1

We're having a very strange problem where 2 macbooks running osx 10.8.2 can't connect to our public facing server on any port.

Attempting to ssh or navigate to the web server fails, but every other site works for them. They can not connect to any server running on our ip range (which is quite small), which would rule out iptables rules with fail2ban blocking them.

DNS is resolving (running host server.com shows ip) and connecting directly to the ip fails.

The firewall on the macbooks appears to be off. I am unable to ping right now as we are behind a protected network. Both macbooks are unable to connect when at home (ie. completely different ip, completely different routes/firewall). /etc/hosts is clean.

We are not aware of anyone else with this issue. We are running proxmox on the host, debian and ubuntu server on the vms.

An example of one of the urls that doesn't connect is http://mikeserv.me/. Other macbooks can connect fine, it's just these 2.

So I'm all out of ideas:

- not a dns problem (connecting directly to ip doesn't work)

- not an ip being blocked problem (other machines work on same ip)

- not a general network problem (can connect to other websites)

Mike Gallagher
  • 31
  • 4
  • 1
    What means they can't connect? is there a connection timeout, connection refused, connection dropped? if you do telnet 80, what's the output you get? – replay Feb 18 '13 at 14:34
  • Connection timeout. I don't have access to the laptops right now, sshing gave a timeout. – Mike Gallagher Feb 18 '13 at 14:39
  • 1
    If they traceroute to the webserver, how far do they get? Do they have any static routes set? (Also, kudos for using an actual hostname, I wish all askers would do that!) – Jenny D Feb 18 '13 at 14:57
  • traceroute: wrote mikeserv.me 52 chars, ret=-1 *traceroute: sendto: Host is down – Mike Gallagher Feb 18 '13 at 16:20
  • @MikeGallagher, when it says that, can others connect? Is that _all_ `traceroute` tells you? What is your network setup (how are this/other machines connected)? Try again using [`tcping`](http://www.linuxco.de/tcping/tcping.html). Do the affected machines perhaps have a badly configured local firewall? – vonbrand Feb 18 '13 at 16:40

1 Answers1

2

##networking on freenode solved the problem.

See https://superuser.com/questions/461825/cannot-access-pear-php-net-from-osx-lion

Both macbooks had hamachi vpn installed by coincidence.

This is the hamachi interface. When Hamachi started their service, they chose the 5.0.0.0/8 network as their pool of addresses to avoid conflicting with any existing ranges. However, hamachi were never allocated this range.

In the past couple of months, RIPE (who are responsible for this range) have started selling blocks in the 5/8 network. This was inevitable with the quickly depleting numbers of ipv4 addresses, yet hamachi are still using this block.

Our servers ips are in that range.

On a sidenote, everyone involved in finding the problem is finding this hilarious.

Community
  • 1
Mike Gallagher
  • 31
  • 4