Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
elia_anc
Posts: 6 Joined: Wed Sep 24, 2014 7:48 am
Post
by elia_anc Wed Sep 24, 2014 8:02 am
Hi,
I have this strange things that I want to understand:
When I execute check_http i get an high response time (from 5 to 15 sec) even if the server is not under high load (under 1) and even if the same page loaded by browser or checked by "ab" i get response time under one second.
Here is some example:
Code: Select all
check_http -vvv -N -t 30 -H www.caseinlegnobernardidasolo.it
GET / HTTP/1.1
User-Agent: check_http/v1.4.16.29.g3c10.dirty (nagios-plugins 1.4.16)
Connection: close
Host: www.caseinlegnobernardidasolo.it
http://www.caseinlegnobernardidasolo.it:80/ is 1440 characters
STATUS: HTTP/1.1 200 OK
**** HEADER ****
Date: Wed, 24 Sep 2014 12:56:48 GMT
Server: Apache
X-Powered-By: PHP/5.4.30
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 4680e465ca4a1c8094a68a6fa2a7ed03=a3bcc30ddfe50f4ce8021738ce9b702b; path=/
Set-Cookie: lang=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: jfcookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: jfcookie[lang]=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: ja_nickel_tpl=ja_nickel; expires=Mon, 14-Sep-2015 12:56:48 GMT; path=/
Last-Modified: Wed, 24 Sep 2014 12:56:48 GMT
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
**** CONTENT ****
[[ skipped ]]
HTTP OK: HTTP/1.1 200 OK - 1440 bytes in 10.711 second response time |time=10.711071s;;;0.000000 size=1440B;;;0
and the "ab" benchmark
Code: Select all
ab -n 1 -c 1 http://www.caseinlegnobernardidasolo.it/
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking www.caseinlegnobernardidasolo.it (be patient).....done
Server Software: Apache
Server Hostname: www.caseinlegnobernardidasolo.it
Server Port: 80
Document Path: /
Document Length: 34018 bytes
Concurrency Level: 1
Time taken for tests: 0.745 seconds
Complete requests: 1
Failed requests: 0
Write errors: 0
Total transferred: 34781 bytes
HTML transferred: 34018 bytes
Requests per second: 1.34 [#/sec] (mean)
Time per request: 744.771 [ms] (mean)
Time per request: 744.771 [ms] (mean, across all concurrent requests)
Transfer rate: 45.61 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 67 67 0.0 67 67
Processing: 678 678 0.0 678 678
Waiting: 470 470 0.0 470 470
Total: 745 745 0.0 745 745
You can try the browser response time by yourself (firebugs give me 0.9 sec)
Can someone explain me this? It's very frustrating, how can I solve it?
eloyd
Cool Title Here
Posts: 2190 Joined: Thu Sep 27, 2012 9:14 amLocation: Rochester, NY
Contact:
Post
by eloyd Wed Sep 24, 2014 8:45 am
My result was:
Code: Select all
HTTP OK HTTP/1.1 200 OK - 2896 bytes in 1.013 seconds |time=1.013225s;;;0.000000 size=2896B;;;0
I would guess that your Nagios host either has a very lengthy path, or some firewall is seeing your constant banging against the web server and rate limiting you as a result.
What is the output of:
Code: Select all
ping -c 5 www.caseinlegnobernardidasolo.it
traceroute www.caseinlegnobernardidasolo.it
elia_anc
Posts: 6 Joined: Wed Sep 24, 2014 7:48 am
Post
by elia_anc Wed Sep 24, 2014 8:54 am
Thanks,
here is the commands ouput:
Code: Select all
ping -c 5 www.caseinlegnobernardidasolo.it
PING www.caseinlegnobernardidasolo.it (46.252.193.11) 56(84) bytes of data.
