You are not logged in.

#1 2020-09-11 08:22:10

mrechte
Member
Registered: 2011-05-04
Posts: 36

Can aur.arhlinux.org blacklist a local system ?

Hello,

I have no longer access to aur:

$ telnet aur.archlinux.org 22
Trying 2a01:4f9:c010:50::1...
Connection failed: Connexion refusée
Trying 95.216.144.15...
telnet: Unable to connect to remote host: Connexion refusée

$ telnet aur.archlinux.org 443
Trying 2a01:4f9:c010:50::1...
Connection failed: Connexion refusée
Trying 95.216.144.15...
telnet: Unable to connect to remote host: Connexion refusée

The weird thing is that it only happens on one particular arch box. Other hosts from the same LAN are OK.

All iptables stuff have been disabled, routes are OK, system is up to date.

Could possibly AUR block some systems based on MAC address ?

Offline

#2 2020-09-11 09:06:55

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 922
Website

Re: Can aur.arhlinux.org blacklist a local system ?

If you have a typical consumer DSL connection, the AUR server knows nothing about the specific computer's local IP or MAC address, since it's behind a NAT firewall.
Please post your entire network configuration including your presumably disabled firewall and the routing tables. Also please provide the output of

$ telnet --version
$ which telnet
$ type telnet

Last edited by schard (2020-09-11 09:08:00)

Offline

#3 2020-09-11 10:47:54

mrechte
Member
Registered: 2011-05-04
Posts: 36

Re: Can aur.arhlinux.org blacklist a local system ?

schard wrote:

If you have a typical consumer DSL connection, the AUR server knows nothing about the specific computer's local IP or MAC address, since it's behind a NAT firewall.

Very strange indeed.

If I run a VM guest inside my faulty box, it can telnet to aur.archlinux.org 22.

I don't think it is a telnet related problem, because neither firefox, chromium can access aur.archlinux.org (all other domains are OK).



telnet (GNU inetutils) 1.9.4
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by many authors.
[mrechte@linux2 ~]$ which telnet
/usr/bin/telnet
[mrechte@linux2 ~]$ type telnet
telnet est haché (/usr/bin/telnet)

Thanks

Offline

#4 2020-09-11 12:18:05

mrechte
Member
Registered: 2011-05-04
Posts: 36

Re: Can aur.arhlinux.org blacklist a local system ?

A wireshark analysis on a "telnet aur.archlinux.org 22" gives:

No.     Time                          Source                Destination           Protocol Length Info
     19 2020-09-11 12:04:22,628188771 192.168.42.2          95.216.144.15         TCP      74     59428 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=671762926 TSecr=0 WS=128

Frame 19: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface br1, id 0
Ethernet II, Src: ASUSTekC_c9:39:e8 (c8:60:00:c9:39:e8), Dst: FreeboxS_3b:0c:69 (34:27:92:3b:0c:69)
Internet Protocol Version 4, Src: 192.168.42.2, Dst: 95.216.144.15
Transmission Control Protocol, Src Port: 59428, Dst Port: 22, Seq: 0, Len: 0
    Source Port: 59428
    Destination Port: 22
    [Stream index: 3]
    [TCP Segment Len: 0]
    Sequence number: 0    (relative sequence number)
    Sequence number (raw): 678114343
    [Next sequence number: 1    (relative sequence number)]
    Acknowledgment number: 0
    Acknowledgment number (raw): 0
    1010 .... = Header Length: 40 bytes (10)
    Flags: 0x002 (SYN)
    Window size value: 64240
    [Calculated window size: 64240]
    Checksum: 0xdac0 [unverified]
    [Checksum Status: Unverified]
    Urgent pointer: 0
    Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale
    [Timestamps]

No.     Time                          Source                Destination           Protocol Length Info
     20 2020-09-11 12:04:22,676423692 95.216.144.15         192.168.42.2          ICMP     102    Destination unreachable (Port unreachable)

Frame 20: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on interface br1, id 0
Ethernet II, Src: FreeboxS_3b:0c:69 (34:27:92:3b:0c:69), Dst: ASUSTekC_c9:39:e8 (c8:60:00:c9:39:e8)
Internet Protocol Version 4, Src: 95.216.144.15, Dst: 192.168.42.2
Internet Control Message Protocol
    Type: 3 (Destination unreachable)
    Code: 3 (Port unreachable)
    Checksum: 0xd7bd [correct]
    [Checksum Status: Good]
    Unused: 00000000
    Internet Protocol Version 4, Src: 192.168.42.2, Dst: 95.216.144.15
    Transmission Control Protocol, Src Port: 59428, Dst Port: 22, Seq: 678114343
        Source Port: 59428
        Destination Port: 22
        Sequence number: 678114343
        [Stream index: 3]
        Acknowledgment number: 0
        Acknowledgment number (raw): 0
        1010 .... = Header Length: 40 bytes (10)
        Flags: 0x002 (SYN)
        Window size value: 64240
        [Calculated window size: 64240]
        Checksum: 0xbbb7 [unverified]
        [Checksum Status: Unverified]
        Urgent pointer: 0
        Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale
        [Timestamps]

Offline

#5 2020-09-11 12:29:49

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 922
Website

Re: Can aur.arhlinux.org blacklist a local system ?

mrechte wrote:
No.     Time                          Source                Destination           Protocol Length Info
     20 2020-09-11 12:04:22,676423692 95.216.144.15         192.168.42.2          ICMP     102    Destination unreachable (Port unreachable)

So the reverse path is screwed up.
Looks like a problem with your system's firewall, routes or the routing settings in your IAD ("Router").

