tickets #102900
closedIs my IP blacklisted on opensuse.org?
100%
Description
Hello,
quite a lot of weeks have passed since I started to experience unreachability issues upon accessing a number of opensuse.org resources, from whatever system inside my home LAN.
Particularly troublesome is my inability to access download.opensuse.org, since of course updating my Tumbleweed laptop becomes enormously complicated.
All my devices can instead reach the named resources without any trouble if I access the Internet via a different provider, therefore
I have repeatedly contacted the support service of my normal provider (www.fastweb.it).
However they have invariably ended up dropping my requests as if the problem did not lied on their side, since from their point of view everything is OK and my assigned public IP (2.234.19.144) does not appear to be blacklisted anywhere.
Might it happen that at some time during the last couple of months the given IP has been blocked somewhere on your own security systems?
If it is not such a case, could you please give me some advice on how I might further investigate this problem?
Thank you in advance for your help and kind regards.
Andrea Malfagia
Bologna, Italy
+39 3474019651
+39 051251914
Files
Updated by malcolmlewis over 2 years ago
andrea.malfagia@fastwebnet.it wrote:
Hello,
quite a lot of weeks have passed since I started to experience unreachability issues upon accessing a number of opensuse.org resources, from whatever system inside my home LAN.Particularly troublesome is my inability to access download.opensuse.org, since of course updating my Tumbleweed laptop becomes enormously complicated.
All my devices can instead reach the named resources without any trouble if I access the Internet via a different provider, therefore
I have repeatedly contacted the support service of my normal provider (www.fastweb.it).
However they have invariably ended up dropping my requests as if the problem did not lied on their side, since from their point of view everything is OK and my assigned public IP (2.234.19.144) does not appear to be blacklisted anywhere.
Might it happen that at some time during the last couple of months the given IP has been blocked somewhere on your own security systems?
If it is not such a case, could you please give me some advice on how I might further investigate this problem?
Thank you in advance for your help and kind regards.
Andrea Malfagia
Bologna, Italy
+39 3474019651
+39 051251914
Hi
Maybe your ISP is not handling the redirection to a mirror in your locale (or https/http redirection?). I would suggest checking the list here https://mirrors.opensuse.org/list/tumbleweed.html and perhaps pick one of the mirrors and create new repositories pointing direct to one.
Do you have non-standard repositories active?
Updated by andrea.malfagia@fastwebnet.it over 2 years ago
Il 23/11/21 15:21, redmine@opensuse.org ha scritto:
[openSUSE Tracker]
Issue #102900 has been updated by malcolmlewis.Hi
Maybe your ISP is not handling the redirection to a mirror in your locale (or https/http redirection?). I would suggest checking the list here https://mirrors.opensuse.org/list/tumbleweed.html and perhaps pick one of the mirrors and create new repositories pointing direct to one.
I will check the list from a different provider, since - guess what? ;-)
- mirrors.opensuse.org is exactly one of the sites I am unable to browse, no different than, say, forums.opensuse.org, lists.opensuse.org and others, just to pinpoint that access to many other (possibly all?) features of the opensuse.org domain eventually either goes on timeout or at best it is unbearably slow, though of course I am able to ping all of them.
Do you have non-standard repositories active?
Yes, but even if I precautionally disable all of these, the malfunction
persists, and as I said above is not restricted to the package services.
tickets #102900: Is my IP blacklisted on opensuse.org?
https://progress.opensuse.org/issues/102900#change-466908
I suppose I should send updates to this issue via the above ticket page,
but - no wonder - progress.opensuse.org also times out...
Andrea Malfagia
Updated by cboltz over 2 years ago
When you do a ping, do all packets arrive, or do you have a noticeable packet loss?
Please also try traceroute download.opensuse.org - run it multiple times, and see if it breaks at a specific point. Note: it seems download.opensuse.org itsself doesn't answer traceroute, so the last hop you'll see should be 195.135.221.26 which is a IP in the SUSE range.
You might also want to test traceroute -T -p 443 download.opensuse.org (see man traceroute for details) to test in a way that is closer to a TCP connection (however still not doing a full TCP handshake). With these options, you should see download.opensuse.org as last hop.
That said: I'm not aware of IP-based blocks in the openSUSE infrastructure/firewall, but I don't know if SUSE has a firewall in front of the openSUSE network that might get into your way.
Oh, and since you have another ISP available, please test with both and compare the traceroute results.
I suppose I should send updates to this issue via the above ticket page,
but - no wonder - progress.opensuse.org also times out...
You can simply reply by mail - and this even seems to work ;-)
Updated by andrea.malfagia@fastwebnet.it over 2 years ago
Il 23/11/21 20:04, redmine@opensuse.org ha scritto:
[openSUSE Tracker]
Issue #102900 has been updated by cboltz.When you do a ping, do all packets arrive, or do you have a noticeable packet loss?
Yes I do: from 19% to 30% over an about 110 ICMP requests long sequence.
But if I try over my alternative provider (Vodafone via my smartphone as
WiFi hotspot) I find it ranging from over 17% to over 46%!
What to think about all this?
Please also trytraceroute download.opensuse.org- run it multiple times, and see if it breaks at a specific point. Note: it seems download.opensuse.org itsself doesn't answer traceroute, so the last hop you'll see should be 195.135.221.26 which is a IP in the SUSE range.You might also want to test
traceroute -T -p 443 download.opensuse.org(seeman traceroutefor details) to test in a way that is closer to a TCP connection (however still not doing a full TCP handshake). With these options, you should see download.opensuse.org as last hop.That said: I'm not aware of IP-based blocks in the openSUSE infrastructure/firewall, but I don't know if SUSE has a firewall in front of the openSUSE network that might get into your way.
Oh, and since you have another ISP available, please test with both and compare the traceroute results.
At present I have collected only a few logs, see the attached ZIP file:
the ones prepended with "fw-" are relevant to my normal Fastweb
connection, whereas those prepended with "vd-" are relevant to my
alternative Vodafone WiFi hotspot. I have transcribed the traceroute
command flavour used on the first line of each log, so the ones ending
by "#02" are relevant to the "-T -p 443" options. As you may guess from
the filenames, I have tested both download.opensuse.org and
forums.opensuse.org. The one thing I can easily understand is that the
TCP trace method provides a much more "direct" response than via
Fastweb, but what should I infer from the rest?
A.M.
Updated by pjessen over 2 years ago
- Private changed from Yes to No
andrea.malfagia@fastwebnet.it wrote:
At present I have collected only a few logs, see the attached ZIP file:
the ones prepended with "fw-" are relevant to my normal Fastweb
connection,
The fw- traces all look good to me.
whereas those prepended with "vd-" are relevant to my
alternative Vodafone WiFi hotspot.
vd-download_opensuse_org#01.log - looks good.
vd-download_opensuse_org#02.log - that does not look right. Here you go directly from 192.168 to a public address, that will not work.
vd-forums_opensuse_org#01.log - looks good.
vd-forums_opensuse_org#02.log - same comment as above.
Updated by andrea.malfagia@fastwebnet.it over 2 years ago
- File vd-forums_opensuse_org#03.log vd-forums_opensuse_org#03.log added
- File vd-download_opensuse_org#03.log vd-download_opensuse_org#03.log added
Il 29/11/21 10:34, redmine@opensuse.org ha scritto:
[openSUSE Tracker]
Issue #102900 has been updated by pjessen.vd-download_opensuse_org#01.log - looks good.
vd-download_opensuse_org#02.log - that does not look right. Here you go directly from 192.168 to a public address, that will not work.vd-forums_opensuse_org#01.log - looks good.
vd-forums_opensuse_org#02.log - same comment as above.
I also found those traces rather strange, though I do not understand
what you mean by "that will not work", so please find attached another
couple of them, recorded under the same networking conditions, i.e.
while using my smartphone as hotspot for a "backup" Vodafone wi-fi
connection.
However with this setup I am able to access the opensuse.org resources
without any trouble so, given that the "fw-" traces look good, my basic
suspect is whether there might be something wrong with my Fastweb
router, might it not? Please recall that, when I am connected to the
Internet via Fastweb, in all the following cases any access to a
resource in the opensuse.org domain either times out, or at best
completes after some unacceptably high delay:
Tumbleweed laptop connected to the Fastweb router via Ethernet cable,
using either Chrome or Firefox or zypperSame Tumbleweed laptop connected to the Fastweb router via wi-fi,
using either Chrome or Firefox or zypperSame laptop booted under Windows 10, connected to the Fastweb router
via Ethernet cable, using either Chrome or Firefox or Microsoft EdgeSame laptop booted under Windows 10, connected to the Fastweb router
via wi-fi, using either Chrome or Firefox or Microsoft EdgeAndroid 11 smartphone, connected to the Fastweb router via wi-fi,
using Chrome
As an add-on, I tried to change the DNS servers (I experimented with the
Google ones) under all the above test conditions, but to no avail.
Should I then try some other tools to investigate the traffic to/from my
Fastweb router? If I should, which tools and what should I look for?
Many thanks for attention and for any further help,
Andrea Malfagia
Updated by pjessen over 2 years ago
andrea.malfagia@fastwebnet.it wrote:
However with this setup I am able to access the opensuse.org resources
without any trouble so, given that the "fw-" traces look good, my basic
suspect is whether there might be something wrong with my Fastweb
router, might it not? Please recall that, when I am connected to the
Internet via Fastweb, in all the following cases any access to a
resource in the opensuse.org domain either times out, or at best
completes after some unacceptably high delay:
AFAICT, the problem is entirely on your end, and there is really not very much we (openSUSE infrastructure) can do to help with that. I wonder if it might not be better to address your issue to one of our support channels (mailing lists, forums, irc, discord etc) where you might also find other Fastweb users.
Updated by pjessen about 2 years ago
- Status changed from New to Resolved
- Assignee set to pjessen
- % Done changed from 0 to 100
I am closing this as resolved, I don't see that there is much we can really do.
Feel free to re-open.
Updated by andrea.malfagia@fastwebnet.it about 2 years ago
- Status changed from Resolved to New
Il 26 gen 2022 13:25, redmine@opensuse.org ha scritto:
[openSUSE Tracker]
Issue #102900 has been updated by pjessen.
Status changed from New to Resolved
Assignee set to pjessen
% Done changed from 0 to 100
I am closing this as resolved, I don't see that there is much we can really do.
Oh, sorry for not showing up any longer. I should have added that, following a suggestion I found in some forum, I somehow solved my problem by disabling IPv6 services in the configuration of my router. Don't ask me why, I didn't get even the slightest hint from my provider that such a workaround could have solved my problem and I am still on the watch out about the side effects of it.
Thank you very much for attention and kind regards,
Andrea Malfagia.