64 bytes from ip-46-252-193-11.ip.secureserver.net (46.252.193.11): icmp_seq=1 ttl=50 time=75.7 ms
64 bytes from ip-46-252-193-11.ip.secureserver.net (46.252.193.11): icmp_seq=2 ttl=50 time=65.4 ms
64 bytes from ip-46-252-193-11.ip.secureserver.net (46.252.193.11): icmp_seq=3 ttl=50 time=66.2 ms
64 bytes from ip-46-252-193-11.ip.secureserver.net (46.252.193.11): icmp_seq=4 ttl=50 time=65.9 ms
64 bytes from ip-46-252-193-11.ip.secureserver.net (46.252.193.11): icmp_seq=5 ttl=50 time=69.9 ms
--- www.caseinlegnobernardidasolo.it ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 16398ms
rtt min/avg/max/mdev = 65.451/68.676/75.784/3.902 ms
Code: Select all
traceroute to www.caseinlegnobernardidasolo.it (46.252.193.11), 30 hops max, 60 byte packets
1 10.0.0.1 (10.0.0.1) 0.656 ms 0.867 ms 1.105 ms
2 192.168.1.1 (192.168.1.1) 6.185 ms 6.516 ms 6.514 ms
3 * * *
4 172.17.217.165 (172.17.217.165) 47.101 ms 49.679 ms 49.862 ms
5 172.17.216.117 (172.17.216.117) 63.154 ms 172.17.216.105 (172.17.216.105) 57.938 ms 172.17.216.109 (172.17.216.109) 63.356 ms
6 172.17.12.45 (172.17.12.45) 66.701 ms 52.208 ms 53.250 ms
7 172.17.10.69 (172.17.10.69) 56.277 ms 172.17.6.105 (172.17.6.105) 58.178 ms 62.586 ms
8 bundle-ether12.milano50.mil.seabone.net (93.186.128.233) 62.882 ms 63.469 ms 69.674 ms
9 xe-3-0-3.milano51.mil.seabone.net (195.22.205.111) 64.096 ms 64.244 ms 64.380 ms
10 * * *
11 ae-0-11.bar2.Milan1.Level3.net (4.69.142.190) 50.736 ms 53.521 ms 51.995 ms
12 * * *
13 * * *
14 ae-93-93.ebr3.Frankfurt1.Level3.net (4.69.163.13) 72.507 ms ae-83-83.ebr3.Frankfurt1.Level3.net (4.69.163.9) 65.331 ms ae-93-93.ebr3.Frankfurt1.Level3.net (4.69.163.13) 66.243 ms
15 * * *
16 * * *
17 * * *
18 * * *
19 ae-128-3514.edge6.Amsterdam1.Level3.net (4.69.162.230) 76.597 ms 79.270 ms ae-127-3513.edge6.Amsterdam1.Level3.net (4.69.162.226) 83.996 ms
20 THE-GO-DADD.edge6.Amsterdam1.Level3.net (213.19.195.26) 84.202 ms 90.569 ms 90.782 ms
21 ip-208-109-115-134.ip.secureserver.net (208.109.115.134) 91.385 ms 91.965 ms ip-208-109-115-142.ip.secureserver.net (208.109.115.142) 65.703 ms
22 ip-208-109-115-146.ip.secureserver.net (208.109.115.146) 65.988 ms ip-208-109-115-138.ip.secureserver.net (208.109.115.138) 66.433 ms ip-208-109-115-146.ip.secureserver.net (208.109.115.146) 66.410 ms
23 ip-188-121-33-49.ip.secureserver.net (188.121.33.49) 67.172 ms ip-208-109-115-170.ip.secureserver.net (208.109.115.170) 68.699 ms ip-188-121-33-49.ip.secureserver.net (188.121.33.49) 72.735 ms
24 ip-208-109-115-170.ip.secureserver.net (208.109.115.170) 72.308 ms ip-46-252-193-11.ip.secureserver.net (46.252.193.11) 67.584 ms ip-208-109-115-170.ip.secureserver.net (208.109.115.170) 65.760 ms
obviusly there's a firewall (10.0.0.1) but I think it doesn't filter nagios server because, as I sayd before, "ab" works well.
eloyd
Cool Title Here
Posts: 2190 Joined: Thu Sep 27, 2012 9:14 amLocation: Rochester, NY
Contact:
Post
by eloyd Wed Sep 24, 2014 9:00 am
How often are your Nagios checks? Does your ab check occur on regular intervals as well? And does the target machine have a firewall running on it like iptables? If so, I would love to see the output of:
elia_anc
Posts: 6 Joined: Wed Sep 24, 2014 7:48 am
Post
by elia_anc Wed Sep 24, 2014 9:15 am
eloyd wrote: How often are your Nagios checks?
In this case Check interval is 15 minutes
Max Check Attemps: 5
Retry Interval: 2
eloyd wrote: Does your ab check occur on regular intervals as well?
No, I used ab only to make some tests.