Last edited by schard (2020-09-11 12:30:11)

Offline

#6 2020-09-11 12:52:58

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 24,192
Website

Re: Can aur.arhlinux.org blacklist a local system ?

Wouldn't the fact a VM within this system can telnet to the server suggest that the problem is on the local machine?  Most likely a firewall setting rejecting / dropping ICMP packets.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#7 2020-09-11 14:18:29

mrechte
Member
Registered: 2011-05-04
Posts: 36

Re: Can aur.arhlinux.org blacklist a local system ?

Trilby wrote:

Wouldn't the fact a VM within this system can telnet to the server suggest that the problem is on the local machine?  Most likely a firewall setting rejecting / dropping ICMP packets.

It using the same interface (bridge br1).

I set-up a 4G usb connection with my phone, and it now works on the host (at least I have been able to push my package).

The only component that could filter traffic would be my Internet box. But the ICMP response from aur.archlinux.org host suggests that it refuses the tcp connection request.

Offline

#8 2020-09-14 14:25:09

infoslaw
Member
From: UK, Belfast
Registered: 2013-05-06
Posts: 120

Re: Can aur.arhlinux.org blacklist a local system ?

Hi,

I have the same problem. Currently I'm unable to connect wirh aur repository https://aur.archlinux.org/ from any device connected to my local network (LAN/WLAN).
When telnet have:

[~]$ telnet 95.216.144.15 443                                                                                                                                                                                       
Trying 95.216.144.15...
telnet: Unable to connect to remote host: Connection refused

seems that problem is outside my local broadband provider, when trying to connect by another mobile provider all works fine

I really appreciate your help.
Slaw

Last edited by infoslaw (2020-09-14 14:27:29)

Offline

#9 2020-09-14 14:30:49

infoslaw
Member
From: UK, Belfast
Registered: 2013-05-06
Posts: 120

Re: Can aur.arhlinux.org blacklist a local system ?

The strange thing is that others can open https://aur.archlinux.org/ from the same broadband provider also local broadband technical support confirm that network access are transparent to this website. I restarted router to default settings but it seems no issue here coz even don't use firewall etc.

Last edited by infoslaw (2020-09-14 14:33:37)

Offline

#10 2020-09-14 20:30:25

loqs
Member
Registered: 2014-03-06
Posts: 11,533

Re: Can aur.arhlinux.org blacklist a local system ?

If you boot the installation media or some other live media can you then connect to https://aur.archlinux.org/

curl -o /dev/null -v https://aur.archlinux.org/

Offline

#11 2020-09-14 22:48:15

infoslaw
Member
From: UK, Belfast
Registered: 2013-05-06
Posts: 120

Re: Can aur.arhlinux.org blacklist a local system ?

Unfortunately I can't connect from live media.

[~]$ curl -o /dev/null -v https://aur.archlinux.org/                                                                                                                                                               
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 95.216.144.15:443...
* connect to 95.216.144.15 port 443 failed: Connection refused
*   Trying 2a01:4f9:c010:50::1:443...
* Immediate connect fail for 2a01:4f9:c010:50::1: Network is unreachable
* Failed to connect to aur.archlinux.org port 443: Connection refused
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (7) Failed to connect to aur.archlinux.org port 443: Connection refused
[~]$

Last edited by infoslaw (2020-09-14 22:51:25)

Offline

#12 2020-09-15 08:05:41

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 922
Website

Re: Can aur.arhlinux.org blacklist a local system ?

You stil haven't provided any firewall config or routing tables of either the host or the VM.
All we can do here is wild guessing, which will lead us nowhere.

Offline

#13 2020-09-15 08:33:59

infoslaw
Member
From: UK, Belfast
Registered: 2013-05-06
Posts: 120

Re: Can aur.arhlinux.org blacklist a local system ?

I have issue to open website https://aur.archlinux.org/ from any device at home and I don't believe that is issue with my linux device. It doesn't work on Android tablet, mobile, Mac and my laptop with ArchLinux.
I don't have any firewall restrictions on my local broadband router.

