FAQ
Hi,
(Debian 6, Node 8.10, express 3, zappa 4.10)
I have requested a second ip number for my remote box
and want two run a second nodejs app on that ip. The ip
runs on the same card I guess (remote box)

So I have
web1.net on ip1
web2.com on ip2

and use iptables to redirect from 80 and 443 to
my ports
PROD# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere www.web1.net tcp dpt:www redir
ports 3003
REDIRECT tcp -- anywhere www.web2.com tcp dpt:www redir
ports 3004
REDIRECT tcp -- anywhere www.web1.net tcp dpt:https redir
ports 3443
REDIRECT tcp -- anywhere www.web2.com tcp dpt:https redir
ports 3445

and ensure-https to protocol change all 80 traffic to 443:

var ensure=require('ensure-https');
var options={
'forceHost':undefined, // If this is set then the destination URL is
forced to this hostname
'host':'localhost', // This is the default host to use (for HTTP/0.9
clients) (default: localhost)
'sslHost':443, // This is the port of your HTTPS server if it
is not 443 (default: 443)
'statusCode':301 // This is the HTTP Status-Code to use
(default: 301)
};
var server=ensure.createServer(options);
server.listen(3004,'ip1...');

and the same for the other one, ip2 (web2.com).

My *problem*: web1.net works fine when users enter
www.web1.net or https://web1.net or even https://web1.net:3443
but web2.com will only work if I give the https://web2.net:3445 format
otherwise I get "unable to connect"

They have two separate certificates, they works with all browsers I tried.

/etc/hostname has "www.bodywrappers.net"

/etc/hosts has
127.0.0.1 localhost.localdomain localhost
ip1... www.web1.net web1.net
ip1.. sxxxxxxx.online.de (this is a rented box)
ip2... www.web2.com web2.com
The A records are redirected <-> from a different provider but that works
with web1.net

/etc/networks/interfaces
auto lo eth0
iface lo inet loopback

iface eth0 inet dhcp

auto eth0:0
iface eth0:0 inet static
address ip2...
netmask 255.255.255.0
network ip2....0
broadcast ip2....255

Thanks, I'm a bit lost. Feel free to comment more compact solutions, too,
of course. Still a bit green here.

--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nodejs@googlegroups.com
To unsubscribe from this group, send email to
nodejs+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en

Search Discussions

  • Ben Noordhuis at Oct 30, 2012 at 11:12 pm

    On Tue, Oct 30, 2012 at 7:16 PM, Karl wrote:
    Hi,
    (Debian 6, Node 8.10, express 3, zappa 4.10)
    I have requested a second ip number for my remote box
    and want two run a second nodejs app on that ip. The ip
    runs on the same card I guess (remote box)

    So I have
    web1.net on ip1
    web2.com on ip2

    and use iptables to redirect from 80 and 443 to
    my ports
    PROD# iptables -L -t nat
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination
    REDIRECT tcp -- anywhere www.web1.net tcp dpt:www redir
    ports 3003
    REDIRECT tcp -- anywhere www.web2.com tcp dpt:www redir
    ports 3004
    REDIRECT tcp -- anywhere www.web1.net tcp dpt:https redir
    ports 3443
    REDIRECT tcp -- anywhere www.web2.com tcp dpt:https redir
    ports 3445

    and ensure-https to protocol change all 80 traffic to 443:

    var ensure=require('ensure-https');
    var options={
    'forceHost':undefined, // If this is set then the destination URL is
    forced to this hostname
    'host':'localhost', // This is the default host to use (for HTTP/0.9
    clients) (default: localhost)
    'sslHost':443, // This is the port of your HTTPS server if it is
    not 443 (default: 443)
    'statusCode':301 // This is the HTTP Status-Code to use
    (default: 301)
    };
    var server=ensure.createServer(options);
    server.listen(3004,'ip1...');

    and the same for the other one, ip2 (web2.com).

    My *problem*: web1.net works fine when users enter
    www.web1.net or https://web1.net or even https://web1.net:3443
    but web2.com will only work if I give the https://web2.net:3445 format
    otherwise I get "unable to connect"

    They have two separate certificates, they works with all browsers I tried.

    /etc/hostname has "www.bodywrappers.net"

    /etc/hosts has
    127.0.0.1 localhost.localdomain localhost
    ip1... www.web1.net web1.net
    ip1.. sxxxxxxx.online.de (this is a rented box)
    ip2... www.web2.com web2.com
    The A records are redirected <-> from a different provider but that works
    with web1.net

    /etc/networks/interfaces
    auto lo eth0
    iface lo inet loopback

    iface eth0 inet dhcp

    auto eth0:0
    iface eth0:0 inet static
    address ip2...
    netmask 255.255.255.0
    network ip2....0
    broadcast ip2....255

    Thanks, I'm a bit lost. Feel free to comment more compact solutions, too, of
    course. Still a bit green here.
    What does `/sbin/ipconfig` print? If you have only one interface with
    one address, you can - realistically speaking - forget about
    multi-domain SSL.

    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Karl at Oct 30, 2012 at 11:23 pm
    it's one interface with two ip-addresses set up by the provider
    *******
    *-network
    description: Ethernet interface
    product: MCP51 Ethernet Controller
    vendor: nVidia Corporation
    physical id: 14
    bus info: pci@0000:00:14.0
    logical name: eth0
    version: a3
    serial: 00:19:99:23:07:a1
    size: 100MB/s
    capacity: 1GB/s
    width: 32 bits
    clock: 66MHz
    capabilities: pm bus_master cap_list ethernet physical mii 10bt
    10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
    configuration: autonegotiation=on broadcast=yes driver=forcedeth
    driverversion=0.64 duplex=full ip=xx.xxx.xxx.50 latency=0 link=yes
    maxlatency=20 mingnt=1 multicast=yes port=MII speed=100MB/s
    resources: irq:23 memory:f2202000-f2202fff ioport:8c38(size=8)
    *********
    PROD# ifconfig
    eth0 Link encap:Ethernet HWaddr 00:19:99:23:07:a1
    inet addr:xx.xxx.xxx.50 Bcast:xx.xxx.xxx.50 Mask:255.255.255.255
    inet6 addr: xxxx::xxx:xxxx:fe23:7a1/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:39140493 errors:0 dropped:0 overruns:0 frame:0
    TX packets:41299455 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:5145305162 (4.7 GiB) TX bytes:25999465836 (24.2 GiB)
    Interrupt:23 Base address:0x8000

    eth0:0 Link encap:Ethernet HWaddr 00:19:99:23:07:a1
    inet addr:xx.xxx.xx.39 Bcast:xx.xxx.xx.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    Interrupt:23 Base address:0x8000

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:3113201 errors:0 dropped:0 overruns:0 frame:0
    TX packets:3113201 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0


    El miércoles, 31 de octubre de 2012 00:05:38 UTC+1, Ben Noordhuis escribió:
    On Tue, Oct 30, 2012 at 7:16 PM, Karl <klr...@gmail.com <javascript:>>
    wrote:
    Hi,
    (Debian 6, Node 8.10, express 3, zappa 4.10)
    I have requested a second ip number for my remote box
    and want two run a second nodejs app on that ip. The ip
    runs on the same card I guess (remote box)

    So I have
    web1.net on ip1
    web2.com on ip2

    and use iptables to redirect from 80 and 443 to
    my ports
    PROD# iptables -L -t nat
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination
    REDIRECT tcp -- anywhere www.web1.net tcp dpt:www redir
    ports 3003
    REDIRECT tcp -- anywhere www.web2.com tcp dpt:www redir
    ports 3004
    REDIRECT tcp -- anywhere www.web1.net tcp dpt:https redir
    ports 3443
    REDIRECT tcp -- anywhere www.web2.com tcp dpt:https redir
    ports 3445

    and ensure-https to protocol change all 80 traffic to 443:

    var ensure=require('ensure-https');
    var options={
    'forceHost':undefined, // If this is set then the destination URL is
    forced to this hostname
    'host':'localhost', // This is the default host to use (for HTTP/0.9
    clients) (default: localhost)
    'sslHost':443, // This is the port of your HTTPS server if it is
    not 443 (default: 443)
    'statusCode':301 // This is the HTTP Status-Code to use
    (default: 301)
    };
    var server=ensure.createServer(options);
    server.listen(3004,'ip1...');

    and the same for the other one, ip2 (web2.com).

