Totally stumped - very long post
Paul Schmehl
pauls at utdallas.edu
Mon Nov 20 18:27:26 PST 2006
I have a problem the likes of which I've never seen before, and I'm
totally stumped. For some reason, I cannot load this webpage -
http://www.stovebolt.com/ - from my Mac at home. I'm not having trouble
with any other page except this one (that I know of.) Even weirder, I
can't ssh to this server either. The server is a Dell 1950 running an
Intel processor, FreeBSD 6.1 RELEASE and a GENERIC kernel. - FreeBSD
www.stovebolt.com 6.1-RELEASE-p10 FreeBSD 6.1-RELEASE-p10 #2: Mon Oct 16
15:38:02 CDT 2006 root at www.stovebolt.com:/usr/obj/usr/src/sys/GENERIC
i386
I can load this page just fine - https://webmail.stovebolt.com/ - and I
can ssh to that server with no problem. The IPs are *one* address away -
66.221.101.248 in the former case and 66.221.101.249 in the latter case.
What's more, if I ssh to the latter, I can ssh *from that server* to the
former with no problem at all.
Yet, from work, I'm having no problems loading the webpage or sshing to
the former server. I can start an X session from my work computer back to
this Mac and load the page fine and ssh to the server fine at the *exact*
same time that I can't load the page here. (I'm doing it right now.)
I've done tons of traceroutes from numerous servers listed at
geektools.com. I've sshed to other servers and then telneted to port 80
and loaded the page manually with no problem. I've tried loading the page
in two different browsers at home (Safari and Firefox) and I've tried
loading it using the IP thinking it might be some sort of weird DNS
problem. All attempts to load the page fail.
Here's a traceroute from the server to my workstation at work:
traceroute utd59514.utdallas.edu
traceroute to utd59514.utdallas.edu (129.110.3.28), 64 hops max, 40 byte
packets
1 vl25-core1.cdc01.propgation.net (66.221.96.1) 1.019 ms 45.813 ms
2.510 ms
2 dls-bb1-link.telia.net (213.248.76.17) 31.179 ms 30.894 ms 31.027 ms
3 ge-6-14.car4.Dallas1.Level3.net (4.68.111.233) 2.800 ms 2.186 ms
1.743 ms
4 ae-12-53.car2.Dallas1.Level3.net (4.68.122.78) 2.066 ms
ae-22-52.car2.Dallas1.Level3.net (4.68.122.46) 2.139 ms
ae-22-56.car2.Dallas1.Level3.net (4.68.122.174) 2.308 ms
5 te-4-4.wch010.dllstx2.Level3.net (4.68.110.10) 2.945 ms
te-7-4.wch010.dllstx2.Level3.net (4.68.110.14) 2.689 ms
te-4-4.wch010.dllstx2.Level3.net (4.68.110.10) 2.215 ms
6 dllstx2wcx2-univ-of-texas-5-0-0.wcg.net (64.200.204.38) 2.948 ms
3.040 ms 2.644 ms
7 utd-ntg-gw1.northtexasgigapop.org (206.223.141.74) 2.879 ms 2.763 ms
2.870 ms
8 deputy2-ge-2-0-0.utdallas.edu (129.110.5.71) 3.058 ms 3.040 ms
2.933 ms
And here's a traceroute from getnet to the server:
FROM getnet.net TO 66.221.101.248.
