✓ Solved

My linode is suddenly unreachable

No reboot or anything; it started being unreachable on port 80 at
2:36 PM CEST on Jul 16, 2022, with no apparent reason. No logins recorded since July 1.

I only have ports 22 and 80 open. Now they are unreachable. Logging into the machine shows that port 80 responds normally to requests from localhost.

I can only reach the machine through LISH now. I didn't change anything. What could be going on ?

3 Replies

✓ Best Answer

Traceroute shows that the packets stop at
if-11-1-2-931.gw2.lon1.gb.linode.com

When I try to ping that domain name, I get Unknown host. From the name, I can infer that this system is some kind of gateway (gw2) in London (lon1.gb).

Do ports 22/80 work if you use the IP address? e.g.,

ssh aaa.bbb.ccc.ddd
https://aaa.bbb.ccc.ddd

 

Did Linode apply new requirements for networking or implemented new firewall recently?

No. In Linode world, there are few if any requirements like this. There's the TOS and that's about it. Linode has no access to the internals of your VPS and, aside from external signs of bad behavior, has no idea what it's doing.

Did you turn on the Cloud Firewall by mistake? https://cloud.linode.com/firewalls

If you can access your Linode using your IP address, try opening port 53 (to both UDP and TCP traffic). If you still can't access your Linode, file a support ticket.

-- sw

The logs will tell you. Look at your web server logs for suspicious activity on port 80 around the the date your Linode became unreachable. For port 22, look at /var/log/auth.log.

I only have ports 22 and 80 open.

If you use a domain name, then port 53 (both UDP and TCP) must be open for DNS to work. You need to make sure that your domain name hasn't been hijacked. There are a number of tools for this (dig comes to mind). If port 53 is not open, your system can become unreachable using the domain name.

Is your system reachable using the IP address? If the IP address works but the domain does not, that indicates a problem with DNS. Did you forget to pay your registrar to keep your domain registered?

Get whatever version of traceroute is available for your local machine to find out where the packets stop.

Once you figure it out, you need to take appropriate countermeasures if there's a bad actor involved.

-- sw

Thanks for you help Steve,

I never had port 53 open, and I don't think you really need it to get a website up. The DNS server is elsewhere, and it's still working fine. Besides, both ports 22 and 80 have become unreachable, so I think it's a networking problem somewhere.

Traceroute shows that the packets stop at
if-11-1-2-931.gw2.lon1.gb.linode.com

The services in the box are still working fine. I have no idea what to do. Did Linode apply new requirements for networking or implemented new firewall recently?

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct