Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Lose web/ftp/rsync randomly with a sparc system
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo on Sparc
View previous topic :: View next topic  
Author Message
wan-geek
n00b
n00b


Joined: 03 Apr 2003
Posts: 66
Location: knee-deep in the ether

PostPosted: Thu Mar 10, 2005 11:38 pm    Post subject: Lose web/ftp/rsync randomly with a sparc system Reply with quote

I have run into this on 2 different systems now...and am stumped.

The first box i saw this behavior on was an E450...running gentoo. But now it's started happening on my U60 as well....and it makes no sense.

I have 2 different firewalls at my location. 1 - iptables and 1 - pix 515e. I am CCNP....so know what I am doing....and this is -NOT- a firewall problem. This -only- affects my sun systems and no other computers at this site. I have gentoo, openbsd, win2k, & debian all running great. Only the sun hardware systems exhibit this behavior.

Randomly....while trying to emerge packages on a sparc system....they completely lose their ability to get traffic for http/ftp/rsync....out to the web. I can hit these kinds of resources -fine- if I remain in-network. Any time I try to traverse either firewall (by changing the default route of the system), the traffic egresses the firewall, but never returns.

This -ONLY- happens with my sun boxes. I have ~15 x86 systems...and have never seen this behavior.

reboots do nothing. http/ftp/rsync traffic cannot leave the network still. Changing gateways (and firewall types) has no effect either.

I -CAN- ping and traceroute out though....so I know that traffic from the sun boxes does know how to get out. just none of the protocols that I need to do my updates with. I can get sniffs of the external interfaces of the firewalls....and see the packets destined to the remote end. ICMP returns fine. I can even get DNS to query externally with success. No other protocol comes back however.

Sites I try to hit (unsuccessfully) while this is occurring include www.google.com, distfiles.gentoo.org, www.qualcomm.com, www.gentoo.org....and I can go on and on and on.

Is anyone familiar with the sparc version of linux/gentoo having issues with the protocol stack?

-Chris
Back to top
View user's profile Send private message
wan-geek
n00b
n00b


Joined: 03 Apr 2003
Posts: 66
Location: knee-deep in the ether

PostPosted: Thu Mar 10, 2005 11:53 pm    Post subject: Reply with quote

here's some results...These are all through the iptables firewall.

##########
watchdog ~ # tracepath distfiles.gentoo.org
1?: [LOCALHOST] pmtu 1500
1: kalamari.siliconhotrod.com (192.168.1.1) 2.202ms
2: r-64-105-166-105.sndacagl.covad.net (64.105.166.105) asymm 102 3.586ms
3: r-64-105-166-105.sndacagl.covad.net (64.105.166.105) asymm 102 7.072ms pmtu 1492
4: 192.168.19.113 (192.168.19.113) 34.122ms
5: sndgca1wce2-gige7-0-21.wcg.net (65.77.90.61) 34.159ms
6: anhmca1wcx3-pos3-1.wcg.net (64.200.141.17) 35.746ms
7: sntcca1wcx1-pos13-0-oc192.wcg.net (64.200.240.110) 48.050ms
8: scrmca2wcx1-pos9-0.wcg.net (64.200.240.114) 52.029ms
9: eugnor1wce1-pos3-0.wcg.net (64.200.210.2) 62.171ms
10: eugnor1wce1-univ-of-oregon.wcg.net (64.200.134.198) asymm 11 61.871ms
11: corv-car1-gw.nero.net (207.98.64.6) asymm 12 63.295ms
12: ftp.osuosl.org (140.211.166.134) 67.894ms reached
##########
success!

########## (nslookup via an external name server)
> server 192.35.156.212
Default server: 192.35.156.212
Address: 192.35.156.212#53
> distfiles.gentoo.org
Server: 192.35.156.212
Address: 192.35.156.212#53

Non-authoritative answer:
Name: distfiles.gentoo.org
Address: 140.211.166.134
Name: distfiles.gentoo.org
Address: 156.56.247.195
Name: distfiles.gentoo.org
Address: 216.165.129.135
##########
success!


########## (ping to external site)
watchdog ~ # ping www.google.com
PING www.google.akadns.net (66.102.7.104) 56(84) bytes of data.
64 bytes from 66.102.7.104: icmp_seq=1 ttl=244 time=26.2 ms
64 bytes from 66.102.7.104: icmp_seq=2 ttl=244 time=42.2 ms
64 bytes from 66.102.7.104: icmp_seq=3 ttl=244 time=25.8 ms
64 bytes from 66.102.7.104: icmp_seq=4 ttl=244 time=26.1 ms
64 bytes from 66.102.7.104: icmp_seq=5 ttl=244 time=26.2 ms
##########
success!


but connections on port 80 (www) ...and ftp (20/21) are unsuccessful and all timeout. Any x86 box on the same subnet with the same gateway, routes, and resolv.conf work flawlessly.

-C
Back to top
View user's profile Send private message
wan-geek
n00b
n00b


Joined: 03 Apr 2003
Posts: 66
Location: knee-deep in the ether

PostPosted: Sat May 28, 2005 2:31 am    Post subject: interesting twist Reply with quote

So finally have a chance to test more.

Isolating Layer-1 first, I swap NIC cards, thinking something may be awry with the onboard NIC on the U60. It's now running a 3c59x as eth1. No difference in behavior. :o/

It seems that the Sun hardware/gentoo combo can't handle a PAT connection. (overload NAT)
I setup a static NAT on the PIX, and we're rsyncing great. I remove the static NAT...and the connection goes to shit again.

This is FSCKin' weird...I know. Makes -0- sense to me.

I use the iptables firewall for production traffic, so am not going to mangle the rules and test via a static-nat on iptables, but this is at least -some- progress.

Now to grab packet traces and find out why it works this way.

-Chris
Back to top
View user's profile Send private message
Weeve
Retired Dev
Retired Dev


Joined: 30 Oct 2002
Posts: 641

PostPosted: Sat May 28, 2005 5:11 pm    Post subject: Reply with quote

I'm running NAT here locally for my home connection with a 32 bit SPARC.

What kernel are you running on your Sun hosts and how many rules are in your iptables ruleset?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo on Sparc All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum