2

I have a remote machine on which I run Debian and Apache. Recently, a strange problem occured.

It started with me not being able to log in by ssh anymore (I simply get a timeout) and my domain not being reachable over the browser. I think I couldn't ping it as well but I'm not sure about this. As of now, ping works.

Using the control panel of the provider, I am still able to log in. ip link shows that the interface is UP. The strange thing is that while I run ping google.de on the server, the domain suddenly is reachable from the browser. After aborting the ping, the domain stops being reachable again. SSH works in none of the cases.

My first goal is to understand this strange behaviour, my second goal is to get SSH (and my domain) back to work.

cssdev
  • 23
  • 4
  • 3
    That sounds much like a connectivity problem on the side of your provider, ask him if there is something down (e.g. a router or switch), most providers will have status sites aswell. To test the http connection instead of a browser rather use `curl -I https://yourdomain.example.com/` because it won't give you any cached results. – digijay Aug 21 '21 at 06:22
  • @digijay: Thanks for the tip! – cssdev Aug 22 '21 at 12:41

1 Answers1

4

This could be a duplicate ip-address issue. Some other host in the subnet has snatched your ip-address. Ping works because it is stateless, and whatever host gets the ping request, will send the ping reply.

Then, when you ping google from your server, your host will claim the ip-address, and the provider's routers/firewalls will update their arp-table.

If you check the /var/log/syslog file it should report that some other host is using your ip, and you should also be able to see the other host's mac address. If you find this info, you need to contact your provider to rectify the issue.

Sven
  • 51
  • 2
  • Thank you, this is likely the explanation. I'll contact my provider about this the next workday where I can access my server. I guess I don't absolutely need the other host's mac address but I am interested in how I could get it from the syslog. I tried grepping for "mac", "ip", etc but didn't find anything. Could you guide me here? – cssdev Aug 22 '21 at 12:37
  • You can not. The MAC Address is only "relevant" in regards to an Ethernet broadcase segment. It should be in the switch logs or accessible through the switch, but not from your side. – TomTom Aug 22 '21 at 18:23
  • 1
    Sorry, my memory served me wrong.. You may not be able to detect the duplicate ip in /var/log/syslog. However, you may be able to detect the other host if you install arping on your server: http://kb.eclipseinc.com/kb/how-do-i-check-for-duplicate-ip-addresses-in-linux/ – Sven Aug 23 '21 at 13:24
  • Just FYI @Sven (sorry for commenting so late) and others having the same problem: it indeed was a problem with my hosting provider. The employee didn't think it was the issue described here and solved it by moving my VPS to a different physical machine. Which seems like essentially vodoo to me :-) – cssdev Sep 23 '21 at 09:43