traceroute to 66.221.101.248 (66.221.101.248), 30 hops max, 40 byte packets
1 phnx-core-7513.getnet.net (216.19.223.1) 0.589 ms 0.448 ms 0.595
ms
2 phnx-core-7513.getnet.net (216.19.201.247) 0.662 ms 0.483 ms
0.595 ms
3 phnx-core2-7513.getnet.net (216.19.201.248) 74.589 ms 73.800 ms
73.578 ms
4 s1-0.ca01.phx01.atlas.cogentco.com (38.112.7.25) 1.353 ms 1.316 ms
1.485 ms
5 s2-0.core02.lax01.atlas.cogentco.com (154.54.2.5) 12.704 ms 12.419
ms 13.535 ms
6 p12-0.core01.lax01.atlas.cogentco.com (66.28.4.241) 13.777 ms
13.538 ms 12.872 ms
7 t9-3.mpd01.lax01.atlas.cogentco.com (154.54.1.34) 13.677 ms 13.171
ms 13.496 ms
8 t3-2.mpd01.lax05.atlas.cogentco.com (154.54.6.190) 12.807 ms 12.628
ms 13.909 ms
9 g0-0-0.core01.lax05.atlas.cogentco.com (154.54.6.185) 15.261 ms
15.100 ms 15.394 ms
10 bpr4-ge-6-1-0.losangelesequinix.savvis.net (208.174.196.105) 16.789
ms 19.255 ms 21.610 ms
11 dcr2-so-4-2-0.losangeles.savvis.net (208.174.196.70) 22.094 ms
27.473 ms 20.118 ms
12 dcr1-so-2-0-0.dallas.savvis.net (204.70.192.85) 43.248 ms
dcr1-as0-0.LosAngeles.savvis.net (204.70.192.117) 18.751 ms 18.014 ms
13 dcr2-so-3-3-0.dallas.savvis.net (204.70.192.246) 41.089 ms 40.079
ms bcr1-so-0-0-0.Dallas.savvis.net (204.70.193.9) 39.066 ms
14 208.172.130.130 (208.172.130.130) 39.433 ms
bcr1-so-1-0-0.Dallas.savvis.net (204.70.193.17) 39.721 ms 40.575 ms
15 gi1-1-core1.cdc01.propgation.net (64.182.192.5) 65.455 ms 64.214 ms
53.565 ms
16 www.stovebolt.com (66.221.101.248) 41.602 ms
5-192-182-64.cust.propagation.net (64.182.192.5) 60.961 ms 61.391 ms
Now here's a traceroute from the server to my Mac at home (actually to the
IP of the dsl router:
traceroute 66.140.63.124
traceroute to 66.140.63.124 (66.140.63.124), 64 hops max, 40 byte packets
1 * * *
traceroute: sendto: Host is down
2 traceroute: wrote 66.140.63.124 40 chars, ret=-1
*traceroute: sendto: Host is down
traceroute: wrote 66.140.63.124 40 chars, ret=-1
(Trust me, the host isn't down. I'm doing this on it right now.)
Here's a traceroute from socket.com to my Mac:
traceroute to adsl-66-140-63-124.dsl.rcsntx.swbell.net (66.140.63.124), 30
hops max, 40 byte packets
1 fw1.como.socket.net (216.106.88.148) 0.647 ms 0.809 ms 0.503 ms
2 rtr1.como.socket.net (216.106.2.1) 1.113 ms 1.141 ms 1.072 ms
3 hdlc.kcmo-como.socket.net (216.106.23.70) 5.751 ms 4.144 ms 3.561 ms
4 atm1-gw2.kcmo.socket.net (216.106.6.94) 4.433 ms 4.783 ms 4.377 ms
5 67.17.194.229 (67.17.194.229) 4.393 ms 4.715 ms 4.427 ms
6 *
And here's one from mit to my Mac:
1 W92-RTR-1-W92SRV21.MIT.EDU (18.7.21.1) 0.521 ms 0.342 ms 0.470 ms
2 EXTERNAL-RTR-2-BACKBONE.MIT.EDU (18.168.0.27) 123.856 ms 1.084 ms
14.171 ms
3 EXTERNAL-RTR-1-BACKBONE.MIT.EDU (18.168.0.18) 2.092 ms 1.869 ms
1.633 ms
4 ge-6-23.car2.Boston1.Level3.net (4.79.2.1) 2.089 ms 1.069 ms 1.491
ms
5 * * ae-5-5.ebr1.NewYork1.Level3.net (4.69.132.250) 8.040 ms
6 ae-3.ebr1.Washington1.Level3.net (4.69.132.89) 21.894 ms * *
7 ae-14-51.car4.Washington1.Level3.net (4.68.121.17) 11.715 ms
ae-14-53.car4.Washington1.Level3.net (4.68.121.81) 55.824 ms
ae-14-55.car4.Washington1.Level3.net (4.68.121.145) 11.797 ms
8 asn3356-level3.eqabva.sbcglobal.net (4.68.111.186) 33.169 ms 11.193
ms 11.448 ms
9 bb1-p2-1.rcsntx.sbcglobal.net (151.164.42.179) 198.474 ms 90.350 ms
260.199 ms
10 dist1.10g1-2.rcsntx.sbcglobal.net (151.164.243.182) 56.167 ms 58.665
ms 58.920 ms
11 bras1-ga9-0.rcsntx.sbcglobal.net (151.164.162.87) 60.344 ms 59.367
ms 58.268 ms
12 * * *
13 * * *
Top on this server looks fine: last pid: 80367; load averages: 0.15,
0.12, 0.11 up
35+04:14:31 19:28:31
78 processes: 1 running, 77 sleeping
CPU states: 0.0% user, 0.0% nice, 0.8% system, 0.4% interrupt, 98.9%
idle
Mem: 89M Active, 1445M Inact, 216M Wired, 87M Cache, 112M Buf, 165M Free
Swap: 1120K Total, 1120K Free
There's plenty of child processes running: root 53132 0.0 0.4 15304
9264 ?? Ss Sun06PM 0:02.40 /usr/local/sbin/httpd -DSSL
www 53133 0.0 0.5 15668 9648 ?? S Sun06PM 0:04.15
/usr/local/sbin/httpd -DSSL
www 53134 0.0 0.5 15536 9548 ?? S Sun06PM 0:04.03
/usr/local/sbin/httpd -DSSL
www 53135 0.0 0.5 15660 9644 ?? S Sun06PM 0:04.08
/usr/local/sbin/httpd -DSSL
www 53136 0.0 0.5 15636 9604 ?? S Sun06PM 0:04.00
/usr/local/sbin/httpd -DSSL
www 53137 0.0 0.5 15572 9572 ?? S Sun06PM 0:04.01
/usr/local/sbin/httpd -DSSL
www 53138 0.0 0.5 15540 9540 ?? S Sun06PM 0:04.02
/usr/local/sbin/httpd -DSSL
www 53139 0.0 0.5 15628 9612 ?? S Sun06PM 0:03.99
/usr/local/sbin/httpd -DSSL
www 53140 0.0 0.5 15560 9568 ?? S Sun06PM 0:04.11
/usr/local/sbin/httpd -DSSL
www 53141 0.0 0.5 15548 9548 ?? S Sun06PM 0:03.96
/usr/local/sbin/httpd -DSSL
www 53142 0.0 0.5 15536 9552 ?? S Sun06PM 0:04.03
/usr/local/sbin/httpd -DSSL
www 53143 0.0 0.5 15536 9552 ?? S Sun06PM 0:04.02
/usr/local/sbin/httpd -DSSL
www 53144 0.0 0.5 15628 9600 ?? S Sun06PM 0:04.01
/usr/local/sbin/httpd -DSSL
www 53145 0.0 0.5 15552 9596 ?? S Sun06PM 0:03.97
/usr/local/sbin/httpd -DSSL
www 53146 0.0 0.5 15648 9644 ?? S Sun06PM 0:04.10
/usr/local/sbin/httpd -DSSL
www 53147 0.0 0.5 15692 9664 ?? S Sun06PM 0:04.03
/usr/local/sbin/httpd -DSSL
www 53157 0.0 0.5 15528 9536 ?? I Sun06PM 0:04.06
/usr/local/sbin/httpd -DSSL
www 53162 0.0 0.5 15588 9608 ?? S Sun06PM 0:04.13
/usr/local/sbin/httpd -DSSL
www 53163 0.0 0.5 15640 9600 ?? S Sun06PM 0:04.03
/usr/local/sbin/httpd -DSSL
www 53164 0.0 0.5 15624 9608 ?? S Sun06PM 0:03.96
/usr/local/sbin/httpd -DSSL
www 53166 0.0 0.5 15640 9616 ?? S Sun06PM 0:04.20
/usr/local/sbin/httpd -DSSL
www 53173 0.0 0.5 15548 9560 ?? S Sun06PM 0:04.12
/usr/local/sbin/httpd -DSSL
www 53175 0.0 0.5 15560 9564 ?? S Sun06PM 0:04.08
/usr/local/sbin/httpd -DSSL
www 53176 0.0 0.5 15552 9556 ?? S Sun06PM 0:04.25
/usr/local/sbin/httpd -DSSL
www 53181 0.0 0.5 15552 9592 ?? S Sun06PM 0:04.13
/usr/local/sbin/httpd -DSSL
www 53183 0.0 0.5 15552 9596 ?? S Sun06PM 0:04.18
/usr/local/sbin/httpd -DSSL
www 53184 0.0 0.5 15560 9560 ?? S Sun06PM 0:03.95
/usr/local/sbin/httpd -DSSL
www 53191 0.0 0.5 15524 9540 ?? S Sun06PM 0:04.12
/usr/local/sbin/httpd -DSSL
www 53195 0.0 0.5 15604 9592 ?? S Sun06PM 0:04.04
/usr/local/sbin/httpd -DSSL
www 53196 0.0 0.5 15576 9616 ?? S Sun06PM 0:04.06
/usr/local/sbin/httpd -DSSL
www 53207 0.0 0.5 15568 9604 ?? S Sun06PM 0:04.00
/usr/local/sbin/httpd -DSSL
www 53208 0.0 0.5 15676 9652 ?? S Sun06PM 0:04.17
/usr/local/sbin/httpd -DSSL
www 53209 0.0 0.5 15636 9612 ?? S Sun06PM 0:04.24
/usr/local/sbin/httpd -DSSL
www 53219 0.0 0.5 15628 9624 ?? S Sun06PM 0:03.94
/usr/local/sbin/httpd -DSSL
www 53221 0.0 0.5 15624 9620 ?? S Sun06PM 0:03.90
/usr/local/sbin/httpd -DSSL
www 53222 0.0 0.5 15672 9640 ?? S Sun06PM 0:04.07
/usr/local/sbin/httpd -DSSL
www 53252 0.0 0.5 15640 9616 ?? S Sun06PM 0:04.19
/usr/local/sbin/httpd -DSSL
www 53253 0.0 0.5 15656 9668 ?? S Sun06PM 0:04.00
/usr/local/sbin/httpd -DSSL
www 53254 0.0 0.5 15568 9600 ?? S Sun06PM 0:04.04
/usr/local/sbin/httpd -DSSL
www 53261 0.0 0.5 15648 9620 ?? S Sun06PM 0:04.28
/usr/local/sbin/httpd -DSSL
www 53270 0.0 0.5 15576 9588 ?? S Sun06PM 0:03.91
/usr/local/sbin/httpd -DSSL
www 76140 0.0 0.5 15524 9524 ?? S 4:47PM 0:00.68
/usr/local/sbin/httpd -DSSL
www 79449 0.0 0.5 15548 9540 ?? S 6:50PM 0:00.18
/usr/local/sbin/httpd -DSSL
www 79453 0.0 0.5 15540 9532 ?? S 6:50PM 0:00.19
/usr/local/sbin/httpd -DSSL
I've only had one complaint from a user who can't seem to access the site,
but I've also noticed that the site stats show a slight decrease from
previous weeks (which could easily be upcoming-holiday related.) So I
don't know if this is a problem on the server or something weird on this
Mac or something strange on the internet.
If anyone has any brilliant insights as to what could cause this, please
let me know.
Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
More information about the freebsd-questions
mailing list