|
Home > Archive > Unix Programming > November 2007 > www.freebsd.org times out
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
www.freebsd.org times out
|
|
|
|
|
|
|
| Giorgos Keramidas wrote:
> Spoon wrote:
>
>
> Transient network failures? I can connect to www.FreeBSD.org just fine,
> and it's been several times this day, the past few days, and so on...
I don't think it's a network problem, as I can reach the box.
$ ping 69.147.83.33
PING 69.147.83.33 (69.147.83.33) 56(84) bytes of data.
64 bytes from 69.147.83.33: icmp_seq=1 ttl=50 time=188 ms
64 bytes from 69.147.83.33: icmp_seq=2 ttl=50 time=188 ms
64 bytes from 69.147.83.33: icmp_seq=3 ttl=51 time=183 ms
64 bytes from 69.147.83.33: icmp_seq=4 ttl=51 time=190 ms
Perhaps my IP address or subnet has been blacklisted... Odd.
$ telnet 69.147.83.33 80
Trying 69.147.83.33...
telnet: connect to address 69.147.83.33: Connection timed out
| |
| Giorgos Keramidas 2007-11-23, 1:22 pm |
| On Fri, 23 Nov 2007 10:42:57 +0100, Spoon <root@localhost> wrote:
> Giorgos Keramidas wrote:
>
> I don't think it's a network problem, as I can reach the box.
>
> $ ping 69.147.83.33
> PING 69.147.83.33 (69.147.83.33) 56(84) bytes of data.
> 64 bytes from 69.147.83.33: icmp_seq=1 ttl=50 time=188 ms
>
> Perhaps my IP address or subnet has been blacklisted... Odd.
>
> $ telnet 69.147.83.33 80
> Trying 69.147.83.33...
> telnet: connect to address 69.147.83.33: Connection timed out
I don't have access to the *web* server itself, but it seems that
connections _from_ freefall.freebsd.org to your IP address work:
freefall:/home/keramida$ telnet 69.147.83.33 80
Trying 69.147.83.33...
Connected to www.freebsd.org.
Escape character is '^]'.
^]
telnet> q
Connection closed.
freefall:/home/keramida$
I'll try to contact the webmasters and see if there's any way the other
way is blocked. Please ping keramida @ freebsd.org if I don't get back
to you in a day or so...
- Giorgos
| |
|
| Giorgos Keramidas wrote:
> Spoon wrote:
>
>
> I don't have access to the *web* server itself, but it seems that
> connections _from_ freefall.freebsd.org to your IP address work:
>
> freefall:/home/keramida$ telnet 69.147.83.33 80
Errr... My IP address is 88.163.235.69 not 69.147.83.33
> Trying 69.147.83.33...
> Connected to www.freebsd.org.
> Escape character is '^]'.
> ^]
> telnet> q
> Connection closed.
> freefall:/home/keramida$
>
> I'll try to contact the webmasters and see if there's any way the other
> way is blocked. Please ping keramida @ freebsd.org if I don't get back
> to you in a day or so...
I had no problem reaching www.freebsd.org from 82.67.146.167
(same ISP, different subnet). I suspect www.freebsd.org is
ignoring (tar-pitting) 88.163.235.0/24.
Regards.
| |
| Giorgos Keramidas 2007-11-26, 7:22 pm |
| On Mon, 26 Nov 2007 10:05:07 +0100, Spoon <root@localhost> wrote:
>Giorgos Keramidas wrote:
>
> I had no problem reaching www.freebsd.org from 82.67.146.167 (same
> ISP, different subnet). I suspect www.freebsd.org is ignoring
> (tar-pitting) 88.163.235.0/24.
There were other reports about some firewalls (outside of the control of
the FreeBSD Project), which had issues/problems with the TCP window
scaling behavior of FreeBSD 7.0. A recent change to the window scaling
implementation of FreeBSD 7.X and a subsequent update of the web servers
to use the new, fixed code, seems to have improved things for other
people who had similarly looking problems.
Can you try again, and let me know if everything works better now?
- Giorgos
| |
|
| Giorgos Keramidas wrote:
> On Mon, 26 Nov 2007 10:05:07 +0100, Spoon <root@localhost> wrote:
>
> There were other reports about some firewalls (outside of the control of
> the FreeBSD Project), which had issues/problems with the TCP window
> scaling behavior of FreeBSD 7.0. A recent change to the window scaling
> implementation of FreeBSD 7.X and a subsequent update of the web servers
> to use the new, fixed code, seems to have improved things for other
> people who had similarly looking problems.