    My *problem*: web1.net works fine when users enter
    www.web1.net or https://web1.net or even https://web1.net:3443
    but web2.com will only work if I give the https://web2.net:3445 format
    otherwise I get "unable to connect"

    They have two separate certificates, they works with all browsers I tried.
    /etc/hostname has "www.bodywrappers.net"

    /etc/hosts has
    127.0.0.1 localhost.localdomain localhost
    ip1... www.web1.net web1.net
    ip1.. sxxxxxxx.online.de (this is a rented box)
    ip2... www.web2.com web2.com
    The A records are redirected <-> from a different provider but that works
    with web1.net

    /etc/networks/interfaces
    auto lo eth0
    iface lo inet loopback

    iface eth0 inet dhcp

    auto eth0:0
    iface eth0:0 inet static
    address ip2...
    netmask 255.255.255.0
    network ip2....0
    broadcast ip2....255

    Thanks, I'm a bit lost. Feel free to comment more compact solutions, too, of
    course. Still a bit green here.
    What does `/sbin/ipconfig` print? If you have only one interface with
    one address, you can - realistically speaking - forget about
    multi-domain SSL.
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Ben Noordhuis at Oct 30, 2012 at 11:28 pm

    On Wed, Oct 31, 2012 at 12:16 AM, Karl wrote:
    it's one interface with two ip-addresses set up by the provider
    *******
    *-network
    description: Ethernet interface
    product: MCP51 Ethernet Controller
    vendor: nVidia Corporation
    physical id: 14
    bus info: pci@0000:00:14.0
    logical name: eth0
    version: a3
    serial: 00:19:99:23:07:a1
    size: 100MB/s
    capacity: 1GB/s
    width: 32 bits
    clock: 66MHz
    capabilities: pm bus_master cap_list ethernet physical mii 10bt
    10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
    configuration: autonegotiation=on broadcast=yes driver=forcedeth
    driverversion=0.64 duplex=full ip=xx.xxx.xxx.50 latency=0 link=yes
    maxlatency=20 mingnt=1 multicast=yes port=MII speed=100MB/s
    resources: irq:23 memory:f2202000-f2202fff ioport:8c38(size=8)
    *********
    PROD# ifconfig
    eth0 Link encap:Ethernet HWaddr 00:19:99:23:07:a1
    inet addr:xx.xxx.xxx.50 Bcast:xx.xxx.xxx.50 Mask:255.255.255.255
    inet6 addr: xxxx::xxx:xxxx:fe23:7a1/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:39140493 errors:0 dropped:0 overruns:0 frame:0
    TX packets:41299455 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:5145305162 (4.7 GiB) TX bytes:25999465836 (24.2 GiB)
    Interrupt:23 Base address:0x8000

    eth0:0 Link encap:Ethernet HWaddr 00:19:99:23:07:a1
    inet addr:xx.xxx.xx.39 Bcast:xx.xxx.xx.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    Interrupt:23 Base address:0x8000

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:3113201 errors:0 dropped:0 overruns:0 frame:0
    TX packets:3113201 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    Okay, looks good (and I see you mentioned in your original post that
    https://web2.net:3445 is reachable.) Maybe add some logging rules to
    your prerouting chain and check with `openssl s_client -connect
    web2.net:443` where you end up?

    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Karl at Oct 31, 2012 at 12:04 am
    DEV$ openssl s_client -connect web2.com:443
    connect: Connection refused
    connect:errno=111


    First one works, of course, iptables are the same for both

    DEV$ openssl s_client -connect web1.net:443
    CONNECTED(00000003)
    depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing,
    CN = StartCom Class 1 Primary Intermediate Server CA
    verify error:num=20:unable to get local issuer certificate
    verify return:0 etc etc

    **********
    iptables -t nat -A PREROUTING -p tcp -i eth0 -d xx.xxx.xxx.50 --dport 80 -j
    REDIRECT --to-port 3003
    iptables -t nat -A PREROUTING -p tcp -i eth0 -d xx.xxx.xx.39 --dport 80 -j R
    EDIRECT --to-port 3004
    # protocol conversion done with zappa ensure-https listening 3003 and 3004
    #also redirect direct hits on https 443 to 3443 ...
    iptables -t nat -A PREROUTING -p tcp -i eth0 -d xx.xxx.xx.50 --dport 443 -j
    REDIRECT --to-port 3443
    iptables -t nat -A PREROUTING -p tcp -i eth0 -d xx.xxx.xx.39 --dport 443 -j
    REDIRECT --to-port 3445




    El miércoles, 31 de octubre de 2012 00:16:28 UTC+1, Karl escribió:
    it's one interface with two ip-addresses set up by the provider
    *******
    *-network
    description: Ethernet interface
    product: MCP51 Ethernet Controller
    vendor: nVidia Corporation
    physical id: 14
    bus info: pci@0000:00:14.0
    logical name: eth0
    version: a3
    serial: 00:19:99:23:07:a1
    size: 100MB/s
    capacity: 1GB/s
    width: 32 bits
    clock: 66MHz
    capabilities: pm bus_master cap_list ethernet physical mii 10bt
    10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
    configuration: autonegotiation=on broadcast=yes driver=forcedeth
    driverversion=0.64 duplex=full ip=xx.xxx.xxx.50 latency=0 link=yes
    maxlatency=20 mingnt=1 multicast=yes port=MII speed=100MB/s
    resources: irq:23 memory:f2202000-f2202fff ioport:8c38(size=8)
    *********
    PROD# ifconfig
    eth0 Link encap:Ethernet HWaddr 00:19:99:23:07:a1
    inet addr:xx.xxx.xxx.50 Bcast:xx.xxx.xxx.50
    Mask:255.255.255.255
    inet6 addr: xxxx::xxx:xxxx:fe23:7a1/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:39140493 errors:0 dropped:0 overruns:0 frame:0
    TX packets:41299455 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:5145305162 (4.7 GiB) TX bytes:25999465836 (24.2 GiB)
    Interrupt:23 Base address:0x8000

    eth0:0 Link encap:Ethernet HWaddr 00:19:99:23:07:a1
    inet addr:xx.xxx.xx.39 Bcast:xx.xxx.xx.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    Interrupt:23 Base address:0x8000

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:3113201 errors:0 dropped:0 overruns:0 frame:0
    TX packets:3113201 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0


    El miércoles, 31 de octubre de 2012 00:05:38 UTC+1, Ben Noordhuis escribió:
    On Tue, Oct 30, 2012 at 7:16 PM, Karl wrote:
    Hi,
    (Debian 6, Node 8.10, express 3, zappa 4.10)
    I have requested a second ip number for my remote box
    and want two run a second nodejs app on that ip. The ip
    runs on the same card I guess (remote box)

    So I have
    web1.net on ip1
    web2.com on ip2

    and use iptables to redirect from 80 and 443 to
    my ports
    PROD# iptables -L -t nat
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination
    REDIRECT tcp -- anywhere www.web1.net tcp dpt:www redir
    ports 3003
    REDIRECT tcp -- anywhere www.web2.com tcp dpt:www redir
    ports 3004
    REDIRECT tcp -- anywhere www.web1.net tcp dpt:https redir
    ports 3443
    REDIRECT tcp -- anywhere www.web2.com tcp dpt:https redir
    ports 3445

    and ensure-https to protocol change all 80 traffic to 443:

    var ensure=require('ensure-https');
    var options={
    'forceHost':undefined, // If this is set then the destination URL is
    forced to this hostname
    'host':'localhost', // This is the default host to use (for HTTP/0.9
    clients) (default: localhost)
    'sslHost':443, // This is the port of your HTTPS server if it is
    not 443 (default: 443)
    'statusCode':301 // This is the HTTP Status-Code to use
    (default: 301)
    };
    var server=ensure.createServer(options);
    server.listen(3004,'ip1...');

    and the same for the other one, ip2 (web2.com).

