[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] traceroute

Subject: [ale] traceroute
From: jim.kinney at gmail.com (Jim Kinney)
Date: Wed, 24 Feb 2016 09:31:30 -0500
In-reply-to: <CAD8yLSOsNSLEmZuSFPcOH5fk5KksY=d4yqpxLD-bsJWOBGAB+Q@mail.gmail.com>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <CAD8yLSOsNSLEmZuSFPcOH5fk5KksY=d4yqpxLD-bsJWOBGAB+Q@mail.gmail.com>

Ovirt managed kvm. Ssh port is wide open by default. Tested with firewall
off with same results.

I'm convinced the last router upstream is wonky.
On Feb 24, 2016 9:26 AM, "Jeff Jansen" <bamakojeff at gmail.com> wrote:

> Could it be a firewall issue?  What software are you using on the hosts to
> run the VMs?
>
> Jeff
>
> On Tue, Feb 23, 2016 at 5:50 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
>
>>
>> Within the racks, yes. Same subnet. Outside the racks, no.
>>
>>
>> On Tue, 2016-02-23 at 17:45 -0500, DJ-Pfulio wrote:
>>
>> Same subnet?
>>
>> On 02/23/16 16:21, Jim Kinney wrote:
>>
>>
>> Yes. By default. But that won't impact ping or DNS lookup (it also runs
>> bind - it's a FreeIPA machine), or port 80,443. And machines inside the
>> last router hop can connect with no problems.
>>
>> I'm tempted to pull the power on the rack top switch and force it to
>> reinit. That's the last line of "not my gear" before my gear.
>>
>> On Tue, 2016-02-23 at 15:50 -0500, DJ-Pfulio wrote:
>>
>>
>> Is ssh host validation set to strict?
>>
>> On 02/23/16 15:33, Jim Kinney wrote:
>>
>>
>> correct me if I'm wrong, please. A VM on a host is networked and can
>> ping outside the LAN, be connected to over ssh from inside the LAN
>> (firewall blocks outside to inside connection) and can connect to
>> another VM on the same host. Other physical machines in the same rack
>> can connect to the second VM as well as the first by any method
>> allowed by the second VM. HOWEVER, from my office, I can't connect to
>> the second VM but I can connect to the first VM. Both are on the same
>> physical host. I can connect to all the other physical and VM in the
>> racks from each other and from my office. There are 3 VM exceptions
>> and all three are either new with new static IPs or recycling an old
>> static IP (with a guarantee the orginal host with the old IP is dead
>> and gone - deleted the VM of a second physical host. All connections
>> that succeed do so by both IP and name. All connections that fail do
>> so by both IP and name. All names resolve correctly. All unreachable
>> VMs can connect to systems outside the LAN by name and by IP. The
>> public facing IP they have is valid. The netmask is correct as is the
>> gateway. The traceroute from my office to a working VM completes in 4
>> hops with the 4th being the VM itself. But to the non-working VMs it
>> fails after 3. The failure point then must be the last router in the
>> traceroute, i.e. the one that shows up last followed by 27 rows of
>> *'s. I get exactly the same behavior tracing from a machine elsewhere
>> in the LAN. The new VM that can't be connected to is the new user
>> authentication machine. Kind of important. -- James P. Kinney III
>> Every time you stop a school, you will have to build a jail. What you
>> gain at one end you lose at the other. It's like feeding a dog on his
>> own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twainhttp://heretothereideas.blogspot.com/
>> _______________________________________________ Ale mailing listAle at ale.org <mailto:Ale at ale.org <Ale at ale.org>>http://mail.ale.org/mailman/listinfo/ale See JOBS, ANNOUNCE and
>> SCHOOLS lists at http://mail.ale.org/mailman/listinfo
>>
>>
>>
>>
>>
>> --
>> James P. Kinney III
>>
>> Every time you stop a school, you will have to build a jail. What you
>> gain at one end you lose at the other. It's like feeding a dog on his
>> own tail. It won't fatten the dog.
>> - Speech 11/23/1900 Mark Twain
>> http://heretothereideas.blogspot.com/
>>
>>
>>
>> _______________________________________________
>> Ale mailing listAle at ale.orghttp://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists athttp://mail.ale.org/mailman/listinfo
>>
>>
>>
>> --
>> James P. Kinney III
>>
>> Every time you stop a school, you will have to build a jail. What you
>> gain at one end you lose at the other. It's like feeding a dog on his
>> own tail. It won't fatten the dog.
>> - Speech 11/23/1900 Mark Twain
>> http://heretothereideas.blogspot.com/
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20160224/c35e7e1c/attachment.html>

Follow-Ups:
- [ale] traceroute
  - From: ale_nospam at fayettedigital.com (Jim Lynch)

References:
- [ale] traceroute
  - From: jim.kinney at gmail.com (Jim Kinney)
- [ale] traceroute
  - From: DJPfulio at jdpfu.com (DJ-Pfulio)
- [ale] traceroute
  - From: jim.kinney at gmail.com (Jim Kinney)
- [ale] traceroute
  - From: DJPfulio at jdpfu.com (DJ-Pfulio)
- [ale] traceroute
  - From: jim.kinney at gmail.com (Jim Kinney)
- [ale] traceroute
  - From: bamakojeff at gmail.com (Jeff Jansen)

Prev by Date: [ale] traceroute
Next by Date: [ale] traceroute
Previous by thread: [ale] traceroute
Next by thread: [ale] traceroute
Index(es):
- Date
- Thread