[ale] traceroute
Jim Kinney
jim.kinney at gmail.com
Tue Feb 23 16:21:54 EST 2016
Yes. By default. But that won't impact ping or DNS lookup (it also runs
bind - it's a FreeIPA machine), or port 80,443. And machines inside the
last router hop can connect with no problems.
I'm tempted to pull the power on the rack top switch and force it to
reinit. That's the last line of "not my gear" before my gear.
On Tue, 2016-02-23 at 15:50 -0500, DJ-Pfulio wrote:
> Is ssh host validation set to strict?
>
> On 02/23/16 15:33, Jim Kinney wrote:
> > correct me if I'm wrong, please.
> >
> > A VM on a host is networked and can ping outside the LAN, be
> > connected
> > to over ssh from inside the LAN (firewall blocks outside to inside
> > connection) and can connect to another VM on the same host. Other
> > physical machines in the same rack can connect to the second VM as
> > well
> > as the first by any method allowed by the second VM.
> >
> > HOWEVER, from my office, I can't connect to the second VM but I can
> > connect to the first VM. Both are on the same physical host. I can
> > connect to all the other physical and VM in the racks from each
> > other
> > and from my office. There are 3 VM exceptions and all three are
> > either
> > new with new static IPs or recycling an old static IP (with a
> > guarantee
> > the orginal host with the old IP is dead and gone - deleted the VM
> > of a
> > second physical host.
> >
> > All connections that succeed do so by both IP and name. All
> > connections
> > that fail do so by both IP and name. All names resolve correctly.
> > All
> > unreachable VMs can connect to systems outside the LAN by name and
> > by
> > IP. The public facing IP they have is valid. The netmask is correct
> > as
> > is the gateway.
> >
> > The traceroute from my office to a working VM completes in 4 hops
> > with
> > the 4th being the VM itself. But to the non-working VMs it fails
> > after 3.
> >
> > The failure point then must be the last router in the traceroute,
> > i.e.
> > the one that shows up last followed by 27 rows of *'s.
> >
> > I get exactly the same behavior tracing from a machine elsewhere in
> > the LAN.
> >
> > The new VM that can't be connected to is the new user
> > authentication
> > machine. Kind of important.
> >
> > --
> > James P. Kinney III
> >
> > Every time you stop a school, you will have to build a jail. What
> > you
> > gain at one end you lose at the other. It's like feeding a dog on
> > his
> > own tail. It won't fatten the dog.
> > - Speech 11/23/1900 Mark Twain
> >
> > http://heretothereideas.blogspot.com/
> >
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
>
>
--
James P. Kinney III
Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
http://heretothereideas.blogspot.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20160223/faf19239/attachment.html>
More information about the Ale
mailing list