Project

General

Profile

tickets #102900

Is my IP blacklisted on opensuse.org?

Added by andrea.malfagia@fastwebnet.it about 1 year ago. Updated 12 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
2021-11-23
Due date:
% Done:

100%

Estimated time:

Description

Hello,
quite a lot of weeks have passed since I started to experience unreachability issues upon accessing a number of opensuse.org resources, from whatever system inside my home LAN.

Particularly troublesome is my inability to access download.opensuse.org, since of course updating my Tumbleweed laptop becomes enormously complicated.

All my devices can instead reach the named resources without any trouble if I access the Internet via a different provider, therefore 

I have repeatedly contacted the support service of my normal provider (www.fastweb.it).

However they have invariably ended up dropping my requests as if the problem did not lied on their side, since from their point of view everything is OK and my assigned public IP (2.234.19.144) does not appear to be blacklisted anywhere.

Might it happen that at some time during the last couple of months the given IP has been blocked somewhere on your own security systems?

If it is not such a case, could you please give me some advice on how I might further investigate this problem?

Thank you in advance for your help and kind regards.

Andrea Malfagia

Bologna, Italy

+39 3474019651

+39 051251914

102900_traceroute_logs.zip (4.31 KB) 102900_traceroute_logs.zip andrea.malfagia@fastwebnet.it, 2021-11-25 19:27
vd-forums_opensuse_org#03.log (1.18 KB) vd-forums_opensuse_org#03.log andrea.malfagia@fastwebnet.it, 2021-12-01 13:11
vd-download_opensuse_org#03.log (1.14 KB) vd-download_opensuse_org#03.log andrea.malfagia@fastwebnet.it, 2021-12-01 13:11

History

#1 Updated by malcolmlewis about 1 year ago

andrea.malfagia@fastwebnet.it wrote:

Hello,
quite a lot of weeks have passed since I started to experience unreachability issues upon accessing a number of opensuse.org resources, from whatever system inside my home LAN.

Particularly troublesome is my inability to access download.opensuse.org, since of course updating my Tumbleweed laptop becomes enormously complicated.

All my devices can instead reach the named resources without any trouble if I access the Internet via a different provider, therefore 

I have repeatedly contacted the support service of my normal provider (www.fastweb.it).

However they have invariably ended up dropping my requests as if the problem did not lied on their side, since from their point of view everything is OK and my assigned public IP (2.234.19.144) does not appear to be blacklisted anywhere.

Might it happen that at some time during the last couple of months the given IP has been blocked somewhere on your own security systems?

If it is not such a case, could you please give me some advice on how I might further investigate this problem?

Thank you in advance for your help and kind regards.

Andrea Malfagia

Bologna, Italy

+39 3474019651

+39 051251914

Hi
Maybe your ISP is not handling the redirection to a mirror in your locale (or https/http redirection?). I would suggest checking the list here https://mirrors.opensuse.org/list/tumbleweed.html and perhaps pick one of the mirrors and create new repositories pointing direct to one.

Do you have non-standard repositories active?

#2 Updated by andrea.malfagia@fastwebnet.it about 1 year ago

Il 23/11/21 15:21, redmine@opensuse.org ha scritto:

[openSUSE Tracker]
Issue #102900 has been updated by malcolmlewis.

Hi
Maybe your ISP is not handling the redirection to a mirror in your locale (or https/http redirection?). I would suggest checking the list here https://mirrors.opensuse.org/list/tumbleweed.html and perhaps pick one of the mirrors and create new repositories pointing direct to one.

I will check the list from a different provider, since - guess what? ;-)

  • mirrors.opensuse.org is exactly one of the sites I am unable to browse, no different than, say, forums.opensuse.org, lists.opensuse.org and others, just to pinpoint that access to many other (possibly all?)  features of the opensuse.org domain eventually either goes on timeout or at best it is unbearably slow, though of course I am able to ping all of them.

Do you have non-standard repositories active?

