DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 27th October 2009
vi5in's Avatar
vi5in vi5in is offline
Real Name: Vivin Paliath
Port Guard
 
Join Date: May 2008
Location: Arizona
Posts: 17
Default Machine not responding to incoming connections

Hello,

I have a two FreeBSD servers running with static IP's. They were running fine until I had a power failure yesterday. I restarted them, fsck'ed everything and everything looks good.

However, I cannot connect to these boxes from outside my network.

I have a Ubuntu machine on the same network with a static IP that receives incoming connections without any problem (ssh/http etc).

The two freebsd machines WILL receive connections on the static IP, but it has to be sent from within the network. So I they can connect to each other and any machine within the subnet can connect to the server. However, nothing OUTSIDE the network can connect to these two freebsd machines. The Ubuntu machine is receiving connections fine so I'm not sure what the problem is. I don't have any firewalls running IPFW is disabled.

Since the Linux machine is working, I don't think it is a router issue. When I do a netstat I can see that there are incoming connections, but they seem to be stuck in the SYN_RCVD state.

Last edited by vi5in; 27th October 2009 at 10:02 PM.
Reply With Quote
  #2   (View Single Post)  
Old 27th October 2009
vi5in's Avatar
vi5in vi5in is offline
Real Name: Vivin Paliath
Port Guard
 
Join Date: May 2008
Location: Arizona
Posts: 17
Default Most bizarre

Ok, this is most bizarre.

Out of desperation I completely reinstalled FreeBSD (7.2) on one of the machines. I still have the exact same problem. Firewall/router issue? Then why is it ONLY affecting the FreeBSD machines and not the Linux machine?!
Reply With Quote
  #3   (View Single Post)  
Old 27th October 2009
vi5in's Avatar
vi5in vi5in is offline
Real Name: Vivin Paliath
Port Guard
 
Join Date: May 2008
Location: Arizona
Posts: 17
Default

Doesn't look like it's the router. I restored the router to factory settings and put in information for my static IP's. Still have the same problem. I don't think anything is blocking the connection. The incoming connection anyway, because I can see a SYN_RCVD on the FreeBSD machines. But there is no response from the machine. The connection just times out. Oh, and the machines are able to talk to the outside world without any problem. They just seem to have a problem responding to INCOMING connections.

Last edited by vi5in; 27th October 2009 at 05:57 PM.
Reply With Quote
  #4   (View Single Post)  
Old 27th October 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

You haven't provided any configuration information, so here are two guesses. If they aren't applicable, try posting network configuration info. If you want to diagnose the problem, use tcpdump(1).

This "Sounds" like one of two things:

1) Route table mismanagement -- e.g. a missing default route, or bad subnet masking. See ifconfig(8) and route(8). If you use DHCP for configuration, and you see routing or other information is not configured properly see dhclient.conf(5).

2) Firewall settings. If you're using PF or ipfw, of course. Specific guidance will depend on which is implemented, and what is being blocked exactly.
Reply With Quote
  #5   (View Single Post)  
Old 27th October 2009
vi5in's Avatar
vi5in vi5in is offline
Real Name: Vivin Paliath
Port Guard
 
Join Date: May 2008
Location: Arizona
Posts: 17
Default

Thanks jggimi!

I don't have pf or ipfw running (unless it starts up by default?? How do I check?). So I don't think it's a firewall issue. The odd thing is that on one machine I have a brand-new install and so I'm running on default settings. So I don't see why it shouldn't respond to connections.

Here's my rc.conf (network settings):

Code:
defaultrouter="209.x.y.54"
hostname="andromeda.is-a-geek.net"
ifconfig_fxp0="inet 209.x.y.50  netmask 255.255.255.248"
ifconfig_rl0="DHCP"
I ran tcpdump, while trying to connect to the machine using this site (http://www.uptimeinspector.com/test-...onnection.html). The Linux machine responds fine to this. Here is what I got from tcpdump:

