Odd Craigslist Issue
-
@tim-mcmanus I was trying to avoid that, but thank you for the response. It seems that may be the best option at this point.
-
I know you've kind of covered this but could Squid or some proxy caching be causing the issue? Or did you have it and remove the package where there may be some remnants? One PC could be set to be ignored and allow all traffic. Could explain why that one PC can connect but the others can't?
Just throwing something out there.
-
@stewart Excellent reply, thank you. I did have Suricata installed at one point, however it would crash and need a restart every couple of weeks. Downtime tends to make customers angry. So I disabled it. It is still installed, just not running.
-
@sabyre I've had a lot of experience with Suricata doing odd things. Under Diagnostics-Table is there anything in the Snort2c table?
-
@stewart Good call, I didn't think of that, but alas it is empty.
-
Yeah disabling Suricata (or Snort) or even uninstalling it does not necessarily remove any blocks.
At this point I would be setting it to a basic config to test. It's easy tot restore your current config if it doesn't help.
Steve
-
@stephenw10 Yeah, I've been bit by that before.
@Sabyre On an affected machine, what does a traceroute show? Also, I've used a program called PingPlotter (there is an old freeware version floating on the internet) that graphically combines Ping and Traceroute. I'm curious what a trace would show since you said you don't see packets going to the router.
-
@stewart That's a nice program. I hadn't used it before. So I ran a trace with the program on the working machine and on the fail machine. Both results are identical with the exception of the final destination.
On the working machine the trace ends at 208.82.237.2
On the fail machine the trace ends at 208.82.237.242Both IP's belong to CL. On either machine there is only one CL IP in the trace.
-
@stewart And when running it again on both they both end with 208.82.237.18
-
@sabyre If you do a dump, is there any http/https traffic that gets passed on the failed attempt? The varying IP could explain the difference. From the CLI you can try running the "host" command to see the varying IPs that get reached. For me it would be:
/root: host orlando.craigslist.org
orlando.craigslist.org is an alias for cities.g.craigslist.org.
cities.g.craigslist.org has address 208.82.237.130
cities.g.craigslist.org mail is handled by 10 mxicorpa.craigslist.org.@stephenw10 is probably correct but I'm always curious as to what is happening. Reloads usually fix things but it never satisfies the "Why" for me.
-
@stewart I too would like to get to the bottom of why this is occurring. It's my nature to understand all that I can. Currently I have a couple of projects going so for the moment I will leave this be for the next couple weeks as the issue is not a high priority right now.