>
> Can you try again, and let me know if everything works better now?
I've tried from a Windows box (XP) using Opera, and from a Linux
(2.6.18.6) box using telnet to port 80. Neither work.
$ telnet 69.147.83.33 80
Trying 69.147.83.33...
telnet: connect to address 69.147.83.33: Connection timed out
# tcpdump -vvv port http
14:41:52.041598 IP (tos 0x10, ttl 64, id 38877, offset 0, flags [DF],
proto: TCP (6), length: 60) 10.10.10.208.1133 > www.freebsd.org.http: S,
cksum 0x865d (correct), 3330785892:3330785892(0) win 5840 <mss
1460,sackOK,timestamp 434132409 0,nop,wscale 9>
14:41:55.038394 IP (tos 0x10, ttl 64, id 38878, offset 0, flags [DF],
proto: TCP (6), length: 60) 10.10.10.208.1133 > www.freebsd.org.http: S,
cksum 0x8531 (correct), 3330785892:3330785892(0) win 5840 <mss
1460,sackOK,timestamp 434132709 0,nop,wscale 9>
14:42:01.038832 IP (tos 0x10, ttl 64, id 38879, offset 0, flags [DF],
proto: TCP (6), length: 60) 10.10.10.208.1133 > www.freebsd.org.http: S,
cksum 0x82d9 (correct), 3330785892:3330785892(0) win 5840 <mss
1460,sackOK,timestamp 434133309 0,nop,wscale 9>
14:42:13.039708 IP (tos 0x10, ttl 64, id 38880, offset 0, flags [DF],
proto: TCP (6), length: 60) 10.10.10.208.1133 > www.freebsd.org.http: S,
cksum 0x7e29 (correct), 3330785892:3330785892(0) win 5840 <mss
1460,sackOK,timestamp 434134509 0,nop,wscale 9>
14:42:37.041472 IP (tos 0x10, ttl 64, id 38881, offset 0, flags [DF],
proto: TCP (6), length: 60) 10.10.10.208.1133 > www.freebsd.org.http: S,
cksum 0x74c9 (correct), 3330785892:3330785892(0) win 5840 <mss
1460,sackOK,timestamp 434136909 0,nop,wscale 9>
14:43:25.044977 IP (tos 0x10, ttl 64, id 38882, offset 0, flags [DF],
proto: TCP (6), length: 60) 10.10.10.208.1133 > www.freebsd.org.http: S,
cksum 0x6209 (correct), 3330785892:3330785892(0) win 5840 <mss
1460,sackOK,timestamp 434141709 0,nop,wscale 9>
$ traceroute -n 69.147.83.33
traceroute to 69.147.83.33 (69.147.83.33), 30 hops max, 38 byte packets
1 10.10.10.254 0.445 ms 0.401 ms 0.387 ms
2 10.1.100.202 0.205 ms 0.141 ms 0.139 ms
3 192.168.0.254 1.064 ms 0.745 ms 0.701 ms
4 88.163.235.254 49.929 ms 27.502 ms 27.238 ms
5 * * *
6 * * *
7 * 212.27.57.190 27.843 ms 28.129 ms
8 * 212.27.58.26 110.092 ms 109.368 ms
9 206.223.115.16 110.193 ms 110.000 ms 110.091 ms
10 216.115.101.128 216.918 ms 195.441 ms 191.101 ms
11 216.115.107.49 185.573 ms 216.115.107.53 189.802 ms 216.115.107.77
186.318 ms
12 209.131.32.37 189.874 ms 209.131.32.41 190.163 ms 209.131.32.43
190.069 ms
13 69.147.83.33 188.761 ms 190.074 ms 187.944 ms
The reports for the last hops look strange.
$ traceroute -I -n 69.147.83.33
traceroute to 69.147.83.33 (69.147.83.33), 30 hops max, 38 byte packets
1 10.10.10.254 0.448 ms 0.547 ms 0.397 ms
2 10.1.100.202 0.182 ms 0.139 ms 0.138 ms
3 192.168.0.254 1.026 ms 0.796 ms 0.713 ms
4 88.163.235.254 50.869 ms 26.904 ms 27.682 ms
5 * * 213.228.4.254 27.367 ms
6 * * *
7 212.27.57.190 27.760 ms * 28.083 ms
8 212.27.58.26 109.400 ms 109.333 ms 109.585 ms
9 206.223.115.16 109.681 ms 109.570 ms 109.580 ms
10 216.115.101.128 190.275 ms 189.236 ms 189.340 ms
11 216.115.107.49 188.499 ms 216.115.107.73 188.067 ms 216.115.107.77
188.322 ms
12 209.131.32.25 188.294 ms 209.131.32.35 189.736 ms 209.131.32.37
188.533 ms
13 69.147.83.33 182.786 ms 188.653 ms 188.469 ms
Using ICMP probes instead of UDP probes makes no difference.
