[TriLUG] debian oddness on a remote network

Josh Vickery josh at vickeryj.com
Mon May 29 09:40:48 EDT 2006 

Its possible that your package list is out of date (run apt-get update
to fix that) but then you would probably get file not found errors
instead of unable to connect errors.  Still, it couldn't hurt to try,
and you might get some useful errors from apt-get update.

"fix-missing" is an apt-get command which will try and sort out
partially installed packages by grabbing packages that may have
previously failed to install.  It's particularly useful after a failed
attempt to install a downloaded packaged directly using dpkg -i.

Have you tried traceroute to mirrors.kernel.org?

How about telneting on port 80, or using a text based browser like
links or lynx.  What all can you access?  Perhaps you have a firewall
rule or two that is keeping the machine from accessing the Internet
itself.

Josh

On 5/24/06, Ryan Leathers <ryan.leathers at globalknowledge.com> wrote:
> you have eth0 set up as a gateway as well
>
> I assume you have another host/device arbitrating things
> Maybe you should ifdown eth0 while troubleshooting this since you
> indicated you are trying to use eth1
>
> FYI, I see good results for the tftp package from that mirror, so no
> need to second guess that.
>
>
> On Wed, 2006-05-24 at 10:58 -0400, Greg Brown wrote:
> > Folks:
> >
> > I'm trying to do something really simple: apt-get install tftp.  It doesn't
> > work and I'm beating my head against a wall here.  I'll run through the
> > commands (I can ssh into the device from the Internet):
> >
> > booya:~# apt-cache search tftp
> > atftp - advanced TFTP client
> > <snip>
> > tftp - Trivial file transfer protocol client
> > <snip>
> >
> > tftp is the one I want.  So:
> >
> > booya:~# apt-get install tftp
> > Reading Package Lists... Done
> > Building Dependency Tree... Done
> > The following NEW packages will be installed:
> >   tftp
> > 0 upgraded, 1 newly installed, 0 to remove and 14 not upgraded.
> > Need to get 15.7kB of archives.
> > After unpacking 45.1kB of additional disk space will be used.
> > 0% [Connecting to mirrors.kernel.org (204.152.191.39)]
> >  Could not connect to mirrors.kernel.org:80 (204.152.191.7), connection
> > timed out [IP: 204.152.191.7 80]
> > Failed to fetch
> > http://mirrors.kernel.org/debian/pool/main/n/netkit-tftp/tftp_0.17-12_i386.deb
> > Could not connect to mirrors.kernel.org:80 (204.152.191.7), connection timed
> > out [IP: 204.152.191.7 80]
> > E: Unable to fetch some archives, maybe run apt-get update or try with
> > --fix-missing?
> >
> > What is fix-missing?  I'm off to the man page on that one.. But here is
> > where it bombs, every time.  I can access 204.152.191.39 from my desktop so
> > I know that the remote web server is repsonding.  A quick check of
> > sources.list checks out:
> >
> > booya:~# cat /etc/apt/sources.list
> > #deb file:///cdrom/ sarge main
> >
> > deb http://mirrors.kernel.org/debian/ stable main
> > deb-src http://mirrors.kernel.org/debian/ stable main
> >
> > deb http://security.debian.org/ stable/updates main
> >
> > deb ftp://ftp.nerim.net/debian-marillat/ experimental main
> > deb ftp://ftp.nerim.net/debian-marillat/ sarge main
> >
> > Strange.  I wonder if I can access other websites from this server.  Let's
> > try to hit port 80 on, say, cnn.com
> >
> > Interesting ports on www3.cnn.com (64.236.24.12):
> > PORT   STATE    SERVICE
> > 80/tcp filtered http
> >
> > Eh?  Now I call someone who works down there at the outer banks to ask if
> > they can get to cnn.com (both the server and this person are on the same
> > network).  The client can access cnn.com, as well as her bank, and many
> > other websites, so at least the firewall checks out.  The next thing that
> > pops in my head is the defalt gateway is wrong, so let's check
> > /etc/network/interfaces:
> >
> > auto eth1
> > iface eth1 inet static
> > address 192.168.17.50
> > gateway 192.168.17.1
> > netmask 255.255.255.0
> > network 192.168.17.0
> > broadcast 192.168.17.255
> >
> > >From my limited understanding of debian that appears correct.  Let's check
> > netstat:
> >
> > booya:~# netstat -nr
> > Kernel IP routing table
> > Destination     Gateway         Genmask         Flags   MSS Window  irtt
> > Iface
> > 192.168.17.0    0.0.0.0         255.255.255.0   U         0 0          0
> > eth1
> > 192.168.15.0    0.0.0.0         255.255.255.0   U         0 0          0
> > eth0
> > 0.0.0.0         192.168.17.1    0.0.0.0         UG        0 0          0
> > eth1
> > 0.0.0.0         192.168.15.1    0.0.0.0         UG        0 0          0
> > eth0
> >
> > FRACK!!!  Any ideas?  Why can't, from this server on a remote network, can I
> > not get out of my own network with what appears to be correct network
> > settings when I'm certain the firewall is not blocking my packets?
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>

More information about the TriLUG mailing list