Bug 437386 - Incoming TCP requests blocked in 2.6.24.3-12
Incoming TCP requests blocked in 2.6.24.3-12
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
8
x86_64 Linux
low Severity urgent
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
http://wire.ncsa.uiuc.edu/
Resolved in 2.6.24.3-34
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-13 15:50 EDT by Bill Baker
Modified: 2008-03-20 12:55 EDT (History)
0 users

See Also:
Fixed In Version: 2.6.24.3-34
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-20 12:55:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bill Baker 2008-03-13 15:50:02 EDT
Description of problem:

After upgrading from 2.6.23.14-107 to 2.6.24.3-12 (through yum), incoming TCP
connections are blocked.  Outgoing connections are fine.  No problems with
iptables; reverting to old kernel fixes network problem.  ICMP is not blocked
(ping wire.ncsa.uiuc.edu).

TCP connections to localhost are even rejected.

lsof -i :22 reports that sshd is listening
lsof -i :80 reports no listeners, even though Apache is running.  Apache does
not complain in logs during startup.

Version-Release number of selected component (if applicable):

2.6.24.3-12

How reproducible:

100%

Steps to Reproduce:
1. Attempt to connect (for example, to wire.ncsa.uiuc.edu), either by ssh (22)
or http (80/443).

Actual results:

wget http://wire.ncsa.uiuc.edu/
Connecting to wire.ncsa.uiuc.edu|141.142.222.32|:80... failed: Connection refused

ssh wire.ncsa.uiuc.edu
ssh: connect to host wire.ncsa.uiuc.edu port 22: Connection refused

Expected results:

Connection succeeds

Additional info:

Tried two different network cards, a Marvell (onboard) and a 3COM PCI card, both
of which work fine under the previous kernel, 2.6.23.14-107 (although the
Marvell tends to cause system lockups once in a while).
Comment 1 Dave Jones 2008-03-13 15:59:57 EDT
does it do this with all hosts ?

the reason I ask is that wire.ncsa.uiuc.edu seems to be not listening on port 80
or 22.
Comment 2 Chuck Ebbert 2008-03-13 17:10:37 EDT
Network adapter addresses got switched around in 2.6.24. Can you try deleting
/etc/udev/rules.d/70-persistent-net.rules (back it up first.)
Comment 3 Bill Baker 2008-03-13 17:46:18 EDT
Response to #1: I'm pretty sure that it doesn't do it on all hosts; other fedora
8 users report upgrading to this kernel without this problem.

Yes, wire.ncsa.uiuc.edu is unreachable -- it's exhibiting the problem.
Comment 4 Bill Baker 2008-03-13 17:50:17 EDT
Response to #2 from cebbert@redhat.com:

I deleted /etc/udev/rules.d/70-persistent-net.rules and rebooted, but there was
no change.

I compared the newly-generated version and the original, and the only changes
were the order of entries and names of the devices -- that is, the association
of physical hardware with eth0/eth1 didn't change.

Old version:
-----------------------
# This file was automatically generated by the /lib/udev/write_net_rules
# program run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single line.

# Marvell Technology Group Ltd. 88E8001 Gigabit Ethernet Controller
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{address}=="00:11:d8:58:c5:77", ATTR{type}=="1", NAME="eth1"
# 3Com Corporation 3c905B 100BaseTX [Cyclone]
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{address}=="00:04:76:9e:79:19", ATTR{type}=="1", NAME="eth0"

New version:
-----------------------
# This file was automatically generated by the /lib/udev/write_net_rules
# program run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single line.

# PCI device 0x10b7:0x9055 (3c59x) (custom name provided by external tool)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{address}=="00:04:76:9e:79:19", ATTR{type}=="1", NAME="eth0"

# PCI device 0x11ab:0x4320 (skge) (custom name provided by external tool)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{address}=="00:11:d8:58:c5:77", ATTR{type}=="1", NAME="eth1"
Comment 5 Bill Baker 2008-03-13 18:26:23 EDT
Correction: "How Reproducible" should be "Single machine, consistently; other
machines unaffected."
Comment 6 Bill Baker 2008-03-20 12:55:36 EDT
Resolved in 2.6.24.3-34

Note You need to log in before you can comment on or make changes to this bug.