Regards.
| |
| Giorgos Keramidas 2007-11-27, 1:30 pm |
| On Tue, 27 Nov 2007 14:50:14 +0100, Spoon <root@localhost> wrote:
>Giorgos Keramidas wrote:
>
> I've tried from a Windows box (XP) using Opera, and from a Linux
> (2.6.18.6) box using telnet to port 80. Neither work.
>
> $ telnet 69.147.83.33 80
> Trying 69.147.83.33...
> telnet: connect to address 69.147.83.33: Connection timed out
>
> # tcpdump -vvv port http
> 14:41:52.041598 IP (tos 0x10, ttl 64, id 38877, offset 0, flags [DF],
> proto: TCP (6), length: 60) 10.10.10.208.1133 > www.freebsd.org.http: S,
> cksum 0x865d (correct), 3330785892:3330785892(0) win 5840
> <mss 1460,sackOK,timestamp 434132409 0,nop,wscale 9>
>
> 14:41:55.038394 IP (tos 0x10, ttl 64, id 38878, offset 0, flags [DF],
> proto: TCP (6), length: 60) 10.10.10.208.1133 > www.freebsd.org.http: S,
> cksum 0x8531 (correct), 3330785892:3330785892(0) win 5840
> <mss 1460,sackOK,timestamp 434132709 0,nop,wscale 9>
>
> [...]
That's odd. No SYN-ACK ever comes back.
> $ traceroute -n 69.147.83.33
> traceroute to 69.147.83.33 (69.147.83.33), 30 hops max, 38 byte packets
> 1 10.10.10.254 0.445 ms 0.401 ms 0.387 ms
> 2 10.1.100.202 0.205 ms 0.141 ms 0.139 ms
> 3 192.168.0.254 1.064 ms 0.745 ms 0.701 ms
> 4 88.163.235.254 49.929 ms 27.502 ms 27.238 ms
> 5 * * *
> 6 * * *
> 7 * 212.27.57.190 27.843 ms 28.129 ms
> 8 * 212.27.58.26 110.092 ms 109.368 ms
> 9 206.223.115.16 110.193 ms 110.000 ms 110.091 ms
> 10 216.115.101.128 216.918 ms 195.441 ms 191.101 ms
> 11 216.115.107.49 185.573 ms 216.115.107.53 189.802 ms 216.115.107.77
> 186.318 ms
> 12 209.131.32.37 189.874 ms 209.131.32.41 190.163 ms 209.131.32.43
> 190.069 ms
> 13 69.147.83.33 188.761 ms 190.074 ms 187.944 ms
It seems traceroute *can* reach www.freebsd.org:
$ xargs -n1 host < host.list
Host 254.235.163.88.in-addr.arpa not found: 3(NXDOMAIN)
190.57.27.212.in-addr.arpa domain name pointer bzn-6k-1-po20.intf.routers.proxad.net.
26.58.27.212.in-addr.arpa domain name pointer yankee-6k-1.po2.intf.routers.proxad.net.
16.115.223.206.in-addr.arpa domain name pointer exchange-cust1.dc2.equinix.net.
128.101.115.216.in-addr.arpa domain name pointer so-0-0-0.pat1.pao.yahoo.com.
49.107.115.216.in-addr.arpa domain name pointer g-0-0-0-p140.msr1.sp1.yahoo.com.
37.32.131.209.in-addr.arpa domain name pointer ge-1-43.bas-b2.sp1.yahoo.com.
33.83.147.69.in-addr.arpa domain name pointer www.freebsd.org.
$
But the delays between hop 4 and hop 9 look suspicious...
Is the address 88.163.235.254 (hop 4) your own address?
Do you run some sort of firewall/nat on that host?
What is its precise setup?
| |
|
| Giorgos Keramidas wrote:
> Is the address 88.163.235.254 (hop 4) your own address?
> Do you run some sort of firewall/nat on that host?
> What is its precise setup?
Giorgos,
10.1.100.202 is *indeed* a firewall. Turns out our netadmin
suddenly decided to drop *all* TCP traffic to 69.147.0.0/16 (!!!)
.... @!#&$
(sigh)
I am now off to beat some sense into him.
Please accept my apologies for having wasted your time, and thank
you so much for your patient prodding.
Regards.
|
|
|
|
|