On Mon, Feb 08, 2010 at 02:17:48PM +0100, Vincent Caron wrote: > On Mon, 2010-02-08 at 14:13 +0100, Sylvain Beucler wrote: > > > > I don't think this is the problem. > > > > Currently, cvs.gna.org answers fine locally, but rejects all > > connections (SSH, HTTP) from the Internet. > > > > I think there's a problem in the firewall rules but I may be wrong. > > svn.gna.org works correctly while it's the same kind of access... > > To make things shorts: I spend 3 hours friday on this, and it was the > same symptoms. I could request https://gna.org/ page from any machine on > the 78.40.125/24 subnet but it would answer "connection denied" to > external hosts. Meanwhile all other services were working fine and were > publicly available... It was all fixed once we remounted the faulty fs > read-write and restartet the vserver (Bart in this case). Loic and I > couldn't figure out any network issue.
So eventually the issue was an outdated ARP cache somewhere, which sent paquets to the old interface (eth0) instead of eth1, triggering different firewall rules. Fixed using: arpspoof -i eth1 78.40.125.XX I also recommend: iptables -t raw -A PREROUTING -s $MY_IP -d 78.40.125.XX -j TRACE to trace firewall rules :) -- Sylvain _______________________________________________ Project mailing list [email protected] https://mail.gna.org/listinfo/project
