2

Hi guys I have a very strange issue happening on one of my boxes. If someone can advise what I can check please let me know. Thanks.

Here's the layout.
Box 1 & Box 2 <> Firewall <> Internet

Now the interesting thing is with Box 1, I'm able to run the "yum" utility to download and check packages online but with Box 2, I'm getting a time out.

Looking into this further, I have ruled out this to be an issue with the Firewall as I'm able to see the connection request made by both Box 1 & Box 2 through the firewall by yum. I have further ruled this out to be an issue with the OS firewall as they both have the same setting and both have http permissioned.

Running a test from Box 2, I am getting the following. The last command is stucked. The same test on Box 1 results with a response.

[root@uat webalizer]# telnet 8.8.8.8 53
Trying 8.8.8.8...
Connected to google-public-dns-a.google.com (8.8.8.8).
Escape character is '^]'.
Connection closed by foreign host.
[root@uat webalizer]#
[root@uat webalizer]# ping www.yahoo.com
PING ds-any-fp3-real.wa1.b.yahoo.com (98.138.252.30) 56(84) bytes of data.
64 bytes from ir2.fp.vip.ne1.yahoo.com (98.138.252.30): icmp_seq=1 ttl=53 time=100 ms

--- ds-any-fp3-real.wa1.b.yahoo.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 100.251/100.251/100.251/0.000 ms
[root@uat webalizer]#
[root@uat webalizer]# telnet www.yahoo.com 80
Trying 206.190.36.45...
telnet: connect to address 206.190.36.45: Connection timed out
Trying 206.190.36.105...
telnet: connect to address 206.190.36.105: Connection timed out
Trying 98.138.252.30...

Now the thing I'm trying to do is to use yum. But from the following it looks like it's timing out.

[root@uat webalizer]# yum info bzip2-libs
http://vault.centos.org/5.5/addons/x86_64/repodata/repomd.xml: [Errno 12] Timeout: <urlopen error timed out>
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: addons. Please verify its path and try again

If I try to download the xml on Box 2, it fails. Trying to do the same on Box 1 was okay however.

[root@uat webalizer]# wget http://vault.centos.org/5.5/addons/x86_64/repodata/repomd.xml
--2013-12-20 05:54:09--  http://vault.centos.org/5.5/addons/x86_64/repodata/repomd.xml
Resolving vault.centos.org... 216.151.172.58
Connecting to vault.centos.org|216.151.172.58|:80...
user192702
  • 931
  • 5
  • 15
  • 22
  • Have you checked your DNS configuration on Box2? or at least compared it to Box1's? – GeoSword Dec 20 '13 at 15:12
  • 1
    Can you test `telnet 95.211.98.141 80` ? – krisFR Dec 20 '13 at 15:31
  • @GeoSword The question shows that Box2 does resolve the dns names properly; that's not the issue. – Jenny D Dec 20 '13 at 15:42
  • When you look at the firewall, do you also see any responses for the requests? It looks to me as if your Box2 is sending out packets but it isn't receiving the return packets. This could be due to some routing issue in the firewall/router, or it could be that the host firewall isn't keeping state properly. You might try turning off the host firewall just to verify that it's not affecting anything. – Jenny D Dec 20 '13 at 15:45
  • @user2196728 I can't telnet to any host on port 80. In my question I have tried to telnet to both www.yahoo.com and 216.151.172.58. Neither worked. – user192702 Dec 21 '13 at 03:18
  • @JennyD The firewall only shows requests, and what the firewall has done with it. While I can't see the packets coming in, I'm pretty sure it's not an issue with the firewall because both Box 1 & 2 are connected to the firewall in the exact same manner, and both are served under the same policy. – user192702 Dec 21 '13 at 03:19
  • Is the result for `traceroute www.yahoo.com` the same from Box1 & Box2 ? – krisFR Dec 21 '13 at 09:40

1 Answers1

0

Okay sorry turns out the traffic from Box 1 & 2 are going through the firewall via 2 different proxies. The one that have been working have NAT turned on. So despite the traffic from Box 2 was routed by the firewall out to the Internet, it didn't apply NATing. It's all fixed now. Sorry for the confusion.

user192702
  • 931
  • 5
  • 15
  • 22