    My *problem*: web1.net works fine when users enter
    www.web1.net or https://web1.net or even https://web1.net:3443
    but web2.com will only work if I give the https://web2.net:3445 format
    otherwise I get "unable to connect"

    They have two separate certificates, they works with all browsers I tried.
    /etc/hostname has "www.bodywrappers.net"

    /etc/hosts has
    127.0.0.1 localhost.localdomain localhost
    ip1... www.web1.net web1.net
    ip1.. sxxxxxxx.online.de (this is a rented box)
    ip2... www.web2.com web2.com
    The A records are redirected <-> from a different provider but that works
    with web1.net

    /etc/networks/interfaces
    auto lo eth0
    iface lo inet loopback

    iface eth0 inet dhcp

    auto eth0:0
    iface eth0:0 inet static
    address ip2...
    netmask 255.255.255.0
    network ip2....0
    broadcast ip2....255

    Thanks, I'm a bit lost. Feel free to comment more compact solutions, too, of
    course. Still a bit green here.
    What does `/sbin/ipconfig` print? If you have only one interface with
    one address, you can - realistically speaking - forget about
    multi-domain SSL.
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Karl at Oct 31, 2012 at 12:57 am
    the logging produces a lot of this, don't know if this is useful:

    (the one with the problem,web2.com)
    12839 Oct 31 01:34:39 www kernel: [11427688.839066] KLR LOG INPUT: IN=eth0
    OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=83.242.252.140
    DST=xx.xx
    x.xx.39 LEN=54 TOS=0x00 PREC=0x00 TTL=48 ID=9878 PROTO=UDP SPT=63440
    DPT=5
    3 LEN=34
    12840 Oct 31 01:34:39 www kernel: [11427688.839380] KLR LOG OUTPUT: IN=
    OUT=eth0
    SRC=xx.xxx.xx.39 DST=83.242.252.140 LEN=54 TOS=0x00 PREC=0x00 TTL=64
    ID=3
    7760 PROTO=UDP SPT=53 DPT=63440 LEN=34
    (the other one which works)
    12841 Oct 31 01:34:39 www kernel: [11427689.127311] KLR LOG INPUT: IN=eth0
    OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137
    DST=xx.xxx
    .xxx.50 LEN=100 TOS=0x00 PREC=0x00 TTL=47 ID=33959 DF PROTO=TCP
    SPT=41330
    DPT=22 WINDOW=661 RES=0x00 ACK PSH URGP=0
    12842 Oct 31 01:34:39 www kernel: [11427689.133085] KLR LOG OUTPUT: IN=
    OUT=eth0
    SRC=xx.xxx.xxx.50 DST=85.51.193.137 LEN=100 TOS=0x10 PREC=0x00
    TTL=64 ID=
    55242 DF PROTO=TCP SPT=22 DPT=41330 WINDOW=185 RES=0x00 ACK PSH URGP=0
    12843 Oct 31 01:34:39 www kernel: [11427689.205662] KLR LOG INPUT: IN=eth0
    OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137
    DST=xx.xxx
    .xxx.50 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=33960 DF PROTO=TCP
    SPT=41330 D
    PT=22 WINDOW=661 RES=0x00 ACK URGP=0
    12844 Oct 31 01:34:40 www kernel: [11427689.333075] KLR LOG INPUT: IN=eth0
    OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137
    DST=xx.xxx
    .xxx.50 LEN=100 TOS=0x00 PREC=0x00 TTL=47 ID=33961 DF PROTO=TCP
    SPT=41330
    DPT=22 WINDOW=661 RES=0x00 ACK PSH URGP=0

    El miércoles, 31 de octubre de 2012 01:04:54 UTC+1, Karl escribió:
    DEV$ openssl s_client -connect web2.com:443
    connect: Connection refused
    connect:errno=111


    First one works, of course, iptables are the same for both

    DEV$ openssl s_client -connect web1.net:443
    CONNECTED(00000003)
    depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate
    Signing, CN = StartCom Class 1 Primary Intermediate Server CA
    verify error:num=20:unable to get local issuer certificate
    verify return:0 etc etc

    **********
    iptables -t nat -A PREROUTING -p tcp -i eth0 -d xx.xxx.xxx.50 --dport 80 -j
    REDIRECT --to-port 3003
    iptables -t nat -A PREROUTING -p tcp -i eth0 -d xx.xxx.xx.39 --dport 80 -j
    R
    EDIRECT --to-port 3004
    # protocol conversion done with zappa ensure-https listening 3003 and 3004
    #also redirect direct hits on https 443 to 3443 ...
    iptables -t nat -A PREROUTING -p tcp -i eth0 -d xx.xxx.xx.50 --dport 443
    -j
    REDIRECT --to-port 3443
    iptables -t nat -A PREROUTING -p tcp -i eth0 -d xx.xxx.xx.39 --dport 443
    -j
    REDIRECT --to-port 3445




    El miércoles, 31 de octubre de 2012 00:16:28 UTC+1, Karl escribió:
    it's one interface with two ip-addresses set up by the provider
    *******
    *-network
    description: Ethernet interface
    product: MCP51 Ethernet Controller
    vendor: nVidia Corporation
    physical id: 14
    bus info: pci@0000:00:14.0
    logical name: eth0
    version: a3
    serial: 00:19:99:23:07:a1
    size: 100MB/s
    capacity: 1GB/s
    width: 32 bits
    clock: 66MHz
    capabilities: pm bus_master cap_list ethernet physical mii 10bt
    10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
    configuration: autonegotiation=on broadcast=yes
    driver=forcedeth driverversion=0.64 duplex=full ip=xx.xxx.xxx.50 latency=0
    link=yes maxlatency=20 mingnt=1 multicast=yes port=MII speed=100MB/s
    resources: irq:23 memory:f2202000-f2202fff ioport:8c38(size=8)
    *********
    PROD# ifconfig
    eth0 Link encap:Ethernet HWaddr 00:19:99:23:07:a1
    inet addr:xx.xxx.xxx.50 Bcast:xx.xxx.xxx.50
    Mask:255.255.255.255
    inet6 addr: xxxx::xxx:xxxx:fe23:7a1/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:39140493 errors:0 dropped:0 overruns:0 frame:0
    TX packets:41299455 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:5145305162 (4.7 GiB) TX bytes:25999465836 (24.2 GiB)
    Interrupt:23 Base address:0x8000

    eth0:0 Link encap:Ethernet HWaddr 00:19:99:23:07:a1
    inet addr:xx.xxx.xx.39 Bcast:xx.xxx.xx.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    Interrupt:23 Base address:0x8000

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:3113201 errors:0 dropped:0 overruns:0 frame:0
    TX packets:3113201 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0


    El miércoles, 31 de octubre de 2012 00:05:38 UTC+1, Ben Noordhuis
    escribió:
    On Tue, Oct 30, 2012 at 7:16 PM, Karl wrote:
    Hi,
    (Debian 6, Node 8.10, express 3, zappa 4.10)
    I have requested a second ip number for my remote box
    and want two run a second nodejs app on that ip. The ip
    runs on the same card I guess (remote box)

    So I have
    web1.net on ip1
    web2.com on ip2

    and use iptables to redirect from 80 and 443 to
    my ports
    PROD# iptables -L -t nat
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination
    REDIRECT tcp -- anywhere www.web1.net tcp dpt:www redir
    ports 3003
    REDIRECT tcp -- anywhere www.web2.com tcp dpt:www redir
    ports 3004
    REDIRECT tcp -- anywhere www.web1.net tcp dpt:https redir
    ports 3443
    REDIRECT tcp -- anywhere www.web2.com tcp dpt:https redir
    ports 3445

    and ensure-https to protocol change all 80 traffic to 443:

    var ensure=require('ensure-https');
    var options={
    'forceHost':undefined, // If this is set then the destination URL is
    forced to this hostname
    'host':'localhost', // This is the default host to use (for HTTP/0.9
    clients) (default: localhost)
    'sslHost':443, // This is the port of your HTTPS server if it is
    not 443 (default: 443)
    'statusCode':301 // This is the HTTP Status-Code to use
    (default: 301)
    };
    var server=ensure.createServer(options);
    server.listen(3004,'ip1...');

    and the same for the other one, ip2 (web2.com).

    My *problem*: web1.net works fine when users enter
    www.web1.net or https://web1.net or even https://web1.net:3443
    but web2.com will only work if I give the https://web2.net:3445format
    otherwise I get "unable to connect"

    They have two separate certificates, they works with all browsers I tried.
    /etc/hostname has "www.bodywrappers.net"

    /etc/hosts has
    127.0.0.1 localhost.localdomain localhost
    ip1... www.web1.net web1.net
    ip1.. sxxxxxxx.online.de (this is a rented box)
    ip2... www.web2.com web2.com
    The A records are redirected <-> from a different provider but that works
    with web1.net

    /etc/networks/interfaces
    auto lo eth0
    iface lo inet loopback

    iface eth0 inet dhcp

    auto eth0:0
    iface eth0:0 inet static
    address ip2...
    netmask 255.255.255.0
    network ip2....0
    broadcast ip2....255

    Thanks, I'm a bit lost. Feel free to comment more compact solutions, too, of
    course. Still a bit green here.
    What does `/sbin/ipconfig` print? If you have only one interface with
    one address, you can - realistically speaking - forget about
    multi-domain SSL.
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Ben Noordhuis at Oct 31, 2012 at 1:08 am

    On Wed, Oct 31, 2012 at 1:56 AM, Karl wrote:
    the logging produces a lot of this, don't know if this is useful:

    (the one with the problem,web2.com)
    12839 Oct 31 01:34:39 www kernel: [11427688.839066] KLR LOG INPUT: IN=eth0
    OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=83.242.252.140
    DST=xx.xx
    x.xx.39 LEN=54 TOS=0x00 PREC=0x00 TTL=48 ID=9878 PROTO=UDP SPT=63440
    DPT=5
    3 LEN=34
    12840 Oct 31 01:34:39 www kernel: [11427688.839380] KLR LOG OUTPUT: IN=
    OUT=eth0
    SRC=xx.xxx.xx.39 DST=83.242.252.140 LEN=54 TOS=0x00 PREC=0x00 TTL=64
    ID=3
    7760 PROTO=UDP SPT=53 DPT=63440 LEN=34
    Those are DNS packets. Do you see any TCP traffic?

    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Karl at Oct 31, 2012 at 7:21 pm
    Hi,
    thanks for your help, I'm aware now it is not really a node issue

    I did
    iptables -A INPUT -m limit --limit 15/minute -j LOG --log-tcp-options
    --log-prefix "KLR LOG TCP INPUT: "
    iptables -A OUTPUT -m limit --limit 15/minute -j LOG --log-tcp-options
    --log-prefix "KLR LOG TCP OUTPUT: "

    On the browser I did 1) https://web2.com:443 then 2) www.web2.com and 3)
    https://web2.com:3445 (the one that works)

