Eu tenho um problema muito estranho. Nós temos um servidor web interno com nginx - vamos chamá-lo de Web1. É acessível a partir de todos os hosts da rede, mas um (aquele que monitora todos os servidores) - Observer1
Eu posso pingar Observer1 e Web1 do meu cliente.
Eu posso fazer ping no Web1 e no meu cliente no Observer1.
Eu posso pingar meu cliente da Web1, mas não consigo pingar o Observer1.
Eu posso acessar a página inicial no servidor de todos os outros clientes, mas recebo um erro de 500 servidores do Observer1.
Não há nada no arquivo hosts. A tabela de roteamento parece bem também.
Se eu deletar o registro arp do Observer1 ele se regenera com o endereço MAC correto. Se eu fizer um tracepath , diz
1?:[LOCALHOST]
1: no reply
2: no reply
....
Além disso, quando me conecto com o SSH, ele diz " packet_write_wait: Connection to x.x.x.x port 22: Broken pipe "
Eu já defini
TCPKeepAlive yes
ServerAliveInterval 5
em ssh_config , mas ainda não está funcionando.
Eu realmente não sei mais o que verificar.
Atualização 1: Conforme solicitado: iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
153M 103G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
7 380 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
7554K 1019M INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
7554K 1019M INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0 .0.0/0
7554K 1019M INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
96155 3885K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
5124K 893M REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0 /0
0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0 .0/0
0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES all -- * * 0.0.0.0/0 0.0. 0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 108M packets, 105G bytes)
pkts bytes target prot opt in out source destination
108M 105G OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/ 0
Chain FORWARD_IN_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public all -- eno16777984 * 0.0.0.0/0 0.0.0 .0/0 [goto]
0 0 FWDI_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_OUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public all -- * eno16777984 0.0.0.0/0 0.0.0 .0/0 [goto]
0 0 FWDO_public all -- * + 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_direct (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public_log all -- * * 0.0.0.0/0 0.0.0. 0/0
0 0 FWDI_public_deny all -- * * 0.0.0.0/0 0.0.0 .0/0
0 0 FWDI_public_allow all -- * * 0.0.0.0/0 0.0. 0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDI_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public_log all -- * * 0.0.0.0/0 0.0.0. 0/0
0 0 FWDO_public_deny all -- * * 0.0.0.0/0 0.0.0 .0/0
0 0 FWDO_public_allow all -- * * 0.0.0.0/0 0.0. 0.0/0
Chain FWDO_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
7554K 1019M IN_public all -- eno16777984 * 0.0.0.0/0 0.0.0.0 /0 [goto]
0 0 IN_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain INPUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_direct (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public (2 references)
pkts bytes target prot opt in out source destination
7554K 1019M IN_public_log all -- * * 0.0.0.0/0 0.0.0.0/ 0
7554K 1019M IN_public_deny all -- * * 0.0.0.0/0 0.0.0.0 /0
7554K 1019M IN_public_allow all -- * * 0.0.0.0/0 0.0.0. 0/0
8476 393K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_public_allow (1 references)
pkts bytes target prot opt in out source destination
130K 6769K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW
13 676 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
19460 1033K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6061 ctstate NEW
75 4500 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 ctstate NEW
444K 23M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6062 ctstate NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8008 ctstate NEW
1732K 91M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6060 ctstate NEW
Chain IN_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
ip addr show:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:50:56:a4:2f:4a brd ff:ff:ff:ff:ff:ff
inet 10.100.1.60/16 brd 10.20.255.255 scope global eno16777984
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fea4:2f4a/64 scope link
valid_lft forever preferred_lft forever
Update2: Depois do final de semana tudo deu certo novamente. Eu realmente não sei o que era isso.
Tags ssh networking webserver ping