Yes, but even if I precautionally disable all of these, the malfunction
persists, and as I said above is not restricted to the package services.


tickets #102900: Is my IP blacklisted on opensuse.org?
https://progress.opensuse.org/issues/102900#change-466908

I suppose I should send updates to this issue via the above ticket page,
but - no wonder - progress.opensuse.org also times out...

Andrea Malfagia

#3 Updated by cboltz about 1 year ago

When you do a ping, do all packets arrive, or do you have a noticeable packet loss?

Please also try traceroute download.opensuse.org - run it multiple times, and see if it breaks at a specific point. Note: it seems download.opensuse.org itsself doesn't answer traceroute, so the last hop you'll see should be 195.135.221.26 which is a IP in the SUSE range.

You might also want to test traceroute -T -p 443 download.opensuse.org (see man traceroute for details) to test in a way that is closer to a TCP connection (however still not doing a full TCP handshake). With these options, you should see download.opensuse.org as last hop.

That said: I'm not aware of IP-based blocks in the openSUSE infrastructure/firewall, but I don't know if SUSE has a firewall in front of the openSUSE network that might get into your way.

Oh, and since you have another ISP available, please test with both and compare the traceroute results.

https://progress.opensuse.org/issues/102900#change-466908

I suppose I should send updates to this issue via the above ticket page,
but - no wonder - progress.opensuse.org also times out...

You can simply reply by mail - and this even seems to work ;-)

#4 Updated by andrea.malfagia@fastwebnet.it about 1 year ago

Il 23/11/21 20:04, redmine@opensuse.org ha scritto:

[openSUSE Tracker]
Issue #102900 has been updated by cboltz.

When you do a ping, do all packets arrive, or do you have a noticeable packet loss?
Yes I do: from 19% to 30% over an about 110 ICMP requests long sequence.
But if I try over my alternative provider (Vodafone via my smartphone as
WiFi hotspot) I find it ranging from over 17% to over 46%!
What to think about all this?
Please also try traceroute download.opensuse.org - run it multiple times, and see if it breaks at a specific point. Note: it seems download.opensuse.org itsself doesn't answer traceroute, so the last hop you'll see should be 195.135.221.26 which is a IP in the SUSE range.

You might also want to test traceroute -T -p 443 download.opensuse.org (see man traceroute for details) to test in a way that is closer to a TCP connection (however still not doing a full TCP handshake). With these options, you should see download.opensuse.org as last hop.

That said: I'm not aware of IP-based blocks in the openSUSE infrastructure/firewall, but I don't know if SUSE has a firewall in front of the openSUSE network that might get into your way.

Oh, and since you have another ISP available, please test with both and compare the traceroute results.

At present I have collected only a few logs, see the attached ZIP file:
the ones prepended with "fw-" are relevant to my normal Fastweb
connection, whereas those prepended with "vd-" are relevant to my
alternative Vodafone WiFi hotspot. I have transcribed the traceroute
command flavour used on the first line of each log, so the ones ending
by "#02" are relevant to the "-T -p 443" options.  As you may guess from
the filenames, I have tested both download.opensuse.org and
forums.opensuse.org. The one thing I can easily understand is that the
TCP trace method provides a much more "direct" response than via
Fastweb, but what should I infer from the rest?

A.M.

#5 Updated by pjessen about 1 year ago

  • Private changed from Yes to No

andrea.malfagia@fastwebnet.it wrote:

At present I have collected only a few logs, see the attached ZIP file:
the ones prepended with "fw-" are relevant to my normal Fastweb
connection,

The fw- traces all look good to me.

whereas those prepended with "vd-" are relevant to my
alternative Vodafone WiFi hotspot.

vd-download_opensuse_org#01.log - looks good.
vd-download_opensuse_org#02.log - that does not look right. Here you go directly from 192.168 to a public address, that will not work.

vd-forums_opensuse_org#01.log - looks good.
vd-forums_opensuse_org#02.log - same comment as above.

