[Discuss] web server can't see out but others can see in
Eric Chadbourne
eric at aaca-boston.org
Thu Sep 27 14:28:46 EDT 2012
Sorry for the top post but it just seems easier at the moment. I will
resolve this issue today come hell or high water. Thanks for the
excellent advice all. That's why I love BLU.
- Eric
"damn dns!"
On Thu, Sep 27, 2012 at 2:17 PM, Edward Ned Harvey (blu)
<blu at nedharvey.com> wrote:
>> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
>> bounces+blu=nedharvey.com at blu.org] On Behalf Of Eric Chadbourne
>>
>> eric at webserver1:~$ ping google.com
>> ping: unknown host google.com
>
> That's a pretty conclusive dns failure...
>
>
>> eric at webserver1:~$ ping 173.194.43.38
>> PING 173.194.43.38 (173.194.43.38) 56(84) bytes of data.
>> < hangs forever here >
>
> I don't know what that IP address is, but it should be pingable. The failure to reply certainly indicates an ICMP failure as well as DNS failure...
>
>
>> eric at webserver1:~$ ping 10.0.0.15
>
> Oh dear. You should never use the 0 or 255 networks either. While this is ok sometimes, the problem is: Some devices just assume a netmask derived from the zero's, or just assume a broadcast because of the 255. I had this situation (granted, 10 years ago) where my boss gave me a router, told me to configure the following networks (insert network diagram here). It was a cisco router, and the syntax for creating the routes did not allow me to explicitly specify the netmask - The 10.0.0.0 was implied to be 10.0.0.0/8, while 10.1.1.0 was implied to be 10.1.1.0/24. Hopefully this sort of thing is becoming antiquated and phased out in the modern day.
>
>
>> eric at webserver1:/etc$ sudo tail -100 resolv.conf
>> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
>> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE
>> OVERWRITTEN
>> nameserver 4.4.8.8
>> nameserver 8.8.8.8
>
> Google's nameservers are 8.8.8.8 and 8.8.4.4
> That's a type-o.
>
> Still, I think it's safe to conclude that your firewall is blocking both outbound ICMP and DNS.
>
More information about the Discuss
mailing list