eloyd wrote: And does the target machine have a firewall running on it like iptables? If so, I would love to see the output of:
Yes, there's a firewall. The Nagios server public static IP is 95.226.98.234, while the server is 46.252.192.11
Here is the command output (quite long):
Code: Select all
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
8674655 1104758562 acctboth all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- !lo * 188.121.38.47 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- !lo * 188.121.38.47 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- !lo * 188.121.38.47 0.0.0.0/0 tcp spt:53
291 23734 ACCEPT udp -- !lo * 188.121.38.47 0.0.0.0/0 udp spt:53
0 0 ACCEPT tcp -- !lo * 188.121.38.46 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- !lo * 188.121.38.46 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- !lo * 188.121.38.46 0.0.0.0/0 tcp spt:53
16840 2260405 ACCEPT udp -- !lo * 188.121.38.46 0.0.0.0/0 udp spt:53
7760243 568297017 LOCALINPUT all -- !lo * 0.0.0.0/0 0.0.0.0/0
897281 534177406 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
7066591 515500452 INVALID tcp -- !lo * 0.0.0.0/0 0.0.0.0/0
6957930 509491542 ACCEPT all -- !lo * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
94225 5168720 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
296 16168 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:161
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:162
46 2437 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5
6 360 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmp type 0 limit: avg 1/sec burst 5
5 321 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmp type 11
48 4964 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmp type 3
1721 92351 LOGDROPIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
16217007 22155997176 acctboth all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 188.121.38.47 tcp dpt:53
329 23582 ACCEPT udp -- * !lo 0.0.0.0/0 188.121.38.47 udp dpt:53
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 188.121.38.47 tcp spt:53
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 188.121.38.47 udp spt:53
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 188.121.38.46 tcp dpt:53
16888 1290520 ACCEPT udp -- * !lo 0.0.0.0/0 188.121.38.46 udp dpt:53
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 188.121.38.46 tcp spt:53
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 188.121.38.46 udp spt:53
15302509 21620505668 LOCALOUTPUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
4 244 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 tcp spt:53
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 udp spt:53
897281 534177406 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
14612109 20950251688 INVALID tcp -- * !lo 0.0.0.0/0 0.0.0.0/0
14609827 20949706112 ACCEPT all -- * !lo 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
108 6480 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:37
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:43
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
1528 91680 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:113
377 22620 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
19 1140 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:587
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:873
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2087
1 60 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2089
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2703
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:20
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:21
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:25
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:113
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:873
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:6277
0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 DROP all -- * !lo 0.0.0.0/0 0.0.0.0/0
Chain ALLOWIN (1 references)
pkts bytes target prot opt in out source destination
21764 3011674 ACCEPT all -- !lo * 87.7.188.187 0.0.0.0/0
206 18640 ACCEPT all -- !lo * 94.47.88.170 0.0.0.0/0
0 0 ACCEPT all -- !lo * 66.249.78.178 0.0.0.0/0
0 0 ACCEPT all -- !lo * 66.249.78.4 0.0.0.0/0
0 0 ACCEPT all -- !lo * 66.249.73.136 0.0.0.0/0
0 0 ACCEPT all -- !lo * 66.249.75.28 0.0.0.0/0
0 0 ACCEPT all -- !lo * 66.249.78.87 0.0.0.0/0
0 0 ACCEPT all -- !lo * 66.249.66.27 0.0.0.0/0
0 0 ACCEPT all -- !lo * 66.249.66.15 0.0.0.0/0
0 0 ACCEPT all -- !lo * 66.249.71.90 0.0.0.0/0
0 0 ACCEPT all -- !lo * 66.249.68.49 0.0.0.0/0
0 0 ACCEPT all -- !lo * 66.249.66.109 0.0.0.0/0
0 0 ACCEPT all -- !lo * 66.249.72.151 0.0.0.0/0
0 0 ACCEPT all -- !lo * 66.249.72.241 0.0.0.0/0
0 0 ACCEPT all -- !lo * 66.249.71.110 0.0.0.0/0
0 0 ACCEPT all -- !lo * 46.252.193.11 0.0.0.0/0
0 0 ACCEPT all -- !lo * 188.121.63.53 0.0.0.0/0
0 0 ACCEPT all -- !lo * 86.122.169.14 0.0.0.0/0
667522 49503631 ACCEPT all -- !lo * 95.226.98.234 0.0.0.0/0
0 0 ACCEPT all -- !lo * 81.174.12.97 0.0.0.0/0
0 0 ACCEPT all -- !lo * 87.24.193.220 0.0.0.0/0
Chain ALLOWOUT (1 references)
pkts bytes target prot opt in out source destination
28042 34671150 ACCEPT all -- * !lo 0.0.0.0/0 87.7.188.187
215 259474 ACCEPT all -- * !lo 0.0.0.0/0 94.47.88.170
0 0 ACCEPT all -- * !lo 0.0.0.0/0 66.249.78.178
0 0 ACCEPT all -- * !lo 0.0.0.0/0 66.249.78.4
0 0 ACCEPT all -- * !lo 0.0.0.0/0 66.249.73.136
0 0 ACCEPT all -- * !lo 0.0.0.0/0 66.249.75.28
0 0 ACCEPT all -- * !lo 0.0.0.0/0 66.249.78.87
0 0 ACCEPT all -- * !lo 0.0.0.0/0 66.249.66.27
0 0 ACCEPT all -- * !lo 0.0.0.0/0 66.249.66.15
0 0 ACCEPT all -- * !lo 0.0.0.0/0 66.249.71.90
0 0 ACCEPT all -- * !lo 0.0.0.0/0 66.249.68.49
0 0 ACCEPT all -- * !lo 0.0.0.0/0 66.249.66.109
0 0 ACCEPT all -- * !lo 0.0.0.0/0 66.249.72.151
0 0 ACCEPT all -- * !lo 0.0.0.0/0 66.249.72.241
0 0 ACCEPT all -- * !lo 0.0.0.0/0 66.249.71.110
0 0 ACCEPT all -- * !lo 0.0.0.0/0 46.252.193.11
0 0 ACCEPT all -- * !lo 0.0.0.0/0 188.121.63.53
0 0 ACCEPT all -- * !lo 0.0.0.0/0 86.122.169.14
662029 635379962 ACCEPT all -- * !lo 0.0.0.0/0 95.226.98.234
0 0 ACCEPT all -- * !lo 0.0.0.0/0 81.174.12.97
0 0 ACCEPT all -- * !lo 0.0.0.0/0 87.24.193.220
Chain DENYIN (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- !lo * 41.185.8.104 0.0.0.0/0
0 0 DROP all -- !lo * 54.206.21.71 0.0.0.0/0
0 0 DROP all -- !lo * 50.62.161.143 0.0.0.0/0
0 0 DROP all -- !lo * 195.182.228.184 0.0.0.0/0
0 0 DROP all -- !lo * 198.61.57.64 0.0.0.0/0
0 0 DROP all -- !lo * 201.216.249.125 0.0.0.0/0
0 0 DROP all -- !lo * 62.152.34.48 0.0.0.0/0
0 0 DROP all -- !lo * 173.209.61.130 0.0.0.0/0
0 0 DROP all -- !lo * 46.14.61.20 0.0.0.0/0
0 0 DROP all -- !lo * 74.208.144.39 0.0.0.0/0
0 0 DROP all -- !lo * 192.40.114.47 0.0.0.0/0
0 0 DROP all -- !lo * 94.23.29.113 0.0.0.0/0
0 0 DROP all -- !lo * 109.205.211.154 0.0.0.0/0
0 0 DROP all -- !lo * 94.25.209.220 0.0.0.0/0
0 0 DROP all -- !lo * 141.212.108.13 0.0.0.0/0
0 0 DROP all -- !lo * 96.47.226.21 0.0.0.0/0
0 0 DROP all -- !lo * 204.8.156.142 0.0.0.0/0
0 0 DROP all -- !lo * 96.44.189.101 0.0.0.0/0
0 0 DROP all -- !lo * 96.47.226.20 0.0.0.0/0
0 0 DROP all -- !lo * 96.47.226.22 0.0.0.0/0
0 0 DROP all -- !lo * 72.52.91.30 0.0.0.0/0
0 0 DROP all -- !lo * 206.190.142.40 0.0.0.0/0
0 0 DROP all -- !lo * 128.52.128.105 0.0.0.0/0
0 0 DROP all -- !lo * 18.187.1.68 0.0.0.0/0
0 0 DROP all -- !lo * 68.169.152.15 0.0.0.0/0
0 0 DROP all -- !lo * 96.44.189.100 0.0.0.0/0
0 0 DROP all -- !lo * 173.242.121.199 0.0.0.0/0
0 0 DROP all -- !lo * 216.75.21.31 0.0.0.0/0
0 0 DROP all -- !lo * 202.137.141.11 0.0.0.0/0
5 200 DROP all -- !lo * 198.20.70.114 0.0.0.0/0
0 0 DROP all -- !lo * 216.158.67.3 0.0.0.0/0
0 0 DROP all -- !lo * 5.39.70.66 0.0.0.0/0
0 0 DROP all -- !lo * 112.137.167.138 0.0.0.0/0
0 0 DROP all -- !lo * 95.226.24.14 0.0.0.0/0
