I cannot find why one of my servers is blocked connecting another machine

I'm very confused. I couldn't get a clue for this situation even for
12 hours of struggling.(It started about 12 hours ago.)

One of my servers is a Linux machine. Let me call it A. It gets
timeout connecting to another machine B. Other servers and even my
home PC can connect to B. What port? It doesn't matter. Every connect
tries just hangs and ends with timeout. Even ping doesn't response.
This is like there's a firewall, eh?

I flushed all of iptable packet filter settings in A.

# iptables -F

B has no firewalls or packet filtering facilities.

I asked my ISP if they have any routers with packet filtering but they
answered with no.

There's another problem. I cannot get my Tomcat Web applications in A
to work right, They all have database connection codes and they hang
there. However, I have no problem connecting to the database with a
simple Java application from A,

I suspect there's any packet filtering firewalls between my machines
but don't know how to find it out. What do you think is the cause of
this situation?

On Sat, 18 Aug 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <(E-Mail Removed) .com>,
(E-Mail Removed) wrote:

>One of my servers is a Linux machine. Let me call it A. It gets
>timeout connecting to another machine B. Other servers and even my
>home PC can connect to B. What port? It doesn't matter. Every connect
>tries just hangs and ends with timeout. Even ping doesn't response.
>This is like there's a firewall, eh?

Can 'B' connect to, or ping 'A'?

>I flushed all of iptable packet filter settings in A.
>
># iptables -F
>
>B has no firewalls or packet filtering facilities.
>
>I asked my ISP if they have any routers with packet filtering but they
>answered with no.

[compton ~]$ whatis hping2 hping3 mtr traceroute tcptraceroute
hping2 (8) - send (almost) arbitrary TCP/IP packets to network hosts
hping3 (8) - send (almost) arbitrary TCP/IP packets to network hosts
mtr (8) - a network diagnostic tool
traceroute (8) - print the route packets take to network host
tcptraceroute (8) - A traceroute implementation using TCP packets
[compton ~]$

>There's another problem. I cannot get my Tomcat Web applications in A
>to work right,

Sorry - I don't use Tomcat

>I suspect there's any packet filtering firewalls between my machines
>but don't know how to find it out.

Usually the easiest way to find out is using something like traceroute
although this depends on being able to receive certain ICMP errors.
Another technique is to use a packet sniffer, and (perhaps) telnet,
trying to connect to (perhaps) port 80 on hosts between you and your
destination. Few of them will be running a server on "this" or "that"
port, but what you are looking for is "Connection Refused" messages
that would be returned from those (non-)servers. How far can you
reach before finding a black hole?

>What do you think is the cause of this situation?

Not enough information.

Old guy

On 8 18 , 10 16 , ibupro...@painkiller.example.tld (Moe Trin) wrote:
> Can 'B' connect to, or ping 'A'?

Oh, I haven't thought about that. Now I found it didn't work either.

> [compton ~]$ whatis hping2 hping3 mtr traceroute tcptraceroute
> hping2 (8) - send (almost) arbitrary TCP/IP packets to network hosts
> hping3 (8) - send (almost) arbitrary TCP/IP packets to network hosts
> mtr (8) - a network diagnostic tool
> traceroute (8) - print the route packets take to network host
> tcptraceroute (8) - A traceroute implementation using TCP packets
> [compton ~]$

New tools. But A doesn't have hpingX and tcptraceroute. A has CentOS
Linux 4 with Kernel 2.6.9-42.0.3.EL.

> Sorry - I don't use Tomcat

Ok, this is the group about linux networking. I should post on another
group.

> Usually the easiest way to find out is using something like traceroute
> although this depends on being able to receive certain ICMP errors.
> Another technique is to use a packet sniffer, and (perhaps) telnet,
> trying to connect to (perhaps) port 80 on hosts between you and your
> destination. Few of them will be running a server on "this" or "that"
> port, but what you are looking for is "Connection Refused" messages
> that would be returned from those (non-)servers. How far can you
> reach before finding a black hole?

On 8 18 , 10 16 , ibupro...@painkiller.example.tld (Moe Trin)
wrote:

> Can 'B' connect to, or ping 'A'?

Oh, I haven't thought about that. Now I found it didn't work either.

> [compton ~]$ whatis hping2 hping3 mtr traceroute tcptraceroute
> hping2 (8) - send (almost) arbitrary TCP/IP packets to network hosts
> hping3 (8) - send (almost) arbitrary TCP/IP packets to network hosts
> mtr (8) - a network diagnostic tool
> traceroute (8) - print the route packets take to network host
> tcptraceroute (8) - A traceroute implementation using TCP packets
> [compton ~]$

New tools. But A doesn't have hpingX and tcptraceroute. A has CentOS
Linux 4 with Kernel 2.6.9-42.0.3.EL.

> Sorry - I don't use Tomcat

Ok, this is the group about linux networking. I should post about this
on another group. I guess this problem is only caused by Tomcat.

On 8 18 , 10 16 , ibupro...@painkiller.example.tld (Moe Trin)
wrote:

> Can 'B' connect to, or ping 'A'?

Oh, I haven't thought about that. Now I found it didn't work either.

> [compton ~]$ whatis hping2 hping3 mtr traceroute tcptraceroute
> hping2 (8) - send (almost) arbitrary TCP/IP packets to network hosts
> hping3 (8) - send (almost) arbitrary TCP/IP packets to network hosts
> mtr (8) - a network diagnostic tool
> traceroute (8) - print the route packets take to network host
> tcptraceroute (8) - A traceroute implementation using TCP packets
> [compton ~]$

New tools. But A doesn't have hpingX and tcptraceroute. A has CentOS
Linux 4 with Kernel 2.6.9-42.0.3.EL. I will search for them.

> Sorry - I don't use Tomcat

Ok, this is the group about linux networking. I should post about
this
on another group. I guess this problem is only caused by Tomcat.

But the first problem still bothers me. Any other opinions?

On Sat, 18 Aug 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <(E-Mail Removed) .com>,
(E-Mail Removed) wrote:

>(Moe Trin) wrote:

>> [compton ~]$ whatis hping2 hping3 mtr traceroute tcptraceroute
>> hping2 (8) - send (almost) arbitrary TCP/IP packets to network hosts
>> hping3 (8) - send (almost) arbitrary TCP/IP packets to network hosts
>> mtr (8) - a network diagnostic tool
>> traceroute (8) - print the route packets take to network host
>> tcptraceroute (8) - A traceroute implementation using TCP packets
>> [compton ~]$
>
>New tools. But A doesn't have hpingX and tcptraceroute. A has CentOS
>Linux 4 with Kernel 2.6.9-42.0.3.EL. I will search for them.

http://www.hping.org/ (hping3 is a more featured replacement for hping2)
http://michael.toren.net/code/tcptraceroute/

>But the first problem still bothers me. Any other opinions?

No - not enough details. I'd start by using a route tracing tool, and
try tracing from 'A' as well as 'B' to identify the block.

Old guy