    PROD# grep 'xx.xxx.xx.39' syslog.0
    Oct 31 01:34:39 www kernel: [11427688.839066] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=83.242.252.140
    DST=xx.xxx.xx.39 LEN=54 TOS=0x00 PREC=0x00 TTL=48 ID=9878 PROTO=UDP
    SPT=63440 DPT=53 LEN=34
    Oct 31 01:34:39 www kernel: [11427688.839380] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=83.242.252.140 LEN=54 TOS=0x00 PREC=0x00 TTL=64
    ID=37760 PROTO=UDP SPT=53 DPT=63440 LEN=34
    Oct 31 01:35:19 www kernel: [11427729.155113] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=83.242.252.140
    DST=xx.xxx.xx.39 LEN=54 TOS=0x00 PREC=0x00 TTL=49 ID=11349 PROTO=UDP
    SPT=7380 DPT=53 LEN=34
    Oct 31 01:35:19 www kernel: [11427729.155405] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=83.242.252.140 LEN=54 TOS=0x00 PREC=0x00 TTL=64
    ID=37761 PROTO=UDP SPT=53 DPT=7380 LEN=34
    Oct 31 01:35:24 www kernel: [11427733.903903] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=87.239.190.90
    DST=xx.xxx.xx.39 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=9930 DF PROTO=TCP
    SPT=443 DPT=47534 WINDOW=8192 RES=0x00 ACK SYN URGP=0
    Oct 31 01:35:24 www kernel: [11427733.903947] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=87.239.190.90 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
    PROTO=TCP SPT=47534 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
    Oct 31 01:35:40 www kernel: [11427749.997344] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=62.149.2.60
    DST=xx.xxx.xx.39 LEN=65 TOS=0x00 PREC=0x00 TTL=56 ID=58873 PROTO=UDP
    SPT=53946 DPT=53 LEN=45
    Oct 31 01:35:40 www kernel: [11427749.997703] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=62.149.2.60 LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=39066
    PROTO=UDP SPT=53 DPT=53946 LEN=45
    Oct 31 01:35:42 www kernel: [11427751.756019] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=62.149.2.52
    DST=xx.xxx.xx.39 LEN=65 TOS=0x00 PREC=0x00 TTL=56 ID=32108 PROTO=UDP
    SPT=63957 DPT=53 LEN=45
    Oct 31 01:35:42 www kernel: [11427751.756292] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=62.149.2.52 LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23671
    PROTO=UDP SPT=53 DPT=63957 LEN=45
    Oct 31 01:35:56 www kernel: [11427766.204069] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=75.125.70.194
    DST=xx.xxx.xx.39 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=6179 PROTO=TCP
    SPT=58546 DPT=445 WINDOW=512 RES=0x00 SYN URGP=0
    Oct 31 01:35:56 www kernel: [11427766.204113] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=75.125.70.194 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
    PROTO=TCP SPT=445 DPT=58546 WINDOW=0 RES=0x00 ACK RST URGP=0
    Oct 31 01:38:06 www kernel: [11427895.919137] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=75.125.70.194
    DST=xx.xxx.xx.39 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=14040 PROTO=TCP
    SPT=59930 DPT=445 WINDOW=512 RES=0x00 SYN URGP=0
    Oct 31 01:38:06 www kernel: [11427895.919179] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=75.125.70.194 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
    PROTO=TCP SPT=445 DPT=59930 WINDOW=0 RES=0x00 ACK RST URGP=0
    Oct 31 01:38:35 www kernel: [11427924.420169] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54670 PROTO=UDP SPT=53 DPT=63737 LEN=40
    Oct 31 01:38:38 www kernel: [11427927.772669] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=6491 DF PROTO=UDP
    SPT=60788 DPT=53 LEN=40
    Oct 31 01:38:38 www kernel: [11427927.772971] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54671 PROTO=UDP SPT=53 DPT=60788 LEN=40
    Oct 31 01:38:44 www kernel: [11427933.775233] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54672 PROTO=UDP SPT=53 DPT=42220 LEN=40
    Oct 31 01:38:56 www kernel: [11427945.777601] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=10993 DF PROTO=UDP
    SPT=3555 DPT=53 LEN=40
    Oct 31 01:38:56 www kernel: [11427945.777891] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54677 PROTO=UDP SPT=53 DPT=3555 LEN=40
    Oct 31 01:39:00 www kernel: [11427949.474563] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=11917 DF PROTO=UDP
    SPT=59638 DPT=53 LEN=40
    Oct 31 01:39:00 www kernel: [11427949.474880] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54679 PROTO=UDP SPT=53 DPT=59638 LEN=40
    Oct 31 01:39:05 www kernel: [11427954.427453] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=13154 DF PROTO=UDP
    SPT=41683 DPT=53 LEN=40
    Oct 31 01:39:05 www kernel: [11427954.427814] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54683 PROTO=UDP SPT=53 DPT=41683 LEN=40
    Oct 31 01:39:23 www kernel: [11427972.529462] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=17681 DF PROTO=UDP
    SPT=30063 DPT=53 LEN=40
    Oct 31 01:39:23 www kernel: [11427972.529750] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54691 PROTO=UDP SPT=53 DPT=30063 LEN=40
    Oct 31 01:39:31 www kernel: [11427980.532363] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=19682 DF PROTO=UDP
    SPT=6573 DPT=53 LEN=40
    Oct 31 01:39:31 www kernel: [11427980.532694] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54694 PROTO=UDP SPT=53 DPT=6573 LEN=40
    Oct 31 01:39:39 www kernel: [11427989.183585] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54697 PROTO=UDP SPT=53 DPT=9335 LEN=40
    Oct 31 01:39:43 www kernel: [11427992.984365] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=22795 DF PROTO=UDP
    SPT=24262 DPT=53 LEN=40
    Oct 31 01:39:43 www kernel: [11427992.984660] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54700 PROTO=UDP SPT=53 DPT=24262 LEN=40
    Oct 31 01:39:48 www kernel: [11427997.941833] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=24034 DF PROTO=UDP
    SPT=49811 DPT=53 LEN=40
    Oct 31 01:39:48 www kernel: [11427997.942130] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54702 PROTO=UDP SPT=53 DPT=49811 LEN=40
    Oct 31 01:39:52 www kernel: [11428001.300970] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=24874 DF PROTO=UDP
    SPT=33505 DPT=53 LEN=40
    Oct 31 01:39:52 www kernel: [11428001.301341] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54704 PROTO=UDP SPT=53 DPT=33505 LEN=40
    Oct 31 01:40:11 www kernel: [11428021.249732] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=29862 DF PROTO=UDP
    SPT=29598 DPT=53 LEN=40
    Oct 31 01:40:11 www kernel: [11428021.250065] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54715 PROTO=UDP SPT=53 DPT=29598 LEN=40
    Oct 31 01:40:23 www kernel: [11428033.095853] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=32823 DF PROTO=UDP
    SPT=40897 DPT=53 LEN=40
    Oct 31 01:40:23 www kernel: [11428033.096152] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54721 PROTO=UDP SPT=53 DPT=40897 LEN=40
    Oct 31 01:40:27 www kernel: [11428037.099640] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=33823 DF PROTO=UDP
    SPT=43000 DPT=53 LEN=40
    Oct 31 01:40:27 www kernel: [11428037.099939] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54724 PROTO=UDP SPT=53 DPT=43000 LEN=40
    Oct 31 01:40:37 www kernel: [11428046.457050] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=36161 DF PROTO=UDP
    SPT=41186 DPT=53 LEN=40
    Oct 31 01:40:37 www kernel: [11428046.457346] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54726 PROTO=UDP SPT=53 DPT=41186 LEN=40
    Oct 31 01:40:39 www kernel: [11428049.106856] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=36823 DF PROTO=UDP
    SPT=51379 DPT=53 LEN=40
    Oct 31 01:40:39 www kernel: [11428049.107161] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54727 PROTO=UDP SPT=53 DPT=51379 LEN=40
    Oct 31 01:40:45 www kernel: [11428055.111275] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=38324 DF PROTO=UDP
    SPT=18441 DPT=53 LEN=40
    Oct 31 01:40:45 www kernel: [11428055.111583] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54728 PROTO=UDP SPT=53 DPT=18441 LEN=40
    Oct 31 01:40:49 www kernel: [11428058.465020] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=39162 DF PROTO=UDP
    SPT=12790 DPT=53 LEN=40
    Oct 31 01:40:49 www kernel: [11428058.465335] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54729 PROTO=UDP SPT=53 DPT=12790 LEN=40
    PROD# grep 'xx.xxx.xx.39' syslog
    Oct 31 20:04:59 www kernel: [11494308.901330] KLR LOG TCP INPUT: IN=eth0
    OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=75.125.70.194
    DST=xx.xxx.xx.39 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=4183 PROTO=TCP
    SPT=55699 DPT=445 WINDOW=512 RES=0x00 SYN URGP=0
    Oct 31 20:04:59 www kernel: [11494308.901370] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=75.125.70.194 LEN=40 TOS=0x00 PREC=0x00
    TTL=64 ID=0 DF PROTO=TCP SPT=445 DPT=55699 WINDOW=0 RES=0x00 ACK RST URGP=0
    Oct 31 20:05:22 www kernel: [11494331.430109] KLR LOG TCP INPUT: IN=eth0
    OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=50081 DF PROTO=TCP
    SPT=45054 DPT=3445 WINDOW=14600 RES=0x00 SYN URGP=0 OPT
    (020405840402080A000E2BC00000000001030306)
    Oct 31 20:05:22 www kernel: [11494331.430170] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=60 TOS=0x00 PREC=0x00
    TTL=64 ID=0 DF PROTO=TCP SPT=3445 DPT=45054 WINDOW=5792 RES=0x00 ACK SYN
    URGP=0 OPT (020405B40402080AAB464011000E2BC001030307)
    Oct 31 20:05:22 www kernel: [11494331.431953] KLR LOG TCP INPUT: IN=eth0
    OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=21340 DF PROTO=TCP
    SPT=45055 DPT=3445 WINDOW=14600 RES=0x00 SYN URGP=0 OPT
    (020405840402080A000E2BC00000000001030306)
    Oct 31 20:05:22 www kernel: [11494331.432006] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=60 TOS=0x00 PREC=0x00
    TTL=64 ID=0 DF PROTO=TCP SPT=3445 DPT=45055 WINDOW=5792 RES=0x00 ACK SYN
    URGP=0 OPT (020405B40402080AAB464011000E2BC001030307)
    Oct 31 20:06:06 www kernel: [11494376.206441] KLR LOG TCP INPUT: IN=eth0
    OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=212.242.34.199
    DST=xx.xxx.xx.39 LEN=65 TOS=0x00 PREC=0x00 TTL=54 ID=796 PROTO=UDP
    SPT=50994 DPT=53 LEN=45
    Oct 31 20:06:06 www kernel: [11494376.206769] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=212.242.34.199 LEN=65 TOS=0x00 PREC=0x00
    TTL=64 ID=44771 PROTO=UDP SPT=53 DPT=50994 LEN=45
    Oct 31 20:06:07 www kernel: [11494376.307500] KLR LOG TCP INPUT: IN=eth0
    OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=212.242.34.195
    DST=xx.xxx.xx.39 LEN=65 TOS=0x00 PREC=0x00 TTL=54 ID=1941 PROTO=UDP
    SPT=64023 DPT=53 LEN=45
    Oct 31 20:06:07 www kernel: [11494376.307806] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=212.242.34.195 LEN=65 TOS=0x00 PREC=0x00
    TTL=64 ID=50886 PROTO=UDP SPT=53 DPT=64023 LEN=45
    Oct 31 20:06:07 www kernel: [11494377.029708] KLR LOG TCP INPUT: IN=eth0
    OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137
    DST=xx.xxx.xx.39 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=50092 DF PROTO=TCP
    SPT=45054 DPT=3445 WINDOW=494 RES=0x00 ACK URGP=0 OPT
    (0101080A000E5849AB464094)
    Oct 31 20:06:07 www kernel: [11494377.029748] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00
    TTL=64 ID=45272 DF PROTO=TCP SPT=3445 DPT=45054 WINDOW=83 RES=0x00 ACK
    URGP=0 OPT (0101080AAB466C99000E2C57)
    Oct 31 20:06:07 www kernel: [11494377.037337] KLR LOG TCP INPUT: IN=eth0
    OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137
    DST=xx.xxx.xx.39 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=15066 DF PROTO=TCP
    SPT=45057 DPT=3445 WINDOW=450 RES=0x00 ACK URGP=0 OPT
    (0101080A000E584BAB464097)
    Oct 31 20:06:07 www kernel: [11494377.037377] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00
    TTL=64 ID=45235 DF PROTO=TCP SPT=3445 DPT=45057 WINDOW=74 RES=0x00 ACK
    URGP=0 OPT (0101080AAB466C9B000E2C59)
    Oct 31 20:06:07 www kernel: [11494377.053392] KLR LOG TCP INPUT: IN=eth0
    OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137
    DST=xx.xxx.xx.39 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=23053 DF PROTO=TCP
    SPT=45056 DPT=3445 WINDOW=450 RES=0x00 ACK URGP=0 OPT
    (0101080A000E584FAB46409A)
    Oct 31 20:06:07 www kernel: [11494377.053432] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00
    TTL=64 ID=28573 DF PROTO=TCP SPT=3445 DPT=45056 WINDOW=74 RES=0x00 ACK
    URGP=0 OPT (0101080AAB466C9F000E2C5D)
    Oct 31 20:06:32 www kernel: [11494402.213320] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00
    TTL=64 ID=45273 DF PROTO=TCP SPT=3445 DPT=45054 WINDOW=83 RES=0x00 ACK FIN
    URGP=0 OPT (0101080AAB468531000E2C57)
    Oct 31 20:06:32 www kernel: [11494402.213377] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00
    TTL=64 ID=8196 DF PROTO=TCP SPT=3445 DPT=45055 WINDOW=74 RES=0x00 ACK FIN
    URGP=0 OPT (0101080AAB468531000E2C5F)
    Oct 31 20:06:32 www kernel: [11494402.213404] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00
    TTL=64 ID=28574 DF PROTO=TCP SPT=3445 DPT=45056 WINDOW=74 RES=0x00 ACK FIN
    URGP=0 OPT (0101080AAB468531000E2C5D)





    El miércoles, 31 de octubre de 2012 02:08:18 UTC+1, Ben Noordhuis escribió:
    On Wed, Oct 31, 2012 at 1:56 AM, Karl <klr...@gmail.com <javascript:>>
    wrote:
    the logging produces a lot of this, don't know if this is useful:

    (the one with the problem,web2.com)
    12839 Oct 31 01:34:39 www kernel: [11427688.839066] KLR LOG INPUT: IN=eth0
    OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=83.242.252.140
    DST=xx.xx
    x.xx.39 LEN=54 TOS=0x00 PREC=0x00 TTL=48 ID=9878 PROTO=UDP SPT=63440
    DPT=5
    3 LEN=34
    12840 Oct 31 01:34:39 www kernel: [11427688.839380] KLR LOG OUTPUT: IN=
    OUT=eth0
    SRC=xx.xxx.xx.39 DST=83.242.252.140 LEN=54 TOS=0x00 PREC=0x00 TTL=64
    ID=3
    7760 PROTO=UDP SPT=53 DPT=63440 LEN=34
    Those are DNS packets. Do you see any TCP traffic?
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Karl at Nov 1, 2012 at 10:37 am
    I made filtered version with tcpdump/wireshark of the relevant packages
    like so: ip.addr == xx.xxx.xx.39 and tcp and ! tcp.port eq 22
    should I dump that here on the list or mail it? sort of long

    El miércoles, 31 de octubre de 2012 20:21:22 UTC+1, Karl escribió:
    Hi,
    thanks for your help, I'm aware now it is not really a node issue

    I did
    iptables -A INPUT -m limit --limit 15/minute -j LOG --log-tcp-options
    --log-prefix "KLR LOG TCP INPUT: "
    iptables -A OUTPUT -m limit --limit 15/minute -j LOG --log-tcp-options
    --log-prefix "KLR LOG TCP OUTPUT: "

    On the browser I did 1) https://web2.com:443 then 2) www.web2.com and 3)
    https://web2.com:3445 (the one that works)