0 0 DROP all -- !lo * 79.24.232.64 0.0.0.0/0
0 0 DROP all -- !lo * 79.18.162.91 0.0.0.0/0
0 0 DROP all -- !lo * 89.96.94.229 0.0.0.0/0
0 0 DROP all -- !lo * 79.55.33.100 0.0.0.0/0
0 0 DROP all -- !lo * 146.48.97.50 0.0.0.0/0
0 0 DROP all -- !lo * 176.102.38.74 0.0.0.0/0
4 240 DROP all -- !lo * 217.69.133.228 0.0.0.0/0
0 0 DROP all -- !lo * 217.69.133.231 0.0.0.0/0
0 0 DROP all -- !lo * 88.62.91.226 0.0.0.0/0
0 0 DROP all -- !lo * 78.184.102.189 0.0.0.0/0
0 0 DROP all -- !lo * 75.126.46.164 0.0.0.0/0
0 0 DROP all -- !lo * 188.125.104.70 0.0.0.0/0
0 0 DROP all -- !lo * 151.58.49.211 0.0.0.0/0
0 0 DROP all -- !lo * 78.134.117.234 0.0.0.0/0
0 0 DROP all -- !lo * 217.69.133.233 0.0.0.0/0
0 0 DROP all -- !lo * 76.77.144.75 0.0.0.0/0
0 0 DROP all -- !lo * 217.69.133.227 0.0.0.0/0
0 0 DROP all -- !lo * 217.69.133.229 0.0.0.0/0
0 0 DROP all -- !lo * 217.69.133.230 0.0.0.0/0
4 240 DROP all -- !lo * 217.69.133.232 0.0.0.0/0
0 0 DROP all -- !lo * 217.69.133.69 0.0.0.0/0
0 0 DROP all -- !lo * 129.123.7.6 0.0.0.0/0
0 0 DROP all -- !lo * 37.119.229.149 0.0.0.0/0
0 0 DROP all -- !lo * 195.228.242.66 0.0.0.0/0
0 0 DROP all -- !lo * 5.45.74.37 0.0.0.0/0
0 0 DROP all -- !lo * 112.219.213.165 0.0.0.0/0
0 0 DROP all -- !lo * 85.25.242.250 0.0.0.0/0
0 0 DROP all -- !lo * 118.244.147.49 0.0.0.0/0
0 0 DROP all -- !lo * 83.206.173.212 0.0.0.0/0
0 0 DROP all -- !lo * 151.60.5.248 0.0.0.0/0
0 0 DROP all -- !lo * 79.14.5.175 0.0.0.0/0
0 0 DROP all -- !lo * 68.169.152.84 0.0.0.0/0
0 0 DROP all -- !lo * 64.113.44.206 0.0.0.0/0
0 0 DROP all -- !lo * 96.44.189.102 0.0.0.0/0
0 0 DROP all -- !lo * 128.6.224.107 0.0.0.0/0
0 0 DROP all -- !lo * 72.52.91.19 0.0.0.0/0
0 0 DROP all -- !lo * 93.69.47.219 0.0.0.0/0
0 0 DROP all -- !lo * 79.48.16.61 0.0.0.0/0
0 0 DROP all -- !lo * 173.192.34.95 0.0.0.0/0
0 0 DROP all -- !lo * 189.196.134.87 0.0.0.0/0
0 0 DROP all -- !lo * 188.135.243.103 0.0.0.0/0
0 0 DROP all -- !lo * 94.23.54.140 0.0.0.0/0
0 0 DROP all -- !lo * 2.157.92.66 0.0.0.0/0
0 0 DROP all -- !lo * 104.131.244.31 0.0.0.0/0
0 0 DROP all -- !lo * 91.121.154.70 0.0.0.0/0
0 0 DROP all -- !lo * 125.65.77.233 0.0.0.0/0
0 0 DROP all -- !lo * 95.241.205.139 0.0.0.0/0
0 0 DROP all -- !lo * 87.9.147.212 0.0.0.0/0
0 0 DROP all -- !lo * 37.187.132.46 0.0.0.0/0
0 0 DROP all -- !lo * 95.241.244.240 0.0.0.0/0
3536 212160 DROP all -- !lo * 5.255.253.11 0.0.0.0/0
0 0 DROP all -- !lo * 41.32.18.199 0.0.0.0/0
0 0 DROP all -- !lo * 91.119.150.235 0.0.0.0/0
25 1500 DROP all -- !lo * 146.0.73.156 0.0.0.0/0
0 0 DROP all -- !lo * 194.178.108.226 0.0.0.0/0
0 0 DROP all -- !lo * 93.56.185.218 0.0.0.0/0
0 0 DROP all -- !lo * 95.251.90.231 0.0.0.0/0
0 0 DROP all -- !lo * 62.160.30.56 0.0.0.0/0
5 300 DROP all -- !lo * 146.0.74.170 0.0.0.0/0
0 0 DROP all -- !lo * 157.55.39.90 0.0.0.0/0
51 2448 DROP all -- !lo * 157.55.39.125 0.0.0.0/0
0 0 DROP all -- !lo * 2.34.164.206 0.0.0.0/0
0 0 DROP all -- !lo * 93.63.159.34 0.0.0.0/0
0 0 DROP all -- !lo * 188.13.138.21 0.0.0.0/0
0 0 DROP all -- !lo * 85.159.196.98 0.0.0.0/0
0 0 DROP all -- !lo * 50.63.188.5 0.0.0.0/0
0 0 DROP all -- !lo * 41.58.83.204 0.0.0.0/0
Chain DENYOUT (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * !lo 0.0.0.0/0 41.185.8.104
0 0 DROP all -- * !lo 0.0.0.0/0 54.206.21.71
0 0 DROP all -- * !lo 0.0.0.0/0 50.62.161.143
0 0 DROP all -- * !lo 0.0.0.0/0 195.182.228.184
0 0 DROP all -- * !lo 0.0.0.0/0 198.61.57.64
0 0 DROP all -- * !lo 0.0.0.0/0 201.216.249.125
0 0 DROP all -- * !lo 0.0.0.0/0 62.152.34.48
0 0 DROP all -- * !lo 0.0.0.0/0 173.209.61.130
0 0 DROP all -- * !lo 0.0.0.0/0 46.14.61.20
0 0 DROP all -- * !lo 0.0.0.0/0 74.208.144.39
0 0 DROP all -- * !lo 0.0.0.0/0 192.40.114.47
0 0 DROP all -- * !lo 0.0.0.0/0 94.23.29.113
0 0 DROP all -- * !lo 0.0.0.0/0 109.205.211.154
0 0 DROP all -- * !lo 0.0.0.0/0 94.25.209.220
0 0 DROP all -- * !lo 0.0.0.0/0 141.212.108.13
0 0 DROP all -- * !lo 0.0.0.0/0 96.47.226.21
