Koozali.org: home of the SME Server

[SOLVED] unable to access some specific websites since yesterday

Offline Gaetan

  • ***
  • 104
  • +0/-0
[SOLVED] unable to access some specific websites since yesterday
« on: February 26, 2013, 01:05:46 PM »
Hi,
I am using SME 7.6.
This server is connected to an ADSL modem.
I have also another Netgear gateway/router connected to the same modem used as a gateway for specific client computer within the company.

Both gateway have public IP addresses.

Since yesterday, clients using the SME server as a gateway cannot access at least two websites:
www.textmagic.com
www.xe.com

If I change the gatewy on those computer so they use the other Netgear router, it works, they cannot access those websites.

when Tracing Route from the SME server, tracert does NOT complete.


[root@sme2 lists]# traceroute www.textmagic.com
traceroute to www.textmagic.com (62.212.78.142), 30 hops max, 38 byte packets
 1  xxx.xxx.xx.65 (our modem public ip)  0.449 ms  0.408 ms  0.514 ms
 2  lo5-tcl2-bng1.router.uk.clara.net (80.168.0.7)  31.958 ms  32.104 ms  29.632 ms
 3  g0-1-0-tcl2-cr1.router.uk.clara.net (195.157.0.17)  29.521 ms  29.183 ms  29.308 ms
 4  ten2-0-0-t40-cr2.router.uk.clara.net (195.157.6.21)  29.891 ms  32.119 ms  30.059 ms
     MPLS Label=96 CoS=6 TTL=1 S=0
 5  ten2-0-0-t40-br3.router.uk.clara.net (195.8.86.142)  29.592 ms  29.414 ms  29.543 ms
 6  * *


When doing a tracert with client using the Netgear gateway, tracert works:

tracert www.textmagic.com

Tracing route to www.textmagic.com [62.212.78.142]
over a maximum of 30 hops:

  1     1 ms   <10 ms   <10 ms  "other public address"
  2     1 ms     1 ms     1 ms  "our modem public address xxx.xxx.xxx.65"
  3    30 ms    30 ms    30 ms  lo5-tcl2-bng1.router.uk.clara.net [80.168.0.7]
  4    44 ms    56 ms    30 ms  g0-1-0-tcl2-cr1.router.uk.clara.net [195.157.0.17]
  5    30 ms    30 ms    46 ms  ten2-0-0-t40-cr2.router.uk.clara.net [195.157.6.21]
  6    30 ms    30 ms    30 ms  ten2-0-0-t40-br3.router.uk.clara.net [195.8.86.142]
  7    42 ms    40 ms    41 ms  ten4-0.lon.leaseweb.net [195.66.225.56]
  8    37 ms    37 ms    37 ms  po100.sr1.evo.leaseweb.net [85.17.100.226]
  9    38 ms    41 ms    38 ms  mail.textmagic.com [62.212.78.142]

Trace complete.



I have Dansguardian working on the SME ...
When trying to access those 2 websites with client computer using SME as a gateway, nothng appears in the access.log file ... When accessing other "working" website, access.og file shows the connections.

Other info ...
For the SME, nslookup www.textmagic.com DOES work.
Ping does NOT work. via SME but DOES work via Netgear gateway ...

Very strange situation ... No changed have been made over the week-end on the SME server ... Everything worked well last week ...

I don't know this is related, but when trying to run "yum update" on the SME server, I get the following:

[root@sme2 lists]# yum update
Loading "smeserver" plugin
Loading "protect-packages" plugin
Loading "fastestmirror" plugin
Loading "installonlyn" plugin
Setting up Update Process
Setting up repositories
http://vault.centos.org/4.9/os/i386/repodata/repomd.xml: [Errno 12] Timeout: <urlopen error timed out>
Trying other mirror.
Cannot open/read repomd.xml file for repository: base
failure: repodata/repomd.xml from base: [Errno 256] No more mirrors to try.
Error: failure: repodata/repomd.xml from base: [Errno 256] No more mirrors to try.


