[Techtalk] Is it the server???

Raven, corporate courtesan raven at oneeyedcrow.net
Tue Apr 9 13:57:48 EST 2002 

Heya --

	Just back from Rubi-Con, sorry about the delay in responses.

Quoth Michelle Murrain (Thu, Apr 04, 2002 at 04:33:04PM -0500):
> > Is the ICMP unreachable error actually *to* 192.168.1.1, or is that
> > just an address you swapped in to substitute for your real IP?
> 
> No - I didn't swap that.

	Okay -- and 192.168.1.1 is the address of an interface on your
router?  Which interface?  The one that mailserver 2 connects to, or the
one that mailserver/webserver 1 connects to?  (Or do the two boxes
connect to a switch, and then the switch connects to one Ethernet port
on the router?)

	The reason that I'm so interested in the topology is that if
your mailserver is throwing errors that it can't reach your router, that
should be something that's easy to correct.  We just need to know
exactly what connects to exactly what, and where.

	Could you do a 

route

on the mailservers, and verify that there is a route for the subnet that
192.168.1.1 is on in the routing table on your box?

> The way the network is set up at this moment, it has a private IP, with the 
> 192.168.1.1 as the gateway/firewall/router.

	Which interface on the router?  Or does the router only have one
internal interface?
 
> Web/mail server #1 is the only one seeming to have trouble, although ping 
> floods to unreachable addresses from mailserver 2 seem to drop about as 
> many packets. Mailserver 1 and 2 are the ones with routable IPs.

	Another reason this might be: if your internal network is 100
Mb, and your fractional T1 is 768 K, you're able to push a lot more
traffic to that frac-T1 than it can handle.  Same problem as the T3 ->
T1 issue, just one step earlier along the path.  Any time you try to go
from a network with higher bandwidth across a network with lower
bandwidth you run the risk of packet loss if you try to flood the link.
Most LANs have far greater bandwidth than their WAN links.
 
> There are two things I could try, and I tried them both - the port on the 
> router (it has an 8 port hub) and the ethernet cable. No difference.

	Okay, good to know.
 
> Um, I'm a little lost here. Lemme give you some more details. The server 
> has an internal IP address, which is mapped to an external address via NAT 
> on the router/firewall (a netopia box). The IP address of the server having 
> trouble (the one I moved), is the same internal 192 address, it's just 
> mapped to a new external IP (since it's with a new ISP, and different net).
 
	Oh!  Okay, you're doing NAT.  That makes more sense.  I thought
you had the boxes configured with routable IPs, inside your private
network.  If everything inside your private network has a private space
IP, suddenly all becomes clear.  And NAT just happens statically at the
router, and those two boxes always get translated to the same two
external IPs, right?

> Here's a set of tcpdumps for successful SMTP packets:
> 
> 16:33:08.174659 nanuuq.ursa-minor.com.1221 > 
> xx5.mail.simpleservers.com.smtp: . ack 1 win 16060 <nop,nop,timestamp 
> 1650370 488638534> (DF)
> 16:33:08.653713 xx5.mail.simpleservers.com.smtp > 
> nanuuq.ursa-minor.com.1221: P 1:94(93) ack 1 win 32120 <nop,nop,timestamp 
> 488638568 1650370> (DF)

	Did you get any SYN packets or any other sorts immediately
before this?  This is the first acknowledgement packet (ack 1) after the
connection's been set up.  I'm interested to see if there's anything
else going on at the same time (DNS, ICMP, ARP even) that could be
causing our complication.  Usually that sort of thing happens near the
beginning of a session.  But the rest of this session looks normal.  Is
this one of the domains that you're often having trouble with?  Also if
possible, could you provide more of the tcpdump before an unsuccessful
session?  I am looking to see where the packets are coming from, and if
there are any unsuccessful queries, etc. before the servfail error.

	Other things that are strange that I noticed -- doing a dig on
your domain to attempt to determine how DNS is set up, I only see one
internal mailserver for your company, and it's mapped to a different IP
than nanuuq.  So all mail coming from externally should go to your .34
server (and then get translated to whatever .34 gets mapped to
internally).  After that it would prefer the two SMTP servers that your
ISP runs.  Is this the behaviour you want? 
 
Cheers,
Raven 
 
Ben says "WAR IS PEACE FREEDOM IS SLAVERY BACKSPACE IS DELETE"

More information about the Techtalk mailing list