0 0 DROP all -- * !lo 0.0.0.0/0 204.8.156.142
0 0 DROP all -- * !lo 0.0.0.0/0 96.44.189.101
0 0 DROP all -- * !lo 0.0.0.0/0 96.47.226.20
0 0 DROP all -- * !lo 0.0.0.0/0 96.47.226.22
0 0 DROP all -- * !lo 0.0.0.0/0 72.52.91.30
0 0 DROP all -- * !lo 0.0.0.0/0 206.190.142.40
0 0 DROP all -- * !lo 0.0.0.0/0 128.52.128.105
0 0 DROP all -- * !lo 0.0.0.0/0 18.187.1.68
0 0 DROP all -- * !lo 0.0.0.0/0 68.169.152.15
0 0 DROP all -- * !lo 0.0.0.0/0 96.44.189.100
0 0 DROP all -- * !lo 0.0.0.0/0 173.242.121.199
0 0 DROP all -- * !lo 0.0.0.0/0 216.75.21.31
0 0 DROP all -- * !lo 0.0.0.0/0 202.137.141.11
0 0 DROP all -- * !lo 0.0.0.0/0 198.20.70.114
0 0 DROP all -- * !lo 0.0.0.0/0 216.158.67.3
0 0 DROP all -- * !lo 0.0.0.0/0 5.39.70.66
0 0 DROP all -- * !lo 0.0.0.0/0 112.137.167.138
0 0 DROP all -- * !lo 0.0.0.0/0 95.226.24.14
0 0 DROP all -- * !lo 0.0.0.0/0 79.24.232.64
0 0 DROP all -- * !lo 0.0.0.0/0 79.18.162.91
0 0 DROP all -- * !lo 0.0.0.0/0 89.96.94.229
0 0 DROP all -- * !lo 0.0.0.0/0 79.55.33.100
0 0 DROP all -- * !lo 0.0.0.0/0 146.48.97.50
0 0 DROP all -- * !lo 0.0.0.0/0 176.102.38.74
0 0 DROP all -- * !lo 0.0.0.0/0 217.69.133.228
0 0 DROP all -- * !lo 0.0.0.0/0 217.69.133.231
0 0 DROP all -- * !lo 0.0.0.0/0 88.62.91.226
0 0 DROP all -- * !lo 0.0.0.0/0 78.184.102.189
0 0 DROP all -- * !lo 0.0.0.0/0 75.126.46.164
0 0 DROP all -- * !lo 0.0.0.0/0 188.125.104.70
0 0 DROP all -- * !lo 0.0.0.0/0 151.58.49.211
0 0 DROP all -- * !lo 0.0.0.0/0 78.134.117.234
0 0 DROP all -- * !lo 0.0.0.0/0 217.69.133.233
0 0 DROP all -- * !lo 0.0.0.0/0 76.77.144.75
0 0 DROP all -- * !lo 0.0.0.0/0 217.69.133.227
0 0 DROP all -- * !lo 0.0.0.0/0 217.69.133.229
0 0 DROP all -- * !lo 0.0.0.0/0 217.69.133.230
0 0 DROP all -- * !lo 0.0.0.0/0 217.69.133.232
0 0 DROP all -- * !lo 0.0.0.0/0 217.69.133.69
0 0 DROP all -- * !lo 0.0.0.0/0 129.123.7.6
0 0 DROP all -- * !lo 0.0.0.0/0 37.119.229.149
0 0 DROP all -- * !lo 0.0.0.0/0 195.228.242.66
0 0 DROP all -- * !lo 0.0.0.0/0 5.45.74.37
0 0 DROP all -- * !lo 0.0.0.0/0 112.219.213.165
0 0 DROP all -- * !lo 0.0.0.0/0 85.25.242.250
0 0 DROP all -- * !lo 0.0.0.0/0 118.244.147.49
0 0 DROP all -- * !lo 0.0.0.0/0 83.206.173.212
0 0 DROP all -- * !lo 0.0.0.0/0 151.60.5.248
0 0 DROP all -- * !lo 0.0.0.0/0 79.14.5.175
0 0 DROP all -- * !lo 0.0.0.0/0 68.169.152.84
0 0 DROP all -- * !lo 0.0.0.0/0 64.113.44.206
0 0 DROP all -- * !lo 0.0.0.0/0 96.44.189.102
0 0 DROP all -- * !lo 0.0.0.0/0 128.6.224.107
0 0 DROP all -- * !lo 0.0.0.0/0 72.52.91.19
0 0 DROP all -- * !lo 0.0.0.0/0 93.69.47.219
0 0 DROP all -- * !lo 0.0.0.0/0 79.48.16.61
0 0 DROP all -- * !lo 0.0.0.0/0 173.192.34.95
0 0 DROP all -- * !lo 0.0.0.0/0 189.196.134.87
0 0 DROP all -- * !lo 0.0.0.0/0 188.135.243.103
0 0 DROP all -- * !lo 0.0.0.0/0 94.23.54.140
0 0 DROP all -- * !lo 0.0.0.0/0 2.157.92.66
0 0 DROP all -- * !lo 0.0.0.0/0 104.131.244.31
0 0 DROP all -- * !lo 0.0.0.0/0 91.121.154.70
0 0 DROP all -- * !lo 0.0.0.0/0 125.65.77.233
0 0 DROP all -- * !lo 0.0.0.0/0 95.241.205.139
0 0 DROP all -- * !lo 0.0.0.0/0 87.9.147.212
0 0 DROP all -- * !lo 0.0.0.0/0 37.187.132.46
0 0 DROP all -- * !lo 0.0.0.0/0 95.241.244.240
0 0 DROP all -- * !lo 0.0.0.0/0 5.255.253.11
0 0 DROP all -- * !lo 0.0.0.0/0 41.32.18.199
0 0 DROP all -- * !lo 0.0.0.0/0 91.119.150.235
0 0 DROP all -- * !lo 0.0.0.0/0 146.0.73.156
0 0 DROP all -- * !lo 0.0.0.0/0 194.178.108.226
0 0 DROP all -- * !lo 0.0.0.0/0 93.56.185.218
0 0 DROP all -- * !lo 0.0.0.0/0 95.251.90.231
0 0 DROP all -- * !lo 0.0.0.0/0 62.160.30.56
0 0 DROP all -- * !lo 0.0.0.0/0 146.0.74.170
0 0 DROP all -- * !lo 0.0.0.0/0 157.55.39.90
0 0 DROP all -- * !lo 0.0.0.0/0 157.55.39.125
0 0 DROP all -- * !lo 0.0.0.0/0 2.34.164.206
0 0 DROP all -- * !lo 0.0.0.0/0 93.63.159.34
0 0 DROP all -- * !lo 0.0.0.0/0 188.13.138.21
0 0 DROP all -- * !lo 0.0.0.0/0 85.159.196.98
0 0 DROP all -- * !lo 0.0.0.0/0 50.63.188.5
0 0 DROP all -- * !lo 0.0.0.0/0 41.58.83.204
Chain INVALID (2 references)
pkts bytes target prot opt in out source destination
12636 675991 INVDROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20
477 454167 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
Chain INVDROP (10 references)
pkts bytes target prot opt in out source destination
13113 1130158 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOCALINPUT (1 references)
pkts bytes target prot opt in out source destination
7760243 568297017 ALLOWIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
7070751 515763072 DENYIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
Chain LOCALOUTPUT (1 references)
pkts bytes target prot opt in out source destination
15302509 21620505668 ALLOWOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
14612223 20950195082 DENYOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPIN (1 references)
pkts bytes target prot opt in out source destination
3 156 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
3 156 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:68
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:111
3 156 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:113
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:135:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139
34 1768 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:500
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:513
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:513
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:520
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
1214 57556 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
344 25777 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '
1678 90115 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPOUT (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *TCP_OUT Blocked* '
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *UDP_OUT Blocked* '
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *ICMP_OUT Blocked* '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain acctboth (2 references)
pkts bytes target prot opt in out source destination
66 3486 tcp -- !lo * 46.252.193.11 0.0.0.0/0 tcp dpt:80
60 62225 tcp -- !lo * 0.0.0.0/0 46.252.193.11 tcp spt:80
24 2922 tcp -- !lo * 46.252.193.11 0.0.0.0/0 tcp dpt:25
20 2130 tcp -- !lo * 0.0.0.0/0 46.252.193.11 tcp spt:25
0 0 tcp -- !lo * 46.252.193.11 0.0.0.0/0 tcp dpt:110
0 0 tcp -- !lo * 0.0.0.0/0 46.252.193.11 tcp spt:110
10 960 icmp -- !lo * 46.252.193.11 0.0.0.0/0
10 960 icmp -- !lo * 0.0.0.0/0 46.252.193.11
28549 38474614 tcp -- !lo * 46.252.193.11 0.0.0.0/0
20421 1720886 tcp -- !lo * 0.0.0.0/0 46.252.193.11
40 3073 udp -- !lo * 46.252.193.11 0.0.0.0/0
40 5158 udp -- !lo * 0.0.0.0/0 46.252.193.11
28599 38478647 all -- !lo * 46.252.193.11 0.0.0.0/0
20471 1727004 all -- !lo * 0.0.0.0/0 46.252.193.11
0 0 tcp -- !lo * 46.252.200.100 0.0.0.0/0 tcp dpt:80
1 40 tcp -- !lo * 0.0.0.0/0 46.252.200.100 tcp spt:80
0 0 tcp -- !lo * 46.252.200.100 0.0.0.0/0 tcp dpt:25
0 0 tcp -- !lo * 0.0.0.0/0 46.252.200.100 tcp spt:25
0 0 tcp -- !lo * 46.252.200.100 0.0.0.0/0 tcp dpt:110
0 0 tcp -- !lo * 0.0.0.0/0 46.252.200.100 tcp spt:110
0 0 icmp -- !lo * 46.252.200.100 0.0.0.0/0
0 0 icmp -- !lo * 0.0.0.0/0 46.252.200.100
458 51213 tcp -- !lo * 46.252.200.100 0.0.0.0/0
442 68920 tcp -- !lo * 0.0.0.0/0 46.252.200.100
0 0 udp -- !lo * 46.252.200.100 0.0.0.0/0
1 77 udp -- !lo * 0.0.0.0/0 46.252.200.100
458 51213 all -- !lo * 46.252.200.100 0.0.0.0/0
443 68997 all -- !lo * 0.0.0.0/0 46.252.200.100
0 0 tcp -- !lo * 46.252.200.252 0.0.0.0/0 tcp dpt:80
0 0 tcp -- !lo * 0.0.0.0/0 46.252.200.252 tcp spt:80
0 0 tcp -- !lo * 46.252.200.252 0.0.0.0/0 tcp dpt:25
0 0 tcp -- !lo * 0.0.0.0/0 46.252.200.252 tcp spt:25
0 0 tcp -- !lo * 46.252.200.252 0.0.0.0/0 tcp dpt:110
0 0 tcp -- !lo * 0.0.0.0/0 46.252.200.252 tcp spt:110
0 0 icmp -- !lo * 46.252.200.252 0.0.0.0/0
