<p dir="ltr">Ovirt managed kvm. Ssh port is wide open by default. Tested with firewall off with same results.</p>
<p dir="ltr">I'm convinced the last router upstream is wonky.</p>
<div class="gmail_quote">On Feb 24, 2016 9:26 AM, "Jeff Jansen" <<a href="mailto:bamakojeff@gmail.com">bamakojeff@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Could it be a firewall issue? What software are you using on the hosts to run the VMs?<br><br></div>Jeff<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 23, 2016 at 5:50 PM, Jim Kinney <span dir="ltr"><<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><br></div><div>Within the racks, yes. Same subnet. Outside the racks, no.</div><div><div><div><br></div><div><br></div><div>On Tue, 2016-02-23 at 17:45 -0500, DJ-Pfulio wrote:</div><blockquote type="cite"><pre>Same subnet?
On 02/23/16 16:21, Jim Kinney wrote:
<blockquote type="cite">
Yes. By default. But that won't impact ping or DNS lookup (it also runs
bind - it's a FreeIPA machine), or port 80,443. And machines inside the
last router hop can connect with no problems.
I'm tempted to pull the power on the rack top switch and force it to
reinit. That's the last line of "not my gear" before my gear.
On Tue, 2016-02-23 at 15:50 -0500, DJ-Pfulio wrote:
<blockquote type="cite">
Is ssh host validation set to strict?
On 02/23/16 15:33, Jim Kinney wrote:
<blockquote type="cite">
correct me if I'm wrong, please. A VM on a host is networked and can
ping outside the LAN, be connected to over ssh from inside the LAN
(firewall blocks outside to inside connection) and can connect to
another VM on the same host. Other physical machines in the same rack
can connect to the second VM as well as the first by any method
allowed by the second VM. HOWEVER, from my office, I can't connect to
the second VM but I can connect to the first VM. Both are on the same
physical host. I can connect to all the other physical and VM in the
racks from each other and from my office. There are 3 VM exceptions
and all three are either new with new static IPs or recycling an old
static IP (with a guarantee the orginal host with the old IP is dead
and gone - deleted the VM of a second physical host. All connections
that succeed do so by both IP and name. All connections that fail do
so by both IP and name. All names resolve correctly. All unreachable
VMs can connect to systems outside the LAN by name and by IP. The
public facing IP they have is valid. The netmask is correct as is the
gateway. The traceroute from my office to a working VM completes in 4
hops with the 4th being the VM itself. But to the non-working VMs it
fails after 3. The failure point then must be the last router in the
traceroute, i.e. the one that shows up last followed by 27 rows of
*'s. I get exactly the same behavior tracing from a machine elsewhere
in the LAN. The new VM that can't be connected to is the new user
authentication machine. Kind of important. -- James P. Kinney III
Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain
<a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a>
_______________________________________________ Ale mailing list
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a> <<a href="mailto:Ale@ale.org" target="_blank">mailto:Ale@ale.org</a>>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a> See JOBS, ANNOUNCE and
SCHOOLS lists at <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a>
</blockquote>
</blockquote>
--
James P. Kinney III
Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
<a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a>
_______________________________________________
Ale mailing list
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a>
See JOBS, ANNOUNCE and SCHOOLS lists at
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a>
</blockquote>
</pre></blockquote><div><span><pre>--
James P. Kinney III
Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
<a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a>
</pre></span></div></div></div></div><br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div>