From: Bill Thompson (bill.thompson@GOODYEAR.COM)
Date: Tue Oct 15 2002 - 13:57:16 EDT
I doubt this is a tcp/ip problem. It sounds more like firewall
configuration.
Most firewalls drop ICMP packets which are used by both ping and
traceroute.
If the firewall is dropping ICMP packets then there is no way (that I know
of) to trace the route.
You can telnet from your SP node to the mail server over port 25 because
the firewall has been configured to do just that ... allow connections over
port 25 from the SP node to the mail server.
Chances are your other server can't get to the mail server because the
firewall is not allowing it.
I'd check with your firewall people to see if the second server is properly
configured.
Bill Thompson
Sr UNIX Systems Administrator
The Goodyear Tire & Rubber Co.
Contains Confidential and/or Proprietary Information
May Not Be Copied or Disseminated Without Express Consent of The Goodyear
Tire & Rubber Company.
AIX-L Archives: http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2
----- Original Message -----
From: "Patrick B. O'Brien" <pobrien@DOIT.NV.GOV>
Newsgroups: bit.listserv.aix-l
To: <aix-l@Princeton.EDU>
Sent: Tuesday, October 15, 2002 12:03 PM
Subject: Re: Banging my head off my desk on this one
> Do a smit tcpip, choose minimum config. Choose the appropriate card and
stop then start this Interface. It will reload tcpip too.
>
> I think tcpip is just a bit confused.
>
>
>
> -----Original Message-----
> From: Bill Verzal [mailto:Bill_Verzal@BCBSIL.COM]
> Sent: Tuesday, October 15, 2002 8:36 AM
> To: aix-l@Princeton.EDU
> Subject: Banging my head off my desk on this one
>
>
> OK - I have a 6H1 SP node. I am trying to talk with a mail server.
>
> f01n305_en1:/ >ping -drRv 172.30.130.41
> PING 172.30.130.41: (172.30.130.41): 56 data bytes
> 0821-069 ping: sendto: Cannot reach the destination network.
> ping: wrote 172.30.130.41 64 chars, ret=-1
> 0821-069 ping: sendto: Cannot reach the destination network.
> ping: wrote 172.30.130.41 64 chars, ret=-1
> 0821-069 ping: sendto: Cannot reach the destination network.
> ping: wrote 172.30.130.41 64 chars, ret=-1
>
> So, I try traceroute:
>
> f01n305_en1:/ >traceroute -v 172.30.130.41
> trying to get source for 172.30.130.41
> source should be 192.168.56.181
> traceroute to 172.30.130.41 (172.30.130.41) from 192.168.56.181
> (192.168.56.181), 30 hops max
> EMSGSIZE 32768
> EMSGSIZE 32748
> EMSGSIZE 17914
> EMSGSIZE 17894
> EMSGSIZE 16384
> EMSGSIZE 16364
> EMSGSIZE 8166
> EMSGSIZE 8146
> EMSGSIZE 4464
> EMSGSIZE 4444
> EMSGSIZE 4352
> EMSGSIZE 4332
> EMSGSIZE 2048
> EMSGSIZE 2028
> EMSGSIZE 2002
> EMSGSIZE 1982
> EMSGSIZE 1536
> EMSGSIZE 1516
> outgoing MTU = 1500
> 1 * * *
> 2 * * *
>
> That no workey either. Now - see this:
>
> f01n305_en1:/ >telnet 172.30.130.41 25
> Trying...
> Connected to 172.30.130.41.
> Escape character is '^]'.
> 220 glsmtp01.chi.bcbsil.com ESMTP Service (Lotus Domino Release 5.0.8)
> ready at Tue, 15 Oct 2002 10:32:51 -0500
> quit
> 221 glsmtp01.chi.bcbsil.com SMTP Service closing transmission channel
> Connection closed.
>
>
> This seems to me to be a firewall issue. I think I have resolved that.
My
> question though - how can I trace the route to the address, because I cna
> clearly get to it. I need to know the exact route because I have another
> server on the same network that CANNOT get to the server in any way at
all.
>
> Does anyone know how I might be able to get the route to the server ?
How
> is the telnet getting out ? What route ? There are multiple NICS on
this
> box.
>
> Thanks, Bill.
>
>
--------------------------------------------------------------------------------------------------------
>
> Bill Verzal
> Technical Consultant
> Forbes Technical Consulting
> (312) 653-3684
> bill_verzal@bcbsil.com
> MailStop: 27.202B
>
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:16 EDT