Solved: Not able to ping

mjos · ‎10-28-2009

Hi,
From a Unix server - ia64 hp server rx6600, I am successfully able to traceroute to our SMTP server in one hop.
But ping to the SMTP server fails.
Need help in finding out what the issue can be.

# ping 10.74.100.90
PING 10.74.100.90: 64 byte packets

----10.74.100.90 PING Statistics----
9 packets transmitted, 0 packets received, 100% packet loss
# traceroute 10.74.100.90
traceroute to 10.74.100.90 (10.74.100.90), 30 hops max, 40 byte packets
1 bg1d0d01.xxx.xxx.com (10.48.85.100) 0.076 ms !N 0.019 ms !N 0.018 ms !N

# netstat -in
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lan0 1500 10.48.84.0 10.48.85.100 22229 0 15824 0 0
lo0 4136 127.0.0.0 127.0.0.1 3633 0 3633 0 0

Torsten. · ‎10-28-2009

Firewall?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

mjos · ‎10-28-2009

how do i check for firewall in the unix server?

Torsten. · ‎10-28-2009

Are both servers hp-ux?

You can check if ping is blocked with "bastille". Any firewall between the servers?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

mjos · ‎10-28-2009

There is no bastile sw installed on the server.

# swlist |grep -i bastile
#

The mail SMTP server is a windows server & the server is pingable from rest of the Unix servers.

mjos · ‎10-28-2009

When I reboot the server, I am able to ping to the SMTP IP initially. I send test mail successfully at that stage. But after some time, the ping fails & the SMTP server stops pinging from the Unix server.
So is there any services that become active which stops pinging to the SMTP IP?
There was a veritas cluster software installed which had a virtual IP assigned to the lan interface lan0:1. I removed the VCS sw & removed all the virtual lan interfaces.
Still I am facing the same issue. Now there is just one LAN interface -

# netstat -in
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lan0 1500 10.48.84.0 10.48.85.100 62546 0 38609 0 0
lo0 4136 127.0.0.0 127.0.0.1 11517 0 11517 0 0

Matti_Kurkela · ‎10-28-2009

> # traceroute 10.74.100.90
traceroute to 10.74.100.90 (10.74.100.90), 30 hops max, 40 byte packets
1 bg1d0d01.xxx.xxx.com (10.48.85.100) 0.076 ms !N 0.019 ms !N 0.018 ms !N

Your traceroute looks a bit troubling - "!N" means "network unreachable". As this response comes from 10.48.45.100 which is your own lan0, it does not look good at all.

You did not tell us your netmask, but from the netstat -in output I can see that your network address is 10.48.84.0, so your netmask is something more than 255.255.0.0 but less than 255.255.255.0. That means you must go through at least one gateway to reach 10.74.100.90. So there definitely should be at least one more hop in the traceroute output.

Does your gateway respond to ping at all? If it doesn't, first verify that you're using the correct gateway address. Talk to your network administrator.

If the gateway address is OK and the gateway machine is working but is configured to not respond to pings, the Dead Gateway Detection feature of HP-UX may be triggering.

Run this command:

ndd -get /dev/ip ip_ire_gw_probe

If it responds with 1, the Dead Gateway Detection is enabled.

To disable it, run:

ndd -set /dev/ip ip_ire_gw_probe 0

But if it has already triggered, you must delete your gateway configuration from the routing table and add it back to reset it to working state:

route del default 1
route add default 1

If you can access your SMTP server after this, the problem was caused by a mis-fire of Dead Gateway Detection. To disable it permanently, edit /etc/rc.config.d/nddconf and add a group of three lines like this:

TRANSPORT_NAME[x]=/dev/ip
NDD_NAME[x]=ip_ire_gw_probe
NDD_VALUE[x]=0

Replace the "x" within the brackets with the first unused index value, i.e. if there are no un-commented groups of (TRANSPORT_NAME + NDD_NAME + NDD_VALUE), replace x with 0; if there is one group already, replace x with 1 etc.

If the problem was not solved with this, please show us the output of "netstat -rnv" command.