Code:
12:15:18.154543 arp who-has andromeda.is-a-geek.net tell 209.x.y.54
12:15:18.154568 arp reply andromeda.is-a-geek.net is-at 00:03:47:d3:55:4c (oui Unknown)
12:15:18.154702 IP 115.124.100.30.40174 > andromeda.is-a-geek.net.ssh: S 3999881339:3999881339(0) win 5840 <mss 1452,sackOK,timestamp 2442576604 0,nop,wscale 2>
12:15:21.146989 IP 115.124.100.30.40174 > andromeda.is-a-geek.net.ssh: S 3999881339:3999881339(0) win 5840 <mss 1452,sackOK,timestamp 2442579604 0,nop,wscale 2>
12:15:27.155046 IP 115.124.100.30.40174 > andromeda.is-a-geek.net.ssh: S 3999881339:3999881339(0) win 5840 <mss 1452,sackOK,timestamp 2442585604 0,nop,wscale 2>
12:15:39.147315 IP 115.124.100.30.40174 > andromeda.is-a-geek.net.ssh: S 3999881339:3999881339(0) win 5840 <mss 1452,sackOK,timestamp 2442597604 0,nop,wscale 2>
12:15:46.148323 arp who-has 209.x.y.52 tell 209.x.y.54
12:15:47.148305 arp who-has 209.x.y.52 tell 209.x.y.54
12:15:48.148238 arp who-has 209.x.y.52 tell 209.x.y.54
12:15:48.829373 IP 115.124.100.30.40285 > andromeda.is-a-geek.net.ssh: S 4038856357:4038856357(0) win 5840 <mss 1452,sackOK,timestamp 2442607286 0,nop,wscale 2>
12:15:51.829230 IP 115.124.100.30.40285 > andromeda.is-a-geek.net.ssh: S 4038856357:4038856357(0) win 5840 <mss 1452,sackOK,timestamp 2442610286 0,nop,wscale 2>
12:15:53.827959 arp who-has andromeda.is-a-geek.net tell 209.x.y.54
12:15:53.827985 arp reply andromeda.is-a-geek.net is-at 00:03:47:d3:55:4c (oui Unknown)
12:15:57.831359 IP 115.124.100.30.40285 > andromeda.is-a-geek.net.ssh: S 4038856357:4038856357(0) win 5840 <mss 1452,sackOK,timestamp 2442616286 0,nop,wscale 2>
12:16:09.829144 IP 115.124.100.30.40285 > andromeda.is-a-geek.net.ssh: S 4038856357:4038856357(0) win 5840 <mss 1452,sackOK,timestamp 2442628286 0,nop,wscale 2>
For the linux machine (which does respond), I have:

Code:
12:11:19.711502 IP 115.124.100.30.39386 > tardis-2.local.ssh: S 3721978452:3721978452(0) win 5840 <mss 1452,sackOK,timestamp 2442315282 0,nop,wscale 2>
12:11:19.711537 IP tardis-2.local.ssh > 115.124.100.30.39386: S 3728537005:3728537005(0) ack 3721978453 win 5792 <mss 1460,sackOK,timestamp 10824721 2442315282,nop,wscale 6>
12:11:19.794368 IP 115.124.100.30.39386 > tardis-2.local.ssh: . ack 1 win 1460 <nop,nop,timestamp 2442315365 10824721>
12:11:19.805509 IP tardis-2.local.ssh > 115.124.100.30.39386: P 1:40(39) ack 1 win 91 <nop,nop,timestamp 10824745 2442315365>
12:11:19.887270 IP 115.124.100.30.39386 > tardis-2.local.ssh: . ack 40 win 1460 <nop,nop,timestamp 2442315458 10824745>
12:11:19.890600 IP 115.124.100.30.39386 > tardis-2.local.ssh: F 1:1(0) ack 40 win 1460 <nop,nop,timestamp 2442315461 10824745>
12:11:19.891645 IP tardis-2.local.ssh > 115.124.100.30.39386: F 40:40(0) ack 2 win 91 <nop,nop,timestamp 10824766 2442315461>
12:11:19.973379 IP 115.124.100.30.39386 > tardis-2.local.ssh: . ack 41 win 1460 <nop,nop,timestamp 2442315544 10824766>
12:11:24.706498 arp who-has tardis-2.local tell 209.x.y.54
I notice that there are no outgoing connections from andromeda. I don't know why that is.

Last edited by vi5in; 27th October 2009 at 10:05 PM.
Reply With Quote
  #6   (View Single Post)  
Old 27th October 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

You have two NICs, and rl0 uses DHCP. It is -possible- that the DHCP connection overlays your routing table. Did you look at your routing table, with both NICs operational, to confirm your default route was still properly in place? If not, try netstat -r or netstat -nr.
Reply With Quote
  #7   (View Single Post)  
Old 27th October 2009
vi5in's Avatar
vi5in vi5in is offline
Real Name: Vivin Paliath
Port Guard
 
Join Date: May 2008
Location: Arizona
Posts: 17
Default

Hmm...

Well, this is what I have:

209.x.y.49 -> enterprise
209.x.y.50 -> andromeda
209.x.y.51 -> tardis
209.x.y.52 -> unassigned
209.x.y.53 -> wireless router

(48, 54, and 55 are unusable)

And when I do netstat -nr I get this:

Code:
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            10.0.1.1           UGS         0        2    rl0
10.0.1.0/24        link#2             UC          0        0    rl0
10.0.1.1           00:16:cb:c6:3e:19  UHLW        2        0    rl0   1191
10.0.1.6           00:90:f5:3e:fc:9c  UHLW        1    44436    rl0   1191
127.0.0.1          127.0.0.1          UH          0        0    lo0
209.x.y.48/29      link#1             UC          0        0   fxp0
209.x.y.53         00:16:cb:c6:3e:19  UHLW        1       51   fxp0   1187
(I've left out the Internet6 stuff)

On the linux machine (tardis) I get:

Code:
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
209.x.y.48      0.0.0.0         255.255.255.248 U         0 0          0 eth0
10.0.1.0        0.0.0.0         255.255.255.0   U         0 0          0 wlan0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         209.x.y.54      0.0.0.0         UG        0 0          0 eth0
Not too well-versed with routing tables, so not sure what that means. I notice that .53 is in the first routing table. Is it possible that it's using that instead of 54?

Edit:

I restarted the machine, and changed around the order of the interfaces in rc.conf (not sure if that changes anything):

Code:
hostname="andromeda.is-a-geek.net"
ifconfig_rl0="DHCP"
ifconfig_fxp0="inet 209.x.y.50  netmask 255.255.255.248"
defaultrouter="209.x.y.54"
I ran netstat -nr again and got:

Code:
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            10.0.1.1           UGS         0        3    rl0
10.0.1.0/24        link#2             UC          0        0    rl0
10.0.1.1           00:16:cb:c6:3e:19  UHLW        2       10    rl0   1171
10.0.1.196         00:30:1b:19:df:f8  UHLW        1        0    rl0   1057
10.0.1.255         ff:ff:ff:ff:ff:ff  UHLWb       1       23    rl0
127.0.0.1          127.0.0.1          UH          0        4    lo0
209.x.y.48/29      link#1             UC          0        0   fxp0
209.x.y.53         00:16:cb:c6:3e:19  UHLW        1       73   fxp0   1085
209.x.y.54         link#1             UHLW        1        0   fxp0

Last edited by vi5in; 27th October 2009 at 10:06 PM.
Reply With Quote
  #8   (View Single Post)  
Old 27th October 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Your DHCP server is setting your default route to 10.0.1.1. You don't -want- that for an Internet-exposed platform. (You do want a firewall, or very limited services, obviously).

In simplest terms, a route is where to send packets outside the local subnets. Your local LAN is 10.0.1.0/24, and your Internet LAN is 201.x.y.z/29. If you have no -specific- routes defined, any address that falls outside these two subnets will use your default route, which is 10.0.1.1. And that is on a different (and wrong) NIC, which is why you don't see the packets on fxp0.

You need to set your dhclient.conf to ignore the route information from your DHCP server, or, set that address as static as well.

(You should learn to hide any internet facing domain names and IP addresses in public forums, else you will give attackers lots of information they otherwise might not have.)
Reply With Quote
  #9   (View Single Post)  
Old 27th October 2009
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 336
Default

If you run tcpdump on rl0 you will likely see the replies to 115.124.100.30 trying to get out (for the reason jggimi already stated -- your desired default gateway is overruled by the one set by DHCP) . So your machine is responding to incoming packets, but to the wrong network.
Reply With Quote
Old 27th October 2009
vi5in's Avatar
vi5in vi5in is offline
Real Name: Vivin Paliath
Port Guard
 
Join Date: May 2008
Location: Arizona
Posts: 17
Default Thanks!

You're a lifesaver! I've been pulling my hair out for since yesterday
Yeah, I shouldn't have displayed my IP's (I don't have ftp or telnet; I have SSH and I have set AllowUsers in the config to my name. I also don't allow root logins) since that is information that attackers can use!

So you were right! The dhcp server running on the router plugged into my second interface was overwriting everything. I looked up the manpage of dhclient.conf and found a few howtos. I forced the default router to be 209.x.y.54 and that seemed to work! Here's my dhclient.conf:

Code:
backoff-cutoff 2;
initial-interval 1;
retry 10;
select-timeout 0;
timeout 30;

interface "vr0" {
   supersede routers 209.x.y.54;
   supersede host-name "enterprise";
   supersede domain-name "xxxx.xxx";
   request subnet-mask,
           domain-name-servers;

   require subnet-mask,
           domain-name-servers;
}
Once again, thanks a whole bunch!

Last edited by vi5in; 27th October 2009 at 10:28 PM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix incoming only on external vdubjunkie General software and network 5 7th June 2009 08:02 PM
Serial connections JMJ_coder General software and network 9 25th July 2008 03:28 PM
More tcp connections tad1214 FreeBSD General 8 5th June 2008 03:05 PM
BSD n00b needs to block incoming SQL on 3306 renolinux FreeBSD Security 5 27th May 2008 02:26 PM
OpenVPN - Problem with connections MME General software and network 2 26th May 2008 06:42 PM


All times are GMT. The time now is 06:10 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick