[SOLVED]Network connections doesn't work

[jussi_j]

This morning when coming to office all external connections are down and no internet access. At the evening everything was fine. Restartd server and no change.

- all clients has IP addresses, DHCP is working and renew from win client works
- server is accessible from outside using VPN but clients can't see it
- from server you can access network but no from virtualbox running in server

Only things odd I found are that backups has failed few days because on user has copied huge amout of data into directory, which is backuped and backup machine is running out of space. This shoudn't be the issue because it's been on many days.

Other is that in IDS log there is tons of "COMMUNITY SIP TCP/IP message flooding directed to SIP proxy"-messages. What is this?

Any ideas?

[nicolasdiogo]

lets take  problem @ a time.

you can not access the Internet from your network.
is your router working? can you reach http://www.bbc.co.uk?
could you provide further info on your 'network' problem firstly.

[jussi_j]

Router is working because I can go to www.bbc.co.uk from server. Problem is that clients can't see server.

I have two network cards in server, other is connected to modem and has public IP address. Other is connected to internal network switch and all internet traffic is going via zentyal server.

Strange thing is that this has happened without anyone at office. There is automatic security updates scheduled to run 2am, maybe some update last night did this.

Is there some configuration file I could provide?

[nicolasdiogo]

do you use proxy/content filter?

could you try running on a client

tracepath bbc.co.uk

and post it here

[jussi_j]

There was one problem found. During Linux installation I selected encrypted home directories and my home directory was unmounted automatically. There was just README file saying that this directory is automatically unmounted to prevent damages. I re-mounted it and removed encrypiton and restored all files. Still the situation is odd.

I can access whole network when using VPN. Internet works from server but no from clients. We have one Linux client and I can access it using ssh from server.

it says:
jussi@verstas:~$ tracepath bbc.co.uk
gethostbyname2: Unknown host
jussi@verstas:~$ cat /etc/resolv.conf
nameserver 192.168.13.1
jussi@verstas:~$

Nameserver setting seems to be ok but DNS at server doesn't work of something.

Copy from dashboard:
Network    Running
Firewall    Running
Antivirus    Running
Apache    Running
Certification Authority    Available
DHCP    Running
DNS    Running
Backup    Running
Events    Running
FTP    Running
IDS    Running
Logs    Running
Monitor    Running
NTP    Running
VPN    Running
Printer Sharing    Running
RADIUS    Running
Zentyal Cloud Client    Not subscribed
File Sharing    Running
User Corner    Running
Users and Groups    Running
Web Server    Running

[jussi_j]

Fotgot to say that we're not using proxy or content filter.

[nicolasdiogo]

assuming that your zentyal is 192.168.13.1

can you run on the client
nmap 192.168.13.1

you may need to install nmap

could you also check that your firewall is allowing DNS connection from internal networks?
since it was working before, i can not quite understand what would have changed - have you tried rebooting this zentyal?

[nicolasdiogo]

can you have a look under

services

if dns has is defined as an internal service (tick box)?

[jussi_j]

DNS is internal service (ticked in services list) is it OK?

I've rebooted system many times.

nmap doesn't say anything because it can't see the server.

Firewall is it's original state:
Filtering rules from internal networks to Zentyal - many rules allowing all including dns, only deny rule is for LDAP
Filtering rules for internal networks - only one rule, allow all
Filtering rules for traffic coming out from Zentyal - only one rule, allow all

This is really strange, from server everything seems to work, I can ssh to clients. From client, I can't ping zentyal, but client gets IP from server as well server MAC is in ARP table.

[jussi_j]

Nmap from host itself says:
jussi@lkserver:~$ nmap 192.168.13.1

Starting Nmap 5.00 ( http://nmap.org ) at 2011-04-01 13:52 EEST
Interesting ports on 192.168.13.1:
Not shown: 986 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
53/tcp   open  domain
80/tcp   open  http
111/tcp  open  rpcbind
139/tcp  open  netbios-ssn
389/tcp  open  ldap
443/tcp  open  https
445/tcp  open  microsoft-ds
631/tcp  open  ipp
636/tcp  open  ldapssl
714/tcp  open  unknown
2049/tcp open  nfs
8888/tcp open  sun-answerbook

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds

[nicolasdiogo]

hi,

not sure about this

nmap doesn't say anything because it can't see the server.

you seem to have answered your query here - if you can not 'see' the server you can not go through it and access internet.
can you run this on client
tracepath 192.168.13.1

[jussi_j]

Maybe my original question wasn't clear enough, but I know well that the client can't see server and the question is "what can be wrong"?
Trace path says:
jussi@verstas:~$ tracepath 192.168.13.1
 1:  verstas.local (192.168.13.150)                     0.118ms pmtu 1500
 1:  no reply
 2:  no reply
.......
31:  no reply
     Too many hops: pmtu 1500
     Resume: pmtu 1500
jussi@verstas:~$


Is there some way to reset all network settings and start over without touching users and shares?

[half_life]

Temporarily turn off firewall.  See if it improves the situation.  If not, the next step is to look at what dhcp is putting out to the clients (dns wins routes etc).  I feel your pain, you don't want to dissect this problem so much as you need things back up "now" so everyone quits crowding around your desk.

[jussi_j]

Some improvement, switching off firewall helps, at least i can ping from client to server.

Then I say iptables -L and get something to see that zentyal firewall and iptables are not in sync (i guess? I'm really not an iptables expert)

In attachment there is output from iptables -L, what bloks traffic and how to remove it? How to get iptables back in sync with zentyal?
There are strange rules like this where is listed all network devices with fixed address:

Code: [Select]

Chain inospoof (1 references)
target     prot opt source               destination
idrop      all  --  192.168.13.135       anywhere            MAC ! 00:14:38:8C:FE:DA
idrop      all  --  192.168.13.130       anywhere            MAC ! 00:14:38:5E:C5:36
idrop      all  --  192.168.13.132       anywhere            MAC ! 00:12:79:DF:67:41
idrop      all  --  192.168.13.131       anywhere            MAC ! 00:1B:78:28:1A:DA
idrop      all  --  192.168.13.133       anywhere            MAC ! 00:23:7D:89:FB:53
idrop      all  --  192.168.13.101       anywhere            MAC ! B8:AC:6F:AC:07:AC
idrop      all  --  192.168.13.142       anywhere            MAC ! 00:0B:6A:BC:A3:47
idrop      all  --  192.168.13.134       anywhere            MAC ! 00:80:91:4D:A4:DA
idrop      all  --  192.168.13.141       anywhere            MAC ! 00:11:D8:A1:23:59
idrop      all  --  192.168.13.140       anywhere            MAC ! E0:CB:4E:49:33:49
idrop      all  --  192.168.13.102       anywhere            MAC ! 08:00:27:E8:FF:F6
idrop      all  --  192.168.13.150       anywhere            MAC ! 00:11:09:C8:FC:EE
idrop      all  --  192.168.13.160       anywhere            MAC ! 00:24:A5:AD:4D:77
idrop      all  --  192.168.13.135       anywhere            MAC ! 00:14:38:8C:FE:DA
idrop      all  --  192.168.13.130       anywhere            MAC ! 00:14:38:5E:C5:36
idrop      all  --  192.168.13.132       anywhere            MAC ! 00:12:79:DF:67:41
idrop      all  --  192.168.13.131       anywhere            MAC ! 00:1B:78:28:1A:DA
idrop      all  --  192.168.13.133       anywhere            MAC ! 00:23:7D:89:FB:53
idrop      all  --  192.168.13.101       anywhere            MAC ! B8:AC:6F:AC:07:AC
idrop      all  --  192.168.13.142       anywhere            MAC ! 00:0B:6A:BC:A3:47
idrop      all  --  192.168.13.134       anywhere            MAC ! 00:80:91:4D:A4:DA
idrop      all  --  192.168.13.141       anywhere            MAC ! 00:11:D8:A1:23:59
idrop      all  --  192.168.13.140       anywhere            MAC ! E0:CB:4E:49:33:49
idrop      all  --  192.168.13.102       anywhere            MAC ! 08:00:27:E8:FF:F6
idrop      all  --  192.168.13.150       anywhere            MAC ! 00:11:09:C8:FC:EE
idrop      all  --  192.168.13.160       anywhere            MAC ! 00:24:A5:AD:4D:77
idrop      all  --  192.168.13.0/24      anywhere
idrop      all  --  192.168.13.0/24      anywhere


[nicolasdiogo]

i am no iptables expert either

but you could flush (delete) your iptables and reboot zentyal
which should reset then as per rules that you defined through the webgui