[NTLUG:Discuss] Troubleshooting when you lose the Internet (2 questions)

Rick Matthews RedHat.Linux at verizon.net
Sat Feb 22 13:15:12 CST 2003 

Everybody knows that "stuff happens" on the net.  I'll click a link 
from a search engine and it will be slow (or dead).  No big deal.
I may click another link and find it in the same shape.  Depending 
on what I am doing at the time, it may take several bad clicks before
my brain snaps to and realizes that it may not be the links.  I'll 
click on a "known good" site, and if that is unsuccessful I'll 
try another.  But when my email client then tells me that it is 
unable to contact my external pop3 server, I'm sure there is a problem.
Now what do I do?

My ADSL is connected to eth0 in my Linux firewall box; eth1 connects
to a LinkSys switch and then to Windows boxes.  The Linux box also 
runs Squid, squidGuard, and Apache (internal only, serves reports, 
docs, and squidGuard redirect pages).

I generally take a pseudo-logical semi-floundering approach to 
identifying the source of the problem.  After quickly eliminating 
my workstation and the switch from suspicion, I settle in on the 
Linux box.  Here are some of the things I'll try (in no particular 
order):
- I'll check /var/log/messages for red flags
- I'll ping my isp's gateway
- I'll check 'ifconfig' (in the past I've found eth0 missing)
- I'll check 'top' and 'ps ax'
- I'll try dig on a few domains
- I'll stop and start named
- I'll reboot the Linux system

Rebooting has corrected the problem a couple of times.  Another couple
of times there was an isp problem.  (I'm not counting the "missing
eth0" events in here.)  

Question 1:  How can I be reasonably sure that the problem is not 
within my span of control before calling for isp support?

Question 2:  Rebooting linux corrected the problem yesterday (details
follow).  What was wrong?

Everything was normal in /var/log/messages up to this point:

16:34:40 ntpd[1180]: sendto(NTP Server1): Network is unreachable
16:35:32 kernel: martian source <ip1> from <ip2>, on dev eth0
16:35:32 kernel: ll header: <MAC address 1>
16:35:44 kernel: martian source <ip1> from <ip2>, on dev eth0
16:35:44 kernel: ll header: <MAC address 1>
16:35:55 kernel: martian source <ip1> from <ip2>, on dev eth0
16:35:55 kernel: ll header: <MAC address 1>
16:36:59 kernel: martian source <ip1> from <ip2>, on dev eth0
16:36:59 kernel: ll header: <MAC address 1>
16:37:28 kernel: martian source <ip1> from <ip2>, on dev eth0
16:37:28 kernel: ll header: <MAC address 1>
16:38:34 ntpd[1180]: sendto(NTP Server2): Network is unreachable
16:38:34 ntpd[1180]: sendto(NTP Server3): Network is unreachable
16:38:35 ntpd[1180]: sendto(NTP Server4): Network is unreachable
16:39:07 kernel: martian source <ip1> from <ip2>, on dev eth0
16:39:07 kernel: ll header: <MAC address 1>
16:39:11 ntpd[1180]: sendto(NTP Server5): Network is unreachable
16:39:18 ntpd[1180]: sendto(NTP Server6): Network is unreachable
16:39:19 kernel: martian source <ip1> from <ip2>, on dev eth0
16:39:19 kernel: ll header: <MAC address 1>
16:39:22 ntpd[1180]: sendto(NTP Server7): Network is unreachable
16:39:26 ntpd[1180]: sendto(NTP Server8): Network is unreachable
16:39:36 kernel: martian source <ip1> from <ip2>, on dev eth0
16:39:36 kernel: ll header: <MAC address 1>
16:39:52 kernel: martian source <ip1> from <ip2>, on dev eth0
16:39:52 kernel: ll header: <MAC address 1>
16:40:21 kernel: martian source <ip1> from <ip2>, on dev eth0
16:40:21 kernel: ll header: <MAC address 1>
16:40:22 ntpd[1180]: sendto(NTP Server9): Network is unreachable

Notes: 
- Date and host name removed to reduce line length
- <ip1> and <ip2> are both external ips, and resolve to people/places
  that I've never heard of

I had been out for a couple of hours and found that I could not 
reach any web sites when I returned at about 17:20.  Everything
worked again afrer I finally rebooted.

Any ideas what could have been the problem?

Thanks in advance!

Rick

More information about the Discuss mailing list