Re: queer dns access problem


Earlier you said you could ssh out of the broken box. Can you ssh to the
same segment or to a remote network? Can you log in to the box twice and
start a packet capture while you attempt a dns lookup? This might show us
if it is related to firewalling or routing.


If by the same segment, you mean within the same 10.1.5.x domain, I can
ssh if I use the IP number to the same segment (there are errors, but it
ultimately succeeds), but I cannot ssh out of the segment, with or without
IP number. Also, I can ssh into the broken box from within the segment.



Ian

----- "Bill Tangren" <bjt@xxxxxxxxxxxxx> wrote:
On Dec 13, 2007 8:02 AM, Bill Tangren <bjt@xxxxxxxxxxxxx> wrote:


OK. Is the /8 netmask a cut and paste error too?

No, it is correct.


Your trouble could be a routing issue: 10.1.5.58/8 and
10.1.1.46/8 are
on the same subnet as far as the network layer is concerned so
there
is
no reason to go to the default route. Thats why I asked for a
traceroute too -- or mtr if you have it installed and it will
work.

# mtr -rnc 10 DNS.SERVER.IP.ADDRESS

What netmask is the firewall using for the interface?


When the network guy comes in this afternoon, I'll ask. This still
doesn't
explain why it works for one machine, but not the other, when both
are
set
the same.

I am assuming you've done the usual stuff

double checked /etc/resolv.conf

checked /etc/nsswitch.conf


Did these two.


Pinged the default gateway.


Ping is shut off on the gateway. I'll ask the firewall guy to turn it
on
long enough to test this.

Checked the network cabling back to the switch.

Yes, other computers work just fine with this cabling.


Checked the patch cable.


Patch cable? What is that?

ifconfig to make sure the interface is actually up.


yep.

ethtool to check that speed and duplex are as expected.


Didn't think to do this. Will try it on Monday.

Can't think of anything else offhand.


Thanks for the help.

--
Stephen Carville





--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages

  • Re: queer dns access problem
    ... The following is why I don't think its a firewall issue. ... If by the same segment, you mean within the same 10.1.5.x domain, ... ssh if I use the IP number to the same segment (there are errors, ... Ping is shut off on the gateway. ...
    (RedHat)
  • Re: queer dns access problem
    ... If by the same segment, you mean within the same 10.1.5.x domain, I ... ssh if I use the IP number to the same segment (there are errors, ... What netmask is the firewall using for the interface? ... Ping is shut off on the gateway. ...
    (RedHat)
  • Re: [fw-wiz] segmentation of DMZs
    ... Every system is on a seperate segment ... Address space nightmare (can be solved with a bridging firewall) ... High operational / debugging complexity ... complex routing, virtual firewalls, bridging, and 802.1q. ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Maximum number of subnets on a firewall
    ... about the security policy for each segment and how it relates to each ... Company A doesn't talk to Company B, the DMZs don't have any traffic ... The management network, depending on how much stuff its connected to, ... traverse the firewall to get where it's going. ...
    (Firewall-Wizards)
  • Re: How expand domain subnet?
    ... But if my LAN was going to contain less than 200 Ethernet nodes, ... subnet would reduce the number of possible clients to 62. ... Add a new segment. ... and VPN clients (managed by PIX firewall). ...
    (microsoft.public.windows.server.networking)