Re: [qubes-users] 2/3 of VMs randomly lose network access; sys-net, sys-firewall, and others normal

[Eva Star]

On 12/04/2016 05:19 PM, Marek Marczykowski-Górecki wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Wed, Nov 30, 2016 at 09:19:06PM +0300, Eva Star wrote:
On 11/27/2016 02:04 AM, Marek Marczykowski-Górecki wrote:

Do you see some correlation with:
 - starting/stopping another VM?
 - affected VMs have or not firewall rules?

Also, check if restarting qubes-firewall service in sys-firewall helps
(and check it status first).


Seems I have the same issue! (Maybe) I think it's correlate with CHECKING
UPDATES on dom0 or templates. When Qubes do that check - other VM still not
responsive. I wrote about this at the Xen 4.6.3 thread.

More troubleshooting steps:

1. When problem appears, try in sys-firewall:

    qubesdb-read /qubes-iptables-error

This should print last error of firewall reload. I guess it may be about
some DNS resolution failure (if any rule use DNS name instead of IP).
This shouldn't affect all the VMs - only the one for which name
resolution failed, but maybe something is wrong here.

2. Check status and logs of qubes-firewall service:

    sudo systemctl status qubes-firewall

Should be "active (running)" and a series of "qubes-firewall[xxx]:
/qubes-iptables" messages. If you see anything else, let me know.

3. Restart qubes-firewall service and see whether it helps:

    sudo systemctl restart qubes-firewall


One my VM loss network access again.
> qubesdb-read /qubes-iptables-error
blank

> sudo systemctl status qubes-firewall
give me this https://i.imgur.com/KUkHODf.png
it's the last call.
before all calls show me the same:
https://i.imgur.com/UwfdUSI.png (5 mins later, 9 mins later only 
difference)

Then (sorry) I forget about step 3 from instruction and restart my VM.
It helps. And firewall after that show me 15 lines output (vs 14 lines 
before)
https://i.imgur.com/JoIaZxN.png
See the last line! It's show after I shutdown problem VM.

As I'm already wrote I still think the problem with background 
updates... Maybe race condition or something like this that freeze 
update task and all network access?



--
Regards

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ccfd8b9-99d9-23d1-f0ab-85ce32efd2a4%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.