[ale] traceroute

Jim Kinney jim.kinney at gmail.com
Wed Feb 24 09:31:30 EST 2016 

Ovirt managed kvm. Ssh port is wide open by default. Tested with firewall
off with same results.

I'm convinced the last router upstream is wonky.
On Feb 24, 2016 9:26 AM, "Jeff Jansen" <bamakojeff at gmail.com> wrote:

> Could it be a firewall issue?  What software are you using on the hosts to
> run the VMs?
>
> Jeff
>
> On Tue, Feb 23, 2016 at 5:50 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
>
>>
>> Within the racks, yes. Same subnet. Outside the racks, no.
>>
>>
>> On Tue, 2016-02-23 at 17:45 -0500, DJ-Pfulio wrote:
>>
>> Same subnet?
>>
>> On 02/23/16 16:21, Jim Kinney wrote:
>>
>>
>> Yes. By default. But that won't impact ping or DNS lookup (it also runs
>> bind - it's a FreeIPA machine), or port 80,443. And machines inside the
>> last router hop can connect with no problems.
>>
>> I'm tempted to pull the power on the rack top switch and force it to
>> reinit. That's the last line of "not my gear" before my gear.
>>
>> On Tue, 2016-02-23 at 15:50 -0500, DJ-Pfulio wrote:
>>
>>
>> Is ssh host validation set to strict?
>>
>> On 02/23/16 15:33, Jim Kinney wrote:
>>
>>
>> correct me if I'm wrong, please. A VM on a host is networked and can
>> ping outside the LAN, be connected to over ssh from inside the LAN
>> (firewall blocks outside to inside connection) and can connect to
>> another VM on the same host. Other physical machines in the same rack
>> can connect to the second VM as well as the first by any method
>> allowed by the second VM. HOWEVER, from my office, I can't connect to
>> the second VM but I can connect to the first VM. Both are on the same
>> physical host. I can connect to all the other physical and VM in the
>> racks from each other and from my office. There are 3 VM exceptions
>> and all three are either new with new static IPs or recycling an old
>> static IP (with a guarantee the orginal host with the old IP is dead
>> and gone - deleted the VM of a second physical host. All connections
>> that succeed do so by both IP and name. All connections that fail do
>> so by both IP and name. All names resolve correctly. All unreachable
>> VMs can connect to systems outside the LAN by name and by IP. The
>> public facing IP they have is valid. The netmask is correct as is the
>> gateway. The traceroute from my office to a working VM completes in 4
>> hops with the 4th being the VM itself. But to the non-working VMs it
>> fails after 3. The failure point then must be the last router in the
>> traceroute, i.e. the one that shows up last followed by 27 rows of
>> *'s. I get exactly the same behavior tracing from a machine elsewhere
>> in the LAN. The new VM that can't be connected to is the new user
>> authentication machine. Kind of important. -- James P. Kinney III
>> Every time you stop a school, you will have to build a jail. What you
>> gain at one end you lose at the other. It's like feeding a dog on his
>> own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twainhttp://heretothereideas.blogspot.com/
>> _______________________________________________ Ale mailing listAle at ale.org <mailto:Ale at ale.org <Ale at ale.org>>http://mail.ale.org/mailman/listinfo/ale See JOBS, ANNOUNCE and
>> SCHOOLS lists at http://mail.ale.org/mailman/listinfo
>>
>>
>>
>>
>>
>> --
>> James P. Kinney III
>>
>> Every time you stop a school, you will have to build a jail. What you
>> gain at one end you lose at the other. It's like feeding a dog on his
>> own tail. It won't fatten the dog.
>> - Speech 11/23/1900 Mark Twain
>> http://heretothereideas.blogspot.com/
>>
>>
>>
>> _______________________________________________
>> Ale mailing listAle at ale.orghttp://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists athttp://mail.ale.org/mailman/listinfo
>>
>>
>>
>> --
>> James P. Kinney III
>>
>> Every time you stop a school, you will have to build a jail. What you
>> gain at one end you lose at the other. It's like feeding a dog on his
>> own tail. It won't fatten the dog.
>> - Speech 11/23/1900 Mark Twain
>> http://heretothereideas.blogspot.com/
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20160224/c35e7e1c/attachment.html>

More information about the Ale mailing list