No External Connectivity - All of a sudden?

SUSE Linux Enterprise Server SLES Networking
1

I’m having an issue with my suse box, it just came up out of nowhere, we had a system log exceed 10mb, and thus exceeded the limitations of Postfix. We later learned that the backup directory we were using for logging ,was full and this turned out to be the main problem. However I increased the file size limit for Postfix, I cleaned up the backup drive, and I gave the server a fresh reboot (mainly because the backup drive, even when files were removed, wasn’t showing any additional free space however a reboot fixed this)
Moving on. So I rebooted the machine, and still couldn’t get logs emailed out. I checked a bunch of settings, did a bunch of tests, checked the logs. The logs all reports “no connection”, when trying to hit the SMTP server on port 25.

I brought up another server with similar settings, running another postfix server for different purposes verified all my settings were correct etc. It took me a day (IDKY) to finally just “ping www.google.com” before I realized it wasn’t an issue going out specifically on port 25, but going out AT ALL.
I verified my router settings, I verified the SuSEFirewall was turned off. And this is where I’m at. I cannot figure out why for the life of me NO COMMUNICATION is being permitted outbound.

SUSE 9.1 Syslog-ng server

ifconfig
eth0 Link encap:Ethernet HWaddr[my mac]
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500
Metric:1
RX packets:0 errors:0 dropped 0 overruns:0 frame:0 collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:11 Base address=:0x8000

route -n:
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

I can ping any NONE virtual machine on the network, however it seems anything within my XEN environment is unpingable by this server only, I also cannot ping anything outside of my network. I haven’t figured out why yet, that I can’t ping any of the virtual boxes either, as everything here is on the same subnet/vlan.

I can SSH to this server.

I can ping the Gateway from this server

I can ping the DNS Server from this server

When I ping www.google.com (it reports back an IP Address), and just sits there forever doing anything.

nlookup on google.com returns good information

dig on google.com returns good information

I’ve tried telnet-ing to port25.org:25, I’ve tried telnet-ing to 100 different ports to portquiz.com, I can telnet to whatever port my heart desires on any of the windows servers or machines, and the other linux machines, but I cannot from the Syslog.

It all reports to something STOPPING external outbound traffic. But it’s not the firewall, it’s not the routers, and I’m completely and UTTERLY stumped.

Please note that prior to Monday last week, this server operated fine, no issues, no connection issues, nothing. Not until that damn hard drive filled up and I rebooted the machine
am I now having this connection issue all of a sudden.

Any suggestions/help is MUCH appreciated!

2

Hi sysor81,

simply said, some process still held the deleted file(s) open, thus your delete action removed the entry in the director structure, but the actual file only got removed once the last link to it (in this case, from the running process) got closed/removed.

I’m sorry to say that your description is not making the situation fully clear to me: “NO COMMUNICATION is being permitted outbound” vs. “I can ping the Gateway from this server […and other outgoing communications…]”. I’ll try to sum things up:

  • you have a Xen DomU (VM) running SLES9SP1 (that’d be almost “ancient” - you should really update that machine) - I’ll call this “the syslog server”
  • you have several other VMs running on the same Xen server (XenServer or SLES with Xen or whatever)
  • the syslog server has an only (virtual) interface eth0, IP 192.168.0.100, default route points to 192.168.0.1
  • “ifconfig eth0” shows absolutely no traffic (“RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)”), yet on the other hand you say “I can ping the Gateway from this server” and “I can SSH to this server”
  • all your machines are on the 192.168.0.0/24 subnet
  • from the syslog server, you can ping the default gateway but none of the other VMs (can you ping other non-virtual systems in the network?)

(Since all this happened after a reboot, maybe your syslog server’s network configuration was changed manually and not persisted prior to the reboot.)

I’m really puzzled that despite all that network activity that you say is working, the interface shows absolutely no traffic - most probably because I misunderstood your description :[

Regards,
Jens

3

Ok i’m sorry, after a refreshing night of sleep I was able to figure out the issue.

The issue was the hardware mac address changed, and everything is filter here by mac address, so while the server was permitted internal access, it was not permitted outbound access to the internet. Not sure how they have that configured, but it has been confirmed. I think I just needed to type it out, sleep, and then review it the next day :slight_smile:

Thanks for the input.

4

Hi sysor81,

great you got it resolved - and thank you for reporting back!

Regards,
Jens