the modern day.
>
>
>> eric at webserver1:/etc$ sudo tail -100 resolv.conf
>> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
>> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE
>> OVERWRITTEN
>> nameserver 4.4.8.8
>> nameserver 8.8.8.8
>
> Google's nameservers are 8.8.8.8 and 8.8.4.4
> That's a type-o.
>
> Still, I think it's safe to conclude that your firewall is blocking both outbound ICMP and DNS.
>



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org