Hi all.
Strange thing is happening on my server, I went out for an hour came back and tried my email found I could connect, tried www and ssh but I got no connection. Ping times out and tracert ends at the router.

So, having thought about it I went to the trusty dial up and managed to get connected, ssh'ed and checked:
hosts.deny
ipchains
and portsentries denied files

but couldn't find my ip anywhere.

Checked the logs but couldn't see anything going wrong there either.

So I rebooted the server to see if that might clear it but nope.

I'm a bit stuck now as to what to do next, any suggestions?

Thanks, Rob.

By "ends at the router", I presume you mean the hop right before your server?

Can you traceroute from your server back to your normal connection?

The trace stops at the hop before my IP.

I can tracert to IP's either side of mine which go thru the router OK.

tracert from the server to my IP is fine.

Only thing I can think of it being is firewall, but you said you checked them... Also.. this just happened out of the blue? Were you editing anything earlier? Anyone else edit anything?

is Apf installed ?

nope, portsentry only. Nothing else

This really is strange. No one else has ssh access and telnet is off. I wasn't in the process of doing any admin work on the server.

As far as I can make out I ftp'ed something up, then my machines went off when I left. I can see my last ftp access in the log but nothing after that from my IP.

I've non-nated my router at home now and all my publc IP's can get access to the server, just the router IP is blocked.

Checking the logs from logsentry doesn't shed any light on it and I ran chkrootkit which didn't come up with anything.

It's very odd.

Have you tried using tcpdump?

I'm not too familiar with that utility, but it might show you if the request is getting to the server....

Originally posted by lucid
The trace stops at the hop before my IP.

I can tracert to IP's either side of mine which go thru the router OK.

tracert from the server to my IP is fine.

I don't quite get what you are saying. You say the tracert from the server to your IP is fine but you also say it stops at the hop before your IP.. which is it?

From my machine at home, I can trace route fine to *.*.*.194 and *.*.*.192, however my server is on *.*.*.193. I can see the trace to *.*.*.193 times out one stop short of my server (at the router)

In the other direction, I can trace route from my server to my home IP no problem.

Checking tcpdump now

server -> home: fine
home -> server: stops before server.

i'm pretty sure that's what he means.

erm, well, I re-reconfigured my home router back to normal nat operation, pinged the server while running tcpdump on ssh from dial up and it worked.

Infact it's back to normal as far as I can see, www, ssh and email are fine, which is more of a worry than if I'd found out what actually was wrong.

I had reset my home router during the episode and it hadn't made any difference and the configurations were done for backup files so I'm pretty sure my home router isn't at fault.

I'm going to have to go thru my servers logs again and see if there's anything I can see there. I'll also report this to my co-lo provider and see if they can shed any light on it.

Thanks to you all for your help, sounds cheesy but knowing there were people out there willing to help made me feel better.

Cheers, Rob.