below traceroute

traceroute to aur.archlinux.org (95.216.144.15), 30 hops max, 60 byte packets
1  _gateway (192.168.0.1)  1.308 ms  2.007 ms  2.014 ms
2  * * *
3  89-75-2-81.infra.chello.pl (89.75.2.81)  17.293 ms  17.419 ms  18.694 ms
4  pl-waw04a-rc1-ae-45-1484.aorta.net (84.116.253.133)  20.533 ms  20.596 ms  20.356 ms
5  pl-waw26b-ri1-ae-3-0.aorta.net (84.116.138.102)  26.801 ms  20.516 ms  19.940 ms
6  213.46.178.34 (213.46.178.34)  20.606 ms  19.477 ms  19.121 ms
7  hbg-bb4-link.telia.net (62.115.118.40)  47.227 ms hbg-bb3-link.telia.net (62.115.120.68)  52.068 ms  56.741 ms
8  s-bb4-link.telia.net (62.115.115.59)  52.266 ms  50.759 ms  52.087 ms
9  hls-b1-link.telia.net (80.91.246.85)  51.999 ms hls-b1-link.telia.net (62.115.123.31)  45.479 ms  47.086 ms
10  hetzner-svc067711-ic351605.c.telia.net (62.115.183.185)  64.828 ms  51.746 ms  67.169 ms
11  core31.hel1.hetzner.com (213.239.224.38)  48.696 ms core32.hel1.hetzner.com (213.239.224.26)  46.661 ms  48.526 ms
12  spine1.cloud1.hel1.hetzner.com (88.198.249.90)  49.016 ms static.88-198-245-254.clients.your-server.de (88.198.245.254)  50.613 ms  53.568 ms
13  * * *
14  13496.your-cloud.host (95.216.130.243)  53.653 ms  54.873 ms  54.922 ms
15  * * *
16  aur.archlinux.org (95.216.144.15)  51.392 ms  53.820 ms  48.582 ms

Last edited by infoslaw (2020-09-15 08:40:41)

Offline

#14 2020-09-15 09:45:03

fukawi2
Administrator
From: .vic.au
Registered: 2007-09-28
Posts: 5,989
Website

Re: Can aur.arhlinux.org blacklist a local system ?

Offline

#15 2020-09-15 10:50:06

infoslaw
Member
From: UK, Belfast
Registered: 2013-05-06
Posts: 120

Re: Can aur.arhlinux.org blacklist a local system ?

fukawi2 wrote:

Thank you for idea. tcp traceroute below

sudo tcptraceroute aur.archlinux.org                                                                                                                                                                         
Selected device wlp4s0, address 192.168.0.178, port 37569 for outgoing packets
Tracing the path to aur.archlinux.org (95.216.144.15) on TCP port 80 (http), 30 hops max
1  * * *
2  * * *
3  89-75-2-81.infra.chello.pl (89.75.2.81)  187.597 ms  12.780 ms  14.390 ms
4  pl-waw04a-rc1-ae-45-1484.aorta.net (84.116.253.133)  17.331 ms  14.715 ms  16.878 ms
5  pl-waw26b-ri1-ae-3-0.aorta.net (84.116.138.102)  16.155 ms  15.503 ms  14.628 ms
6  213.46.178.34  16.241 ms  15.277 ms  15.689 ms
7  hbg-bb4-link.telia.net (62.115.118.40)  49.034 ms  44.063 ms  46.167 ms
8  s-bb4-link.telia.net (62.115.115.59)  47.141 ms  49.750 ms  50.061 ms
9  hls-b1-link.telia.net (62.115.123.31)  48.671 ms  46.850 ms  44.708 ms
10  hetzner-svc067711-ic351605.c.telia.net (62.115.183.185)  50.862 ms  48.905 ms  51.032 ms
11  core31.hel1.hetzner.com (213.239.224.38)  57.555 ms  51.620 ms  54.857 ms
12  static.88-198-242-250.clients.your-server.de (88.198.242.250)  45.652 ms  48.890 ms  48.148 ms
13  * * *
14  13496.your-cloud.host (95.216.130.243)  70.972 ms  49.209 ms  49.028 ms
15  * * *
16  aur.archlinux.org (95.216.144.15)  156.077 ms !p  45.800 ms !p  47.706 ms !p

Last edited by infoslaw (2020-09-15 10:50:28)

Offline

#16 Yesterday 03:24:20

fukawi2
Administrator
From: .vic.au
Registered: 2007-09-28
Posts: 5,989
Website

Re: Can aur.arhlinux.org blacklist a local system ?

Interesting. You might need to ask in #archlinux-devops on Freenode where those with access to the servers can debug.

Offline

#17 Yesterday 06:58:18

infoslaw
Member
From: UK, Belfast
Registered: 2013-05-06
Posts: 120

Re: Can aur.arhlinux.org blacklist a local system ?

fukawi2 wrote:

Interesting. You might need to ask in #archlinux-devops on Freenode where those with access to the servers can debug.

Thank you for replay. I will do. It never happen for me before.

Offline

#18 Yesterday 07:02:59

infoslaw
Member
From: UK, Belfast
Registered: 2013-05-06
Posts: 120

Re: Can aur.arhlinux.org blacklist a local system ?

Could you tell me please how to find #archlinux-devops on Freenode to report it?

Offline

#19 Yesterday 07:18:13

progandy
Member
Registered: 2012-05-17
Posts: 3,813

Re: Can aur.arhlinux.org blacklist a local system ?

infoslaw wrote:

Could you tell me please how to find #archlinux-devops on Freenode to report it?

freenode is an IRC server, a web client is available here: https://webchat.freenode.net/?channels=archlinux-devops


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

Board footer

Powered by FluxBB