    PROD# grep 'xx.xxx.xx.39' syslog.0
    Oct 31 01:34:39 www kernel: [11427688.839066] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=83.242.252.140
    DST=xx.xxx.xx.39 LEN=54 TOS=0x00 PREC=0x00 TTL=48 ID=9878 PROTO=UDP
    SPT=63440 DPT=53 LEN=34
    Oct 31 01:34:39 www kernel: [11427688.839380] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=83.242.252.140 LEN=54 TOS=0x00 PREC=0x00 TTL=64
    ID=37760 PROTO=UDP SPT=53 DPT=63440 LEN=34
    Oct 31 01:35:19 www kernel: [11427729.155113] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=83.242.252.140
    DST=xx.xxx.xx.39 LEN=54 TOS=0x00 PREC=0x00 TTL=49 ID=11349 PROTO=UDP
    SPT=7380 DPT=53 LEN=34
    Oct 31 01:35:19 www kernel: [11427729.155405] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=83.242.252.140 LEN=54 TOS=0x00 PREC=0x00 TTL=64
    ID=37761 PROTO=UDP SPT=53 DPT=7380 LEN=34
    Oct 31 01:35:24 www kernel: [11427733.903903] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=87.239.190.90
    DST=xx.xxx.xx.39 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=9930 DF PROTO=TCP
    SPT=443 DPT=47534 WINDOW=8192 RES=0x00 ACK SYN URGP=0
    Oct 31 01:35:24 www kernel: [11427733.903947] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=87.239.190.90 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
    PROTO=TCP SPT=47534 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
    Oct 31 01:35:40 www kernel: [11427749.997344] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=62.149.2.60
    DST=xx.xxx.xx.39 LEN=65 TOS=0x00 PREC=0x00 TTL=56 ID=58873 PROTO=UDP
    SPT=53946 DPT=53 LEN=45
    Oct 31 01:35:40 www kernel: [11427749.997703] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=62.149.2.60 LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=39066
    PROTO=UDP SPT=53 DPT=53946 LEN=45
    Oct 31 01:35:42 www kernel: [11427751.756019] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=62.149.2.52
    DST=xx.xxx.xx.39 LEN=65 TOS=0x00 PREC=0x00 TTL=56 ID=32108 PROTO=UDP
    SPT=63957 DPT=53 LEN=45
    Oct 31 01:35:42 www kernel: [11427751.756292] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=62.149.2.52 LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23671
    PROTO=UDP SPT=53 DPT=63957 LEN=45
    Oct 31 01:35:56 www kernel: [11427766.204069] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=75.125.70.194
    DST=xx.xxx.xx.39 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=6179 PROTO=TCP
    SPT=58546 DPT=445 WINDOW=512 RES=0x00 SYN URGP=0
    Oct 31 01:35:56 www kernel: [11427766.204113] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=75.125.70.194 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
    PROTO=TCP SPT=445 DPT=58546 WINDOW=0 RES=0x00 ACK RST URGP=0
    Oct 31 01:38:06 www kernel: [11427895.919137] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=75.125.70.194
    DST=xx.xxx.xx.39 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=14040 PROTO=TCP
    SPT=59930 DPT=445 WINDOW=512 RES=0x00 SYN URGP=0
    Oct 31 01:38:06 www kernel: [11427895.919179] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=75.125.70.194 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
    PROTO=TCP SPT=445 DPT=59930 WINDOW=0 RES=0x00 ACK RST URGP=0
    Oct 31 01:38:35 www kernel: [11427924.420169] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54670 PROTO=UDP SPT=53 DPT=63737 LEN=40
    Oct 31 01:38:38 www kernel: [11427927.772669] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=6491 DF PROTO=UDP
    SPT=60788 DPT=53 LEN=40
    Oct 31 01:38:38 www kernel: [11427927.772971] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54671 PROTO=UDP SPT=53 DPT=60788 LEN=40
    Oct 31 01:38:44 www kernel: [11427933.775233] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54672 PROTO=UDP SPT=53 DPT=42220 LEN=40
    Oct 31 01:38:56 www kernel: [11427945.777601] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=10993 DF PROTO=UDP
    SPT=3555 DPT=53 LEN=40
    Oct 31 01:38:56 www kernel: [11427945.777891] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54677 PROTO=UDP SPT=53 DPT=3555 LEN=40
    Oct 31 01:39:00 www kernel: [11427949.474563] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=11917 DF PROTO=UDP
    SPT=59638 DPT=53 LEN=40
    Oct 31 01:39:00 www kernel: [11427949.474880] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54679 PROTO=UDP SPT=53 DPT=59638 LEN=40
    Oct 31 01:39:05 www kernel: [11427954.427453] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=13154 DF PROTO=UDP
    SPT=41683 DPT=53 LEN=40
    Oct 31 01:39:05 www kernel: [11427954.427814] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54683 PROTO=UDP SPT=53 DPT=41683 LEN=40
    Oct 31 01:39:23 www kernel: [11427972.529462] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=17681 DF PROTO=UDP
    SPT=30063 DPT=53 LEN=40
    Oct 31 01:39:23 www kernel: [11427972.529750] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54691 PROTO=UDP SPT=53 DPT=30063 LEN=40
    Oct 31 01:39:31 www kernel: [11427980.532363] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=19682 DF PROTO=UDP
    SPT=6573 DPT=53 LEN=40
    Oct 31 01:39:31 www kernel: [11427980.532694] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54694 PROTO=UDP SPT=53 DPT=6573 LEN=40
    Oct 31 01:39:39 www kernel: [11427989.183585] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54697 PROTO=UDP SPT=53 DPT=9335 LEN=40
    Oct 31 01:39:43 www kernel: [11427992.984365] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=22795 DF PROTO=UDP
    SPT=24262 DPT=53 LEN=40
    Oct 31 01:39:43 www kernel: [11427992.984660] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54700 PROTO=UDP SPT=53 DPT=24262 LEN=40
    Oct 31 01:39:48 www kernel: [11427997.941833] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=24034 DF PROTO=UDP
    SPT=49811 DPT=53 LEN=40
    Oct 31 01:39:48 www kernel: [11427997.942130] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54702 PROTO=UDP SPT=53 DPT=49811 LEN=40
    Oct 31 01:39:52 www kernel: [11428001.300970] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=24874 DF PROTO=UDP
    SPT=33505 DPT=53 LEN=40
    Oct 31 01:39:52 www kernel: [11428001.301341] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54704 PROTO=UDP SPT=53 DPT=33505 LEN=40
    Oct 31 01:40:11 www kernel: [11428021.249732] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=29862 DF PROTO=UDP
    SPT=29598 DPT=53 LEN=40
    Oct 31 01:40:11 www kernel: [11428021.250065] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54715 PROTO=UDP SPT=53 DPT=29598 LEN=40
    Oct 31 01:40:23 www kernel: [11428033.095853] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=32823 DF PROTO=UDP
    SPT=40897 DPT=53 LEN=40
    Oct 31 01:40:23 www kernel: [11428033.096152] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54721 PROTO=UDP SPT=53 DPT=40897 LEN=40
    Oct 31 01:40:27 www kernel: [11428037.099640] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=33823 DF PROTO=UDP
    SPT=43000 DPT=53 LEN=40
    Oct 31 01:40:27 www kernel: [11428037.099939] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54724 PROTO=UDP SPT=53 DPT=43000 LEN=40
    Oct 31 01:40:37 www kernel: [11428046.457050] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=36161 DF PROTO=UDP
    SPT=41186 DPT=53 LEN=40
    Oct 31 01:40:37 www kernel: [11428046.457346] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54726 PROTO=UDP SPT=53 DPT=41186 LEN=40
    Oct 31 01:40:39 www kernel: [11428049.106856] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=36823 DF PROTO=UDP
    SPT=51379 DPT=53 LEN=40
    Oct 31 01:40:39 www kernel: [11428049.107161] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54727 PROTO=UDP SPT=53 DPT=51379 LEN=40
    Oct 31 01:40:45 www kernel: [11428055.111275] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=38324 DF PROTO=UDP
    SPT=18441 DPT=53 LEN=40
    Oct 31 01:40:45 www kernel: [11428055.111583] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54728 PROTO=UDP SPT=53 DPT=18441 LEN=40
    Oct 31 01:40:49 www kernel: [11428058.465020] KLR LOG INPUT: IN=eth0 OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=39162 DF PROTO=UDP
    SPT=12790 DPT=53 LEN=40
    Oct 31 01:40:49 www kernel: [11428058.465335] KLR LOG OUTPUT: IN= OUT=eth0
    SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64
    ID=54729 PROTO=UDP SPT=53 DPT=12790 LEN=40
    PROD# grep 'xx.xxx.xx.39' syslog
    Oct 31 20:04:59 www kernel: [11494308.901330] KLR LOG TCP INPUT: IN=eth0
    OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=75.125.70.194
    DST=xx.xxx.xx.39 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=4183 PROTO=TCP
    SPT=55699 DPT=445 WINDOW=512 RES=0x00 SYN URGP=0
    Oct 31 20:04:59 www kernel: [11494308.901370] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=75.125.70.194 LEN=40 TOS=0x00 PREC=0x00
    TTL=64 ID=0 DF PROTO=TCP SPT=445 DPT=55699 WINDOW=0 RES=0x00 ACK RST URGP=0
    Oct 31 20:05:22 www kernel: [11494331.430109] KLR LOG TCP INPUT: IN=eth0
    OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=50081 DF PROTO=TCP
    SPT=45054 DPT=3445 WINDOW=14600 RES=0x00 SYN URGP=0 OPT
    (020405840402080A000E2BC00000000001030306)
    Oct 31 20:05:22 www kernel: [11494331.430170] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=60 TOS=0x00 PREC=0x00
    TTL=64 ID=0 DF PROTO=TCP SPT=3445 DPT=45054 WINDOW=5792 RES=0x00 ACK SYN
    URGP=0 OPT (020405B40402080AAB464011000E2BC001030307)
    Oct 31 20:05:22 www kernel: [11494331.431953] KLR LOG TCP INPUT: IN=eth0
    OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137
    DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=21340 DF PROTO=TCP
    SPT=45055 DPT=3445 WINDOW=14600 RES=0x00 SYN URGP=0 OPT
    (020405840402080A000E2BC00000000001030306)
    Oct 31 20:05:22 www kernel: [11494331.432006] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=60 TOS=0x00 PREC=0x00
    TTL=64 ID=0 DF PROTO=TCP SPT=3445 DPT=45055 WINDOW=5792 RES=0x00 ACK SYN
    URGP=0 OPT (020405B40402080AAB464011000E2BC001030307)
    Oct 31 20:06:06 www kernel: [11494376.206441] KLR LOG TCP INPUT: IN=eth0
    OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=212.242.34.199
    DST=xx.xxx.xx.39 LEN=65 TOS=0x00 PREC=0x00 TTL=54 ID=796 PROTO=UDP
    SPT=50994 DPT=53 LEN=45
    Oct 31 20:06:06 www kernel: [11494376.206769] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=212.242.34.199 LEN=65 TOS=0x00 PREC=0x00
    TTL=64 ID=44771 PROTO=UDP SPT=53 DPT=50994 LEN=45
    Oct 31 20:06:07 www kernel: [11494376.307500] KLR LOG TCP INPUT: IN=eth0
    OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=212.242.34.195
    DST=xx.xxx.xx.39 LEN=65 TOS=0x00 PREC=0x00 TTL=54 ID=1941 PROTO=UDP
    SPT=64023 DPT=53 LEN=45
    Oct 31 20:06:07 www kernel: [11494376.307806] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=212.242.34.195 LEN=65 TOS=0x00 PREC=0x00
    TTL=64 ID=50886 PROTO=UDP SPT=53 DPT=64023 LEN=45
    Oct 31 20:06:07 www kernel: [11494377.029708] KLR LOG TCP INPUT: IN=eth0
    OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137
    DST=xx.xxx.xx.39 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=50092 DF PROTO=TCP
    SPT=45054 DPT=3445 WINDOW=494 RES=0x00 ACK URGP=0 OPT
    (0101080A000E5849AB464094)
    Oct 31 20:06:07 www kernel: [11494377.029748] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00
    TTL=64 ID=45272 DF PROTO=TCP SPT=3445 DPT=45054 WINDOW=83 RES=0x00 ACK
    URGP=0 OPT (0101080AAB466C99000E2C57)
    Oct 31 20:06:07 www kernel: [11494377.037337] KLR LOG TCP INPUT: IN=eth0
    OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137
    DST=xx.xxx.xx.39 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=15066 DF PROTO=TCP
    SPT=45057 DPT=3445 WINDOW=450 RES=0x00 ACK URGP=0 OPT
    (0101080A000E584BAB464097)
    Oct 31 20:06:07 www kernel: [11494377.037377] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00
    TTL=64 ID=45235 DF PROTO=TCP SPT=3445 DPT=45057 WINDOW=74 RES=0x00 ACK
    URGP=0 OPT (0101080AAB466C9B000E2C59)
    Oct 31 20:06:07 www kernel: [11494377.053392] KLR LOG TCP INPUT: IN=eth0
    OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137
    DST=xx.xxx.xx.39 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=23053 DF PROTO=TCP
    SPT=45056 DPT=3445 WINDOW=450 RES=0x00 ACK URGP=0 OPT
    (0101080A000E584FAB46409A)
    Oct 31 20:06:07 www kernel: [11494377.053432] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00
    TTL=64 ID=28573 DF PROTO=TCP SPT=3445 DPT=45056 WINDOW=74 RES=0x00 ACK
    URGP=0 OPT (0101080AAB466C9F000E2C5D)
    Oct 31 20:06:32 www kernel: [11494402.213320] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00
    TTL=64 ID=45273 DF PROTO=TCP SPT=3445 DPT=45054 WINDOW=83 RES=0x00 ACK FIN
    URGP=0 OPT (0101080AAB468531000E2C57)
    Oct 31 20:06:32 www kernel: [11494402.213377] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00
    TTL=64 ID=8196 DF PROTO=TCP SPT=3445 DPT=45055 WINDOW=74 RES=0x00 ACK FIN
    URGP=0 OPT (0101080AAB468531000E2C5F)
    Oct 31 20:06:32 www kernel: [11494402.213404] KLR LOG TCP OUTPUT: IN=
    OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00
    TTL=64 ID=28574 DF PROTO=TCP SPT=3445 DPT=45056 WINDOW=74 RES=0x00 ACK FIN
    URGP=0 OPT (0101080AAB468531000E2C5D)





