[opensuse] No incoming traffic, but tcpdump shows it is coming in
Hello everyone Recently it happened to me a few times: switched my motherboard (I do that about once in two weeks) and suddenly I cannot access anything on network (LAN nor Intnet). Firewall is turned off, iptables shows that everything is ACCEPTed, ethtool shows link OK etc. The strangest thing is that when I run tcpdump in one window, and ping (or anything else) in another, tcpdump shows that traffic is going out (ARP request) and that ARP reply is coming back in, but the rest of the system seems to just ignore it. Same thing happened with defaul and XEN kernels, both current openSUSE 11.2 standard 2.6.31.12 and bleeding edge 2.6.34-rc3 from KOTD. First I thought the problem was with Atheros ethernet integrated on MSI 770-G45, but the problem suddenly went away after three days. All that time Windows 7 worked just fine. Of course, I have tried all of the usual tricks: reboot, power off, unplug the cord for 1 minute and for 10 hours etc. Second time it happened with MSI 790FX-GD70, with two Realtek 816x Gigabit ethernets. I couldn't get it to work whole afternoon and evening and finally gave up for this week. Did anybody see such a strange behavior? Best regards, Siniša Bandin -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010.04.15 19:18, Siniša Bandin wrote:
Hello everyone
Recently it happened to me a few times: switched my motherboard (I do that about once in two weeks) and suddenly I cannot access anything on network
I almost hate to ask, but is this some modern form of cyber sm?!?
(LAN nor Intnet).
Firewall is turned off, iptables shows that everything is ACCEPTed, ethtool shows link OK etc.
The strangest thing is that when I run tcpdump in one window, and ping (or anything else) in another, tcpdump shows that traffic is going out (ARP request) and that ARP reply is coming back in, but the rest of the system seems to just ignore it. Same thing happened with defaul and XEN kernels, both current openSUSE 11.2 standard 2.6.31.12 and bleeding edge 2.6.34-rc3 from KOTD.
Perhaps it is the switch you are connected to and not the box? Something is clearly dropping packages, and I guess it is the Switch. Try to reset it, so it relearns which MACs are behind which switch port. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) drobic (.) de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 15 Apr 2010 22:20:46 +0200, Sandy Drobic
On 2010.04.15 19:18, Siniša Bandin wrote:
Hello everyone
Recently it happened to me a few times: switched my motherboard (I do that about once in two weeks) and suddenly I cannot access anything on network
I almost hate to ask, but is this some modern form of cyber sm?!?
Not sure I understand what do you mean by that? I switch motherboards (and almost everything else in my PC) often, because I need to test new models before I can sell them to anybody.
(LAN nor Intnet).
Firewall is turned off, iptables shows that everything is ACCEPTed, ethtool shows link OK etc.
The strangest thing is that when I run tcpdump in one window, and ping (or anything else) in another, tcpdump shows that traffic is going out (ARP request) and that ARP reply is coming back in, but the rest of the
system
seems to just ignore it. Same thing happened with defaul and XEN kernels, both current openSUSE 11.2 standard 2.6.31.12 and bleeding edge 2.6.34-rc3 from KOTD.
Perhaps it is the switch you are connected to and not the box? Something is clearly dropping packages, and I guess it is the Switch. Try to reset it, so it relearns which MACs are behind which switch port.
No, it is not the switch, cables, ADSL router, Internet provider... It happened only in openSUSE, but not in Windows 7 (booted from second disk) nor Knoppix 6.2 (booted from USB flash). It happened twice, with two different motherboards, third is coming tomorrow and I can't wait to see what will happen. I am writing this on first mb, which started working after three days, I have just started the system to try (again) to solve the problem, and the problem was solved, but I don't know how. Second mb is still not working. I make my living from networking and PC computers and Linux, and I have seen many things, but this is the first time I see this. As I wrote, tcpdump shows that packets are coming in, but they seem to get lost somewhere inside TCP/IP stack Siniša -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010.04.16 0:06, Siniša Bandin wrote:
No, it is not the switch, cables, ADSL router, Internet provider... It happened only in openSUSE, but not in Windows 7 (booted from second disk) nor Knoppix 6.2 (booted from USB flash). It happened twice, with two different motherboards, third is coming tomorrow and I can't wait to see what will happen. I am writing this on first mb, which started working after three days, I have just started the system to try (again) to solve the problem, and the problem was solved, but I don't know how. Second mb is still not working.
I make my living from networking and PC computers and Linux, and I have seen many things, but this is the first time I see this.
As I wrote, tcpdump shows that packets are coming in, but they seem to get lost somewhere inside TCP/IP stack
So you are switching the mainboard and boot the system from hdd as usual? In that case I can only assume that some old module is loaded instead of the correct module for the network chip. Have you tried to unload the network module, then load the correct module? Does Opensuse recognise the matching module for the network chipset? -- Sandy List replies only please! Please address PMs to: news-reply2 (@) drobic (.) de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 04/16/10 02:39, Sandy Drobic wrote:
On 2010.04.16 0:06, Siniša Bandin wrote:
No, it is not the switch, cables, ADSL router, Internet provider... It happened only in openSUSE, but not in Windows 7 (booted from second disk) nor Knoppix 6.2 (booted from USB flash). It happened twice, with two different motherboards, third is coming tomorrow and I can't wait to see what will happen. I am writing this on first mb, which started working after three days, I have just started the system to try (again) to solve the problem, and the problem was solved, but I don't know how. Second mb is still not working.
I make my living from networking and PC computers and Linux, and I have seen many things, but this is the first time I see this.
As I wrote, tcpdump shows that packets are coming in, but they seem to get lost somewhere inside TCP/IP stack
So you are switching the mainboard and boot the system from hdd as usual?
Yes, and have been doing that for years. All I have to do is "rm /etc/udev/rules.d/70-persistent-net.rules" and on the next boot I get new ethernet as eth0 (which is later configured as part of br0, but have tried also without bridge-ing). In fact, I have configured my system so that it automatically removes that file after booting, so I don't have to do anything when swiching boards.
In that case I can only assume that some old module is loaded instead of the correct module for the network chip.
You would assume wrong. Linux is not Windows, it can detect many things at boot, and does not make any assumptions about present hardware. If hardware is there, modules are loaded, if it isn't, no module is loaded. Minor exception is driver for HDD controler which goes into initrd, but I have made my initrd such that it can boot from "standard" (meaning Nvidia, AMD, Intel) desktop chipsets.
Have you tried to unload the network module, then load the correct module?
Correct module is already loaded... but yes, I have tried unloading/reloading it... even tried similar modules, just in case, of course without any success
Does Opensuse recognise the matching module for the network chipset?
Yes. Siniša -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sinisa wrote:
On 04/16/10 02:39, Sandy Drobic wrote:
So you are switching the mainboard and boot the system from hdd as usual?
Yes, and have been doing that for years. All I have to do is "rm /etc/udev/rules.d/70-persistent-net.rules" and on the next boot I get new ethernet as eth0 (which is later configured as part of br0, but have tried also without bridge-ing).
OK, that would have been my guess, but if you take care of that already...
Correct module is already loaded... but yes, I have tried unloading/reloading it... even tried similar modules, just in case, of course without any success
Is this a card/module combination where you know it had worked before? Especially for wireless I know of some unrealiable ones, that seem to work initially, but stop doing so after a short while. Also, e.g., for some Realtek Chips, a wrong modules seems to work (finding a card etc.), but will not succeed in opening connections.... Apart from that I could only think of a wrong routing setup that is tied to a fixed device that now has a different name... Pit -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 04/16/10 10:16, Peter Suetterlin wrote:
Sinisa wrote:
On 04/16/10 02:39, Sandy Drobic wrote:
So you are switching the mainboard and boot the system from hdd as usual?
Yes, and have been doing that for years. All I have to do is "rm /etc/udev/rules.d/70-persistent-net.rules" and on the next boot I get new ethernet as eth0 (which is later configured as part of br0, but have tried also without bridge-ing).
OK, that would have been my guess, but if you take care of that already...
That was the second thing I did, after making sure no firewall is on.
Correct module is already loaded... but yes, I have tried unloading/reloading it... even tried similar modules, just in case, of course without any success
Is this a card/module combination where you know it had worked before? Especially for wireless I know of some unrealiable ones, that seem to work initially, but stop doing so after a short while.
No wireless, just one 100 mbps dumb 8 port switch and ADSL router. At first I thought the problem was with Atheros ethernet (it was first such card for me), but after 3 days it just started working Second mb has Realtek 8168, and also works with both Knoppix and Windows
Also, e.g., for some Realtek Chips, a wrong modules seems to work (finding a card etc.), but will not succeed in opening connections....
Apart from that I could only think of a wrong routing setup that is tied to a fixed device that now has a different name...
Pit
Routing is simplest that I can imagine, only default gateway, no firewall. Siniša -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sinisa wrote:
Second mb has Realtek 8168, and also works with both Knoppix and Windows
Hmm, that's exactly the one I was talking about. Runs with the r8169 module, but (at least for us) not really reliable. There's a special driver for the 8168 from RealTec, and we needed that one to get it working properly... Pit -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
So you are switching the mainboard and boot the system from hdd as usual?
Yes, and have been doing that for years. All I have to do is "rm /etc/udev/rules.d/70-persistent-net.rules" and on the next boot I get new ethernet as eth0 (which is later configured as part of br0, but have tried also without bridge-ing).
In fact, I have configured my system so that it automatically removes that file after booting, so I don't have to do anything when swiching boards.
I suggest that you test new hardware with a LiveCd instead of an installed distro. Problems like that which you are experiencing sound just about right for what you are doing. Motherboards are complex beasts, there is a lot of model-specific software on an installed Linux distro. Not having had problems before in the past does not mean that the procedure is safe. -- Dotan Cohen http://bido.com http://what-is-what.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Siniša Bandin wrote:
The strangest thing is that when I run tcpdump in one window, and ping (or anything else) in another, tcpdump shows that traffic is going out (ARP request) and that ARP reply is coming back in, but the rest of the system seems to just ignore it.
Do you also see the ICMP packets and does the target machine see them? -- Per Jessen, Zürich (6.7°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 04/16/10 10:08, Per Jessen wrote:
Siniša Bandin wrote:
The strangest thing is that when I run tcpdump in one window, and ping (or anything else) in another, tcpdump shows that traffic is going out (ARP request) and that ARP reply is coming back in, but the rest of the system seems to just ignore it.
Do you also see the ICMP packets and does the target machine see them?
Well, yes, now that I think of it, my machine learns target machine's MAC and then starts sending ICMP packets, and tcpdump shows that replies are coming back, but ping shows nothing. Also, when I try to access problematic machine from other host, I can see packets coming in (in tcpdump) but no reply from services on my system (normaly I have at least ssh, openvpn and named running at all times) Siniša -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sinisa wrote:
On 04/16/10 10:08, Per Jessen wrote:
Siniša Bandin wrote:
The strangest thing is that when I run tcpdump in one window, and ping (or anything else) in another, tcpdump shows that traffic is going out (ARP request) and that ARP reply is coming back in, but the rest of the system seems to just ignore it.
Do you also see the ICMP packets and does the target machine see them?
Well, yes, now that I think of it, my machine learns target machine's MAC and then starts sending ICMP packets, and tcpdump shows that replies are coming back, but ping shows nothing.
That's a very key bit of information. We now know that address resoltuion is working, that ICMP packets are sent AND received. Presumably your ping just show timeouts? It sounds very much like a firewall issue - what does 'iptables --list -n' show?
Also, when I try to access problematic machine from other host, I can see packets coming in (in tcpdump) but no reply from services on my system (normaly I have at least ssh, openvpn and named running at all times)
Firewall. -- Per Jessen, Zürich (8.1°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 04/16/10 11:24, Per Jessen wrote:
Sinisa wrote:
On 04/16/10 10:08, Per Jessen wrote:
Siniša Bandin wrote:
The strangest thing is that when I run tcpdump in one window, and ping (or anything else) in another, tcpdump shows that traffic is going out (ARP request) and that ARP reply is coming back in, but the rest of the system seems to just ignore it.
Do you also see the ICMP packets and does the target machine see them?
Well, yes, now that I think of it, my machine learns target machine's MAC and then starts sending ICMP packets, and tcpdump shows that replies are coming back, but ping shows nothing.
That's a very key bit of information. We now know that address resoltuion is working, that ICMP packets are sent AND received. Presumably your ping just show timeouts? It sounds very much like a firewall issue - what does 'iptables --list -n' show?
Also, when I try to access problematic machine from other host, I can see packets coming in (in tcpdump) but no reply from services on my system (normaly I have at least ssh, openvpn and named running at all times)
Firewall.
Suse firewall is disabled (I never use it anyway), and my custom firewall script is disabled also. # iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination # iptables -L -n -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination You have mail in /var/mail/root # iptables -L -n -t mangle Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination # iptables -L -n -t filter Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sinisa wrote:
On 04/16/10 11:24, Per Jessen wrote:
That's a very key bit of information. We now know that address resoltuion is working, that ICMP packets are sent AND received. Presumably your ping just show timeouts? It sounds very much like a firewall issue - what does 'iptables --list -n' show?
Also, when I try to access problematic machine from other host, I can see packets coming in (in tcpdump) but no reply from services on my system (normaly I have at least ssh, openvpn and named running at all times)
Firewall.
Suse firewall is disabled (I never use it anyway), and my custom firewall script is disabled also.
When you ping another local machine, do you get a timeout or does it just hang? Have you tried "ping -n <host>" ? I can't think of anything but iptables that would be able to prevent an ICMP response coming back or queries going to named or sshd or openvpn. -- Per Jessen, Zürich (11.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
2010/4/15 Siniša Bandin
The strangest thing is that when I run tcpdump in one window, and ping (or anything else) in another, tcpdump shows that traffic is going out (ARP request) and that ARP reply is coming back in, but the rest of the system seems to just ignore it.
Can you send us the output of "ifconfig eth0" and your tcpdump? Are you sure that eth0 has been assigned a correct IP address? (For instance: does DHCP work correctly)? Ingolf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (7)
-
Dotan Cohen
-
Ingolf Steinbach
-
Per Jessen
-
Peter Suetterlin
-
Sandy Drobic
-
Sinisa
-
Siniša Bandin