#6 Updated by andrea.malfagia@fastwebnet.it about 1 year ago

Il 29/11/21 10:34, redmine@opensuse.org ha scritto:

[openSUSE Tracker]
Issue #102900 has been updated by pjessen.

vd-download_opensuse_org#01.log - looks good.
vd-download_opensuse_org#02.log - that does not look right. Here you go directly from 192.168 to a public address, that will not work.

vd-forums_opensuse_org#01.log - looks good.
vd-forums_opensuse_org#02.log - same comment as above.

I also found those traces rather strange, though I do not understand
what you mean by "that will not work", so please find attached another
couple of them, recorded under the same networking conditions, i.e.
while using my smartphone as hotspot for a "backup" Vodafone wi-fi
connection.

However with this setup I am able to access the opensuse.org resources
without any trouble so, given that the "fw-" traces look good, my basic
suspect is whether there might be something wrong with my Fastweb
router, might it not? Please recall that, when I am connected to the
Internet via Fastweb, in all the following cases any access to a
resource in the opensuse.org domain either times out, or at best
completes after some unacceptably high delay:

  1. Tumbleweed laptop connected to the Fastweb router via Ethernet cable,
    using either Chrome or Firefox or zypper

  2. Same Tumbleweed laptop connected to the Fastweb router via wi-fi,
    using either Chrome or Firefox or zypper

  3. Same laptop booted under Windows 10, connected to the Fastweb router
    via Ethernet cable, using either Chrome or Firefox or Microsoft Edge

  4. Same laptop booted under Windows 10, connected to the Fastweb router
    via wi-fi, using either Chrome or Firefox or Microsoft Edge

  5. Android 11 smartphone, connected to the Fastweb router via wi-fi,
    using Chrome

As an add-on, I tried to change the DNS servers (I experimented with the
Google ones) under all the above test conditions, but to no avail.

Should I then try some other tools to investigate the traffic to/from my
Fastweb router? If I should, which tools and what should I look for?

Many thanks for attention and for any further help,
Andrea Malfagia

#7 Updated by pjessen about 1 year ago

andrea.malfagia@fastwebnet.it wrote:

However with this setup I am able to access the opensuse.org resources
without any trouble so, given that the "fw-" traces look good, my basic
suspect is whether there might be something wrong with my Fastweb
router, might it not? Please recall that, when I am connected to the
Internet via Fastweb, in all the following cases any access to a
resource in the opensuse.org domain either times out, or at best
completes after some unacceptably high delay:

AFAICT, the problem is entirely on your end, and there is really not very much we (openSUSE infrastructure) can do to help with that. I wonder if it might not be better to address your issue to one of our support channels (mailing lists, forums, irc, discord etc) where you might also find other Fastweb users.

#8 Updated by pjessen about 1 year ago

  • Status changed from New to Resolved
  • Assignee set to pjessen
  • % Done changed from 0 to 100

I am closing this as resolved, I don't see that there is much we can really do.
Feel free to re-open.

#9 Updated by andrea.malfagia@fastwebnet.it about 1 year ago

  • Status changed from Resolved to New

Il 26 gen 2022 13:25, redmine@opensuse.org ha scritto:

[openSUSE Tracker]
Issue #102900 has been updated by pjessen.

Status changed from New to Resolved
Assignee set to pjessen
% Done changed from 0 to 100

I am closing this as resolved, I don't see that there is much we can really do.

Oh, sorry for not showing up any longer. I should have added that, following a suggestion I found in some forum, I somehow solved my problem by disabling IPv6 services in the configuration of my router. Don't ask me why, I didn't get even the slightest hint from my provider that such a workaround could have solved my problem and I am still on the watch out about the side effects of it.

Thank you very much for attention and kind regards,

Andrea Malfagia.

#10 Updated by pjessen 12 months ago

  • Status changed from New to Resolved

Also available in: Atom PDF