I also get a email every night:

Cron <root@sme2> sleep $[ $RANDOM % 3600 ]; /sbin/e-smith/check4updates -m

Cannot open/read repomd.xml file for repository: base
failure: repodata/repomd.xml from base: [Errno 256] No more mirrors to try.
Error: failure: repodata/repomd.xml from base: [Errno 256] No more mirrors to try.


I should also mention a problem sending message from the SME server since yesterday. I had about 400 messages stuck in the queue ...
To bypass the issue, I had to use my IPS SMTP service ...
This might also be related.
the qmail log was showing a lot of lines like this:
delivery 519270: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/

Any suggestions would be appreciated.
Thanks
« Last Edit: February 28, 2013, 09:41:07 AM by Gaetan »

Offline TerryF

  • grumpy old man
  • *
  • 1,833
  • +6/-0
Re: unable to access some specific websites since yesterday
« Reply #1 on: February 26, 2013, 03:12:23 PM »
--
qui scribit bis legit

Offline Gaetan

  • ***
  • 104
  • +0/-0
Re: unable to access some specific websites since yesterday
« Reply #2 on: February 27, 2013, 10:23:20 AM »
Hi,
I have done a test last night and changed the current public IP address to a different one available ... and the problem was gone.
Unfortunately, I have to use the original IP address in order to get mail delivery from my IPS.
Something seems to be faulty with this public IP address.
I have contacted my IPS who is investigating the issue.
Does someone seen this before ?!
Thanks

Offline Stefano

  • *
  • 10,852
  • +2/-0
Re: unable to access some specific websites since yesterday
« Reply #3 on: February 27, 2013, 10:56:56 AM »
if your issue depends on your EXTERNAL and public IP, there's nothing you can do on SME side..

in any case.. is there any web application (site) running on your server? are you sure there are no client pc infected?

Offline Gaetan

  • ***
  • 104
  • +0/-0
Re: unable to access some specific websites since yesterday
« Reply #4 on: February 27, 2013, 12:29:47 PM »
No, there is no application site on SME.
Regarding virus issue on client computers, no issues there.
My IPS is investigating the issue ...

I have send them traceroute results ...
Google.com an be traced from SME but not other site ... And everyting, tracert stops on a specific router ...

I'll keep this post updated for your info.


Regards.


traceroute to www.google.com (74.125.136.99), 30 hops max, 38 byte packets
 1  * "my modem"  0.514 ms  0.398 ms
 2  lo5-tcl2-bng1.router.uk.clara.net (80.168.0.7)  31.089 ms  29.791 ms *
 3  * * g0-1-0-tcl2-cr1.router.uk.clara.net (195.157.0.17)  32.654 ms
 4  ten2-0-0-t40-cr2.router.uk.clara.net (195.157.6.21)  29.294 ms * *
 5  ten2-0-0-t40-cr1.router.uk.clara.net (195.8.86.161)  32.810 ms *  29.568 ms
     MPLS Label=86 CoS=6 TTL=1 S=0
 6  ten2-0-0-t6-cr2.router.uk.clara.net (195.8.68.118)  30.860 ms  29.760 ms *
 7  ten2-0-0-t6-br1.router.uk.clara.net (195.157.6.202)  29.539 ms *  31.496 ms
 8  google-lon.google.com (195.157.6.74)  39.150 ms  49.098 ms *
 9  * 209.85.240.61 (209.85.240.61)  30.047 ms 209.85.240.63 (209.85.240.63)  32.278 ms
10  209.85.253.92 (209.85.253.92)  30.399 ms  29.540 ms 209.85.253.90 (209.85.253.90)  30.060 ms
     MPLS Label=716456 CoS=6 TTL=1 S=0
11  209.85.240.28 (209.85.240.28)  38.004 ms 209.85.243.33 (209.85.243.33)  35.487 ms  35.995 ms
     MPLS Label=386112 CoS=6 TTL=1 S=0
12  216.239.49.30 (216.239.49.30)  39.409 ms 216.239.49.36 (216.239.49.36)  39.182 ms 216.239.49.30 (216.239.49.30)  40.672 ms
13  * * *
14  ea-in-f99.1e100.net (74.125.136.99)  38.918 ms  38.920 ms  39.644 ms



