wierd and terrifying ethernet failure.

To: debian-user@lists.debian.org
Subject: wierd and terrifying ethernet failure.
From: Matt the Man <matt@racesci.org>
Date: Mon, 8 Nov 2004 21:39:22 -0500
Message-id: <[🔎] 20041108213922.A16220@racesci.org>
ok, so really it's only terrifying for me becausee I'm so dependent on the net...  

I'm running sid on an i386.  This machine, anarres, has its own
internet IP address, 128.100.34.9, and sits behind a simple ethernet
switch with one other computer, 128.100.34.8 (from which I'm currently
writing).  This switch & the two computers are themselves behind a
gateway, 128.100.34.1.  Sometime this morning, I think between 11 and
12 EST, something went wrong with my internet connection on anarres.
I have checked the cables and they look fine; the little green and
yellow lights by the ethernet jack are flashing much as they always
have.  But the only computer I've been able to ping anarres from is
128.100.34.8, which is its sister, so to speak.  and from anarres, I
can only reach a very small group of machines.

SOme things I can't do from anarres:
ping localhost
ping 128.100.34.9 (which is localhsot too...)
ping 127.0.0.1
ping 128.100.34.1
ping www.google.com

(all of these _do_ work from 128.100.34.8)

Some things I (surprisingly) can do:
ping 128.100.34.8
ping 128.100.34.0 
ping 128.100.34.x, where x is one of about 6 computers 128.100.34.0 says is on my localnet.  

so, I don't really understand networks all that well, but I don't see
why this should be happening, especially since the 'net connection has
worked flawlessly for about 2.5 years, and I wasn't doing anything
wierd when the breakdown occurred.

I've checked /var/log/(messages|syslog) and I don't see much in terms
of suspects. But on the otherr hand I don't know much either! Both
logs are flooded with lines like this:

Nov  8 21:47:10 www kernel: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:50:99:bf:df:18:08:00 SRC=128.100.34.3 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=17249 PROTO=2 

but they have been since july, cf. this from messages.5.gz: 
Jul 12 07:47:18 www kernel: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:50:99:bf:df:18:08:00 SRC=128.100.34.3 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=2797 PROTO=2 

around the time of failure I notice the following lines in syslog:

---
Nov  8 10:49:21 www imaplogin: DISCONNECTED, ip=[::ffff:128.100.97.11], headers=0, body=0
Nov  8 10:49:21 www imaplogin: Connection, ip=[::ffff:128.100.97.11]
Nov  8 10:49:21 www xteld[8968]: warning: /etc/hosts.allow, line 14: missing newline or line too long
Nov  8 10:49:21 www xteld[8968]: connect from kraken.noc.utoronto.ca (128.100.97.11)
Nov  8 10:49:22 www imapd-ssl: Connection, ip=[::ffff:128.100.97.11]
Nov  8 10:49:26 www imaplogin: DISCONNECTED, ip=[::ffff:128.100.97.11], headers=0, body=0
Nov  8 10:49:27 www imapd-ssl: Connection, ip=[::ffff:128.100.97.11]
Nov  8 10:49:37 www last message repeated 2 times
Nov  8 10:50:01 www /USR/SBIN/CRON[8980]: (list) CMD (/usr/lib/mailman/cron/gate_news)
Nov  8 10:50:39 www sshd: warning: /etc/hosts.allow, line 14: missing newline or line too long
Nov  8 10:51:10 www last message repeated 33 times
Nov  8 10:51:15 www last message repeated 5 times
Nov  8 10:51:15 www kernel: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:50:99:bf:df:18:08:00 SRC=128.100.34.3 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=13253 PROTO=2 
Nov  8 10:51:16 www sshd: warning: /etc/hosts.allow, line 14: missing newline or line too long
Nov  8 10:51:47 www last message repeated 34 times
Nov  8 10:52:58 www last message repeated 34 times
Nov  8 10:53:01 www /USR/SBIN/CRON[9219]: (mail) CMD (  if [ -x /usr/lib/exim/exim3 -a -f /etc/exim/exim.conf ]; then /usr/lib/exim/exim3 -q ; fi)
Nov  8 10:53:20 www kernel: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:50:99:bf:df:18:08:00 SRC=128.100.34.3 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=13268 PROTO=2 
Nov  8 10:54:15 www popa3d[9225]: Session from 128.100.97.11
Nov  8 10:54:27 www popa3d[9225]: Didn't attempt authentication
Nov  8 10:54:48 www imaplogin: Connection, ip=[::ffff:128.100.97.11]
Nov  8 10:54:58 www imaplogin: DISCONNECTED, ip=[::ffff:128.100.97.11], headers=0, body=0
Nov  8 10:55:01 www /USR/SBIN/CRON[9232]: (list) CMD (/usr/lib/mailman/cron/gate_news)
Nov  8 10:55:25 www kernel: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:50:99:bf:df:18:08:00 SRC=128.100.34.3 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=13280 PROTO=2 
Nov  8 10:56:20 www imapd-ssl: couriertls: accept: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Nov  8 10:56:28 www xteld[9241]: warning: /etc/hosts.allow, line 14: missing newline or line too long
Nov  8 10:56:28 www xteld[9241]: connect from kraken.noc.utoronto.ca (128.100.97.11)
Nov  8 10:56:34 www xteld[9241]: read: Success
Nov  8 10:56:52 www cvs-pserver[9243]: warning: /etc/hosts.allow, line 14: missing newline or line too long
Nov  8 10:56:52 www cvs-pserver[9243]: connect from kraken.noc.utoronto.ca (128.100.97.11)
Nov  8 10:57:30 www kernel: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:50:99:bf:df:18:08:00 SRC=128.100.34.3 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=13292 PROTO=2 
Nov  8 10:59:35 www kernel: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:50:99:bf:df:18:08:00 SRC=128.100.34.3 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=13303 PROTO=2 
Nov  8 11:00:01 www /USR/SBIN/CRON[9259]: (list) CMD (/usr/lib/mailman/cron/gate_news)
Nov  8 11:00:01 www /USR/SBIN/CRON[9260]: (matt) CMD (getmail)
---------

The odd thing is that I know the final cron job listed there succeeded
-- the mail was delivered -- but it was the last successful internet
interaction this machine had.  so if that weird xtel connection is the
root cause of this problem (and why would it be?) it's strange that it
took so long to take effect.

I've tried ifdown -a && ifup eth0 several times but this changes
nothing and also generates no error messages.

I'd REALLY appreciate any help you can give as I run a web server from
this machine and my students are at my throat.  Also if you could CC
me directly at this address I'd very much appreciate it, my regular
email account is rendered as good as useless by this problem.


Thanks v. much for your help.  I look forward to hearing from some gurus!  

Matt

ps, fyi, 
   my /etc/network/interfaces looks like this: 
------------- 
#/etc/network/interfaces -- configuration file for ifup(8), ifdown(8)

# The loopback interface
auto lo
iface lo inet loopback

# The first network card - this entry was created during the Debian installation
# (network, broadcast and gateway are optional)
auto eth0
iface eth0 inet static
        address 128.100.34.9
        netmask 255.255.255.128
        network 128.100.34.0
        broadcast 128.100.34.127
        gateway 128.100.34.1
--------------
Reply to:
Prev by Date: Lilo boot from second drive?
Next by Date: Re: Lilo boot from second drive?
Previous by thread: Re: Lilo boot from second drive?
Next by thread: apache being hit
Index(es):
- Date
- Thread