All ports blocked, ping works, firewall and apparmor off

Karl Auer kauer at biplane.com.au
Fri Apr 10 23:31:18 UTC 2015 

On Fri, 2015-04-10 at 05:51 -0700, Tony Baechler - BATS wrote:
> Everything was working fine, but I couldn't connect after the reboot.
> [...]
> I completely purged ufw and iptables but no luck.

If you cannot connect to it, how are you modifying the configuration?
Just to double-check, this is a real system, not a virtual? Do you still
have physical access to the system?

You mentioned calling someone's support - whose?

> What's really strange is that it boots fine with kvm from the rescue system.
> I can get to the login prompt and everything seems to be fine.  It acts
> like a boot problem, but I don't see why ping would work if it isn't
> booting.

Add a crontab entry that runs every minute as root, collects some
information (the output from runlevel, ps, dmesg, ifconfig, iptables,
mount - whatever you can think of), and writes it into a known location
(but NOT /tmp). Reboot, wait at least ten minutes, then go in with the
rescue system and look at what's been written. If nothing's been written
then yes, you have a boot problem.  I suggest you write a very simple
one first and see if it works at all. That way you haven't wasted a lot
of time if it doesn't. If it does work, go wild with version 2 :-)

Perhaps the system is booting into single-user mode for some reason. You
could try adding a job in /etc/init.d/rc1.d that collects info if level
1 is entered.

Also, check the default run level in /etc/init/rc-sysinit. It should be
2. 

Check the kernel command line.

Check the BIOS boot order - this is a very long shot.

Also, check /etc/resolv.conf. Make sure the nameservers are correctly
entered and reachable from that system, otherwise all sorts of weird
delays can happen, especially if things like Apache try to check their
own address, or things like ssh try to check yours.

Check the IP address you have configured. Make sure it is legal - not a
broadcast or network address. Check the mask, check the gateway. Easy to
get wrong. It seems unlikely if you can ping the address, but still -
check it.

Check that the IP address of your server is not a duplicate. If some
other system has your server's IP address, your server may not be able
to bring up networking, but the other system with that address may well
respond only to ping, either because it doesn't have services
configured, or is firewalling you.

How are you trying to (for example) connect with ssh? Via the known IP
address or via the name of the system? If via the name, try via the IP
address.

If you connect by name, and the system has DNS entries for IPv4 and
IPv6, and YOUR system has IPv6 enabled, the connection will be attempted
via IPv6. Specifying the IP address rather than the name bypasses that
mechanism. If connection via the address works and connection via the
name doesn't suspect  DNS issue at your end, or an IPv6/IPv4 issue such
as misconfigured IPv6.

Try connecting from a completely other machine in a completely other
well-maintained network. Just to make sure it's not a problem at your
end.

How long have you waited for the system to come up? Some networking
issues cause a delay of up to a minute or more.

Maybe try re-installing just the new kernel?

Regards, K.


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
Old fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882

More information about the ubuntu-users mailing list