Other traceroute test on xe.com

[root@sme2 ~]# traceroute xe.com
traceroute: Warning: xe.com has multiple addresses; using 216.220.38.20
traceroute to xe.com (216.220.38.20), 30 hops max, 38 byte packets
 1  "my modem"   0.506 ms  0.386 ms  0.386 ms
 2  lo5-tcl2-bng1.router.uk.clara.net (80.168.0.7)  32.147 ms  29.063 ms  29.369 ms
 3  g0-1-0-tcl2-cr1.router.uk.clara.net (195.157.0.17)  30.266 ms  29.781 ms  29.716 ms
 4  ten2-0-0-t40-cr2.router.uk.clara.net (195.157.6.21)  29.195 ms  29.504 ms  29.345 ms
     MPLS Label=96 CoS=6 TTL=1 S=0
 5  ten2-0-0-t40-br3.router.uk.clara.net (195.8.86.142)  30.053 ms *  30.005 ms
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * *


Another traceroute test on textmagic.com

[root@sme2 ~]# traceroute textmagic.com
traceroute to textmagic.com (62.212.78.142), 30 hops max, 38 byte packets
 1  "my modem"   0.458 ms  0.375 ms  0.368 ms
 2  lo5-tcl2-bng1.router.uk.clara.net (80.168.0.7)  32.918 ms  31.034 ms  29.072 ms
 3  g0-1-0-tcl2-cr1.router.uk.clara.net (195.157.0.17)  29.340 ms  29.142 ms  28.827 ms
 4  ten2-0-0-t40-cr2.router.uk.clara.net (195.157.6.21)  29.809 ms  29.176 ms  29.812 ms
     MPLS Label=96 CoS=6 TTL=1 S=0
 5  ten2-0-0-t40-br3.router.uk.clara.net (195.8.86.142)  29.112 ms  47.339 ms  30.253 ms
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *

Offline Stefano

  • *
  • 10,852
  • +2/-0
Re: unable to access some specific websites since yesterday
« Reply #5 on: February 27, 2013, 12:31:57 PM »
And everyting, tracert stops on a specific router ...

if so, you can only wait for someone to solve the problem..

Offline mmccarn

  • *
  • 2,638
  • +10/-0
Re: unable to access some specific websites since yesterday
« Reply #6 on: February 27, 2013, 01:24:58 PM »
tracepath (which gives you the MTU for each connection in a given route) may give you some useful information.

There are some notes in the wiki about using tracepath - although the specific notes talk about qpsmtpd timeouts, if you encounter a questionable MTU in your host path you may be able to fix it using the same method (config setprop MTU):
http://wiki.contribs.org/Email#qpsmtpd_.22Connection_Timed_Out.22_errors

Offline Gaetan

  • ***
  • 104
  • +0/-0
Re: unable to access some specific websites since yesterday
« Reply #7 on: February 27, 2013, 04:32:34 PM »
Ok,
Everything seems to be back to normal.
My IPS has found that our public IP address was back listed in the Netherlands...
I wish I knew the reason for that !

Thanks for your help.

Offline Gaetan

  • ***
  • 104
  • +0/-0
Re: unable to access some specific websites since yesterday
« Reply #8 on: February 28, 2013, 09:40:11 AM »
Hi,
Here is the explanation given by my IPS:


"I have spoken to our Networks team and the automated process appears to
have failed in removing the IP address from the sinkhole so they have
manually removed the IP address from the sinkhole."

The problem was on a router based in Netherlands.

What is a sinkhole ?
How this can happen ?
Why a single public IP address and not a full range ?

Can someone clarify ?

Thanks