MK

MK

Michael Steele_2 · ‎10-28-2009

Hi

Please provide

ping ip -n 10

/var/adm/syslog/mail.log

traceroute to mail relay server

traceroute to DNS server

How many subnets are there in your data center

Activate the 'spray' utility on two servers, preferably one is on another subnet vary the packet length and provide five reports of increasing size, as well as lanadmin dropped packet values and other data TO BE COLLECTED AS YOU SPRAY.

spray -c 5 -l 50
spray -c 5 -l 100, etc.

Support Fatherhood - Stop Family Law

Torsten. · ‎10-28-2009

>> There is no bastile sw installed on the server.

# swlist |grep -i bastile

Well, there is a typo.

# swlist |grep -i bastille

product name is HPUXBastille.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

Raj D. · ‎10-28-2009

Mjos,

Check if other than sec00 is installed, sec00 is the default security hardening in hp-ux for Bastille facility, Other than sec00 level it locks down most of the network services:

# swlist -l bundle | grep Sec0

- also can you try ssh or telnet to the ip or any ip in the same subnet. So that it will be clear if there is network firewall & if it is blocking ping requests.

Hth,
Raj.

" If u think u can , If u think u cannot , - You are always Right . "

mjos · ‎10-28-2009

Thank you all for your replies.

I did as Matti suggested & was able to ping to the SMTP server.
But the route gateway specified in the netconf file is still not pinging

# ndd -get /dev/ip ip_ire_gw_probe
1

# ndd -set /dev/ip ip_ire_gw_probe 0
#

# route delete default 10.48.84.1 1
delete net default: gateway 10.48.84.1
#
# route add default 10.48.84.1 1
add net default: gateway 10.48.84.1

After this I was able to successfully ping to the SMTP server & send test mails from the unix server
# ping 10.74.100.90
PING 10.74.100.90: 64 byte packets
64 bytes from 10.74.100.90: icmp_seq=0. time=1. ms

----10.74.100.90 PING Statistics----
1 packets transmitted, 1 packets received, 0% packet loss
round-trip (ms) min/avg/max = 1/1/1

But I am still not able to ping to the route gateway - 10.48.84.1

# ping 10.48.84.1
PING 10.48.84.1: 64 byte packets

----10.48.84.1 PING Statistics----
1 packets transmitted, 0 packets received, 100% packet loss

I added the below lines in /etc/rc.config.d/nddconf. Do I have change the ip with the IP address?

TRANSPORT_NAME[0]=/dev/ip
NDD_NAME[0]=ip_ire_gw_probe
NDD_VALUE[0]=0

Torsten & Raj -
There are bastille & sec00 installed on the server. But how do i check their services are running or not?

# swlist |grep -i bastille
HPUXBastille B.3.0.23 Bastille Security Hardening Tool
You have mail in /var/mail/root
# swlist -l bundle | grep Sec0
Sec00Tools B.01.04.07 Install-Time security infrastructure.

Michael Steele_2 · ‎10-28-2009

But I am still not able to ping to the route gateway - 10.48.84.1

Are you in a DMZ? This may be normal.

Support Fatherhood - Stop Family Law

mjos · ‎10-28-2009

How do I check that - DMZ settings?

Torsten. · ‎10-28-2009

Some basics about DMZ:

http://en.wikipedia.org/wiki/Demilitarized_zone_%28computing%29

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

Johnson Punniyalingam · ‎10-28-2009

>>How do I check that - DMZ settings?

You need check with your "Network Team"

Problems are common to all, but attitude makes the difference

Matti_Kurkela · ‎10-28-2009

> I did as Matti suggested & was able to ping to the SMTP server.
But the route gateway specified in the netconf file is still not pinging

Maybe it's not supposed to. Ask your network administrator.

MK

MK

Not able to ping

Not able to ping

Re: Not able to ping

Re: Not able to ping

Re: Not able to ping

Re: Not able to ping

Re: Not able to ping

Re: Not able to ping

Re: Not able to ping

Re: Not able to ping

Re: Not able to ping

Re: Not able to ping

Re: Not able to ping

Re: Not able to ping

Re: Not able to ping

Re: Not able to ping

Re: Not able to ping

Hewlett Packard Enterprise International