    El miércoles, 31 de octubre de 2012 02:08:18 UTC+1, Ben Noordhuis escribió:
    On Wed, Oct 31, 2012 at 1:56 AM, Karl wrote:
    the logging produces a lot of this, don't know if this is useful:

    (the one with the problem,web2.com)
    12839 Oct 31 01:34:39 www kernel: [11427688.839066] KLR LOG INPUT: IN=eth0
    OUT=
    MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=83.242.252.140
    DST=xx.xx
    x.xx.39 LEN=54 TOS=0x00 PREC=0x00 TTL=48 ID=9878 PROTO=UDP SPT=63440
    DPT=5
    3 LEN=34
    12840 Oct 31 01:34:39 www kernel: [11427688.839380] KLR LOG OUTPUT: IN=
    OUT=eth0
    SRC=xx.xxx.xx.39 DST=83.242.252.140 LEN=54 TOS=0x00 PREC=0x00 TTL=64
    ID=3
    7760 PROTO=UDP SPT=53 DPT=63440 LEN=34
    Those are DNS packets. Do you see any TCP traffic?
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Ben Noordhuis at Nov 1, 2012 at 1:24 pm

    On Thu, Nov 1, 2012 at 11:37 AM, Karl wrote:
    I made filtered version with tcpdump/wireshark of the relevant packages
    like so: ip.addr == xx.xxx.xx.39 and tcp and ! tcp.port eq 22
    should I dump that here on the list or mail it? sort of long
    The blob you posted doesn't show anything obviously wrong, there's
    traffic going to port 3445. I didn't see any traffic to port 443 but
    maybe you don't log from the REDIRECT rule.

    One potential pitfall is that iptables doesn't support virtual
    interfaces: you have eth0 and eth0:0 but iptables only sees eth0.
    Then again, you're matching on destination address and port so I guess
    it shouldn't matter.

    tl;dr I don't know either. :-)

    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Karl at Nov 1, 2012 at 2:08 pm
    Thanks to all, I'll come back if I find out what's the cause

    El jueves, 1 de noviembre de 2012 14:24:53 UTC+1, Ben Noordhuis escribió:
    On Thu, Nov 1, 2012 at 11:37 AM, Karl <klr...@gmail.com <javascript:>>
    wrote:
    I made filtered version with tcpdump/wireshark of the relevant packages
    like so: ip.addr == xx.xxx.xx.39 and tcp and ! tcp.port eq 22
    should I dump that here on the list or mail it? sort of long
    The blob you posted doesn't show anything obviously wrong, there's
    traffic going to port 3445. I didn't see any traffic to port 443 but
    maybe you don't log from the REDIRECT rule.

    One potential pitfall is that iptables doesn't support virtual
    interfaces: you have eth0 and eth0:0 but iptables only sees eth0.
    Then again, you're matching on destination address and port so I guess
    it shouldn't matter.

    tl;dr I don't know either. :-)
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupnodejs @
categoriesnodejs
postedOct 30, '12 at 8:08p
activeNov 1, '12 at 2:08p
posts11
users2
websitenodejs.org
irc#node.js

2 users in discussion

Karl: 7 posts Ben Noordhuis: 4 posts

People

Translate

site design / logo © 2022 Grokbase