strange config problem

[gamblor01]

I have a RHEL5 VM running at work and am having problems connecting to it. Here is what I know happened so far:

- It started out by having random problems. I would be connected to it through ssh and then suddenly my session would just disconnect. It would be unavailable for several minutes and then suddenly I would be able to connect.

- I then lost all connectivity but cannot say if this random change to the network config was the cause or not. It could have stopped working entirely when the lab admins blocked my machine for missing the MS04-011 patch. Yes...you read that correctly. The admins blocked my RHEL5 box for missing a 6 year old Microsoft patch.

- I opened a ticket to unblock my machine and still cannot connect to it even after though the machine has been removed from the black list.

- A recent power outage took this and all of the other machines down. The VMware host is back up and other VMs running on the same host are all functioning fine (I can ssh/rdesktop to them). This particular RHEL5 box is still down however.

I checked it out on the virtual console and everything networking related seems to be setup properly.

Here is my registration info:

itm-vm100 was added to DNS with address 10.58.204.189
default gateway: 10.58.204.1 mask: 255.255.254.0 DNS servers: 10.58.142.252 10.58.142.252

And here is some output from the VM itself:

Code:

[root@itm-vm100 ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:50:56:B0:04:9C
inet addr:10.58.204.189 Bcast:10.58.205.255 Mask:255.255.254.0
inet6 addr: fe80::250:56ff:feb0:49c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:39988 errors:0 dropped:0 overruns:0 frame:0
TX packets:1414 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4035760 (3.8 MiB) TX bytes:149284 (145.7 KiB)
Interrupt:177 Base address:0x1400
[root@itm-vm100 ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
10.58.204.189 itm-vm100.xxx.yyy.zzz.com itm-vm100
[root@itm-vm100 ~]# cat /etc/resolv.conf
nameserver 10.58.142.252
nameserver 10.58.142.253
domain xxx.yyy.zzz.com
search xxx.yyy.zzz.com www.yyy.zzz.com

Here is what I know:

1. I can ping the box, but I can't make any TCP connections to it (such as ssh).

2. I cannot ping the gateway 10.58.204.1 from the box.

3. I cannot ping other machines on the 10.58.204.* subnet.

4. I can however, ping other machines on the 10.58.205.* subnet!

5. I cannot make any TCP connections from the box, regardless of subnet.

6. I checked the arp table from another box and the MAC is correct.

7. There are no other interfaces (besides the loopback).



I don't get it. It's acting like the netmask is wrong since it can ping on the 205 subnet but not 204. I have checked the netmask again and again -- 255.255.254.0 -- it's correct!


Does anyone have any other ideas for what I should check? I need to get this box up and running again soon!

[mrrangerman43]

Well I'm not a network expert but using a ip-subnet calculator your subnetmask should be 255.255.255.0 not 255.255.254.0 but like I said I'm not a expert.

[klackenfus]

Maybe add a static route?

[gamblor01]

Trust me mrrangerman...it's definitely supposed to be 255.255.254.0. I have plenty of other machines on here with that netmask and they all work. Plus that is the exact value coming back from our DNS registration server. I know it's correct. If it helps, I modified the IP address slightly but I don't think that it should affect the netmask. I have checked the config again and again though and even had several teammates review it. EVERYTHING is correct!!

Klackenfus --

If this is what you are referring to then I already tried and it doesn't work:

http://www.redhat.com/docs/en-US/Red...ic-routes.html



The weird thing is that I actually thought I fixed it. I wound up opening the system-config-network dialog and found that there was both an eth0 and eth0.if1 or something like that. I also found an ifcfg-eth0.if1 inside of the /etc/syconfig/network-scripts so I removed that file. Once I removed that interface from system-config-network and deleted the file, I setup everything properly for eth0 in system-config-network and was able to login just fine (ssh to the box). After a few minutes it suddenly stopped working, even though I didn't change anything.

Now I'm stuck and can't login to the machine again. Same behavior -- I can't ping my gateway but I can ping boxes on a different subnet.

[klackenfus]

Yup, that's what I was referring to.

[gamblor01]

I finally figured it out...someone hijacked my IP and hostname!!!! Even when I turned off my VM I was still able to ping the IP address. This also explains why my system was blocked from the network for missing Microsoft patches -- someone running Windows must be using my IP!

I have opened a ticket with our lab team to track down the evil doer.