0 0 icmp -- !lo * 0.0.0.0/0 46.252.200.252
0 0 tcp -- !lo * 46.252.200.252 0.0.0.0/0
0 0 tcp -- !lo * 0.0.0.0/0 46.252.200.252
0 0 udp -- !lo * 46.252.200.252 0.0.0.0/0
2 205 udp -- !lo * 0.0.0.0/0 46.252.200.252
0 0 all -- !lo * 46.252.200.252 0.0.0.0/0
2 205 all -- !lo * 0.0.0.0/0 46.252.200.252
52342 41581705 all -- !lo * 0.0.0.0/0 0.0.0.0/0
eloyd
Cool Title Here
Posts: 2190 Joined: Thu Sep 27, 2012 9:14 amLocation: Rochester, NY
Contact:
Post
by eloyd Wed Sep 24, 2014 9:50 am
Thank you. It will take me a bit to chew through your iptables results, but I do see some limit statements that log to syslog. Is there anything in /var/log/messages with "Firewall" in it that look obviously connected to either traffic from your Nagios host or traffic to your web server?
elia_anc
Posts: 6 Joined: Wed Sep 24, 2014 7:48 am
Post
by elia_anc Wed Sep 24, 2014 10:07 am
No output from
Code: Select all
cat /var/log/messages | grep 95.226.98.234
A lot of output from
Code: Select all
cat /var/log/messages | grep Firewall but nothing from Nagios server.
Here is some example (don't look at the time: different timezone):
Code: Select all
Sep 24 07:59:29 ip-46-252-193-11 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= PHYSIN=bond0.802 PHYSOUT=veth10042300.0 MAC=00:18:51:f0:0d:be:00:25:45:13:83:40:08:00 SRC=96.45.197.226 DST=46.252.193.11 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=31965 DF PROTO=TCP SPT=36635 DPT=25 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Sep 24 07:59:32 ip-46-252-193-11 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= PHYSIN=bond0.802 PHYSOUT=veth10042300.0 MAC=00:18:51:f0:0d:be:00:25:45:13:83:40:08:00 SRC=96.45.197.226 DST=46.252.193.11 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=31966 DF PROTO=TCP SPT=36635 DPT=25 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Sep 24 07:59:38 ip-46-252-193-11 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= PHYSIN=bond0.802 PHYSOUT=veth10042300.0 MAC=00:18:51:f0:0d:be:00:25:45:13:83:40:08:00 SRC=96.45.197.226 DST=46.252.193.11 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=31968 DF PROTO=TCP SPT=36635 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0
Sep 24 08:02:13 ip-46-252-193-11 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= PHYSIN=bond0.802 PHYSOUT=veth10042300.0 MAC=00:18:51:f0:0d:be:00:25:45:13:83:40:08:00 SRC=180.212.122.18 DST=46.252.193.11 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=45642 DF PROTO=TCP SPT=24481 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0
Sep 24 08:02:16 ip-46-252-193-11 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= PHYSIN=bond0.802 PHYSOUT=veth10042300.0 MAC=00:18:51:f0:0d:be:00:25:45:13:83:40:08:00 SRC=180.212.122.18 DST=46.252.193.11 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=45643 DF PROTO=TCP SPT=24481 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0
Sep 24 08:02:22 ip-46-252-193-11 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= PHYSIN=bond0.802 PHYSOUT=veth10042300.0 MAC=00:18:51:f0:0d:be:00:25:45:13:83:40:08:00 SRC=180.212.122.18 DST=46.252.193.11 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=45644 DF PROTO=TCP SPT=24481 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0
eloyd
Cool Title Here
Posts: 2190 Joined: Thu Sep 27, 2012 9:14 amLocation: Rochester, NY
Contact:
Post
by eloyd Wed Sep 24, 2014 10:17 am
Does the delay happen when you go to other web sites? And what version of check_http are you running (check_http -V)?
elia_anc
Posts: 6 Joined: Wed Sep 24, 2014 7:48 am
Post
by elia_anc Wed Sep 24, 2014 10:25 am
eloyd wrote: Does the delay happen when you go to other web sites? And what version of check_http are you running (check_http -V)?
I try check
www.google.it and here the result (10 seconds!):
Code: Select all
./check_http -H www.google.it -N -t 30 -v
GET / HTTP/1.1
User-Agent: check_http/v1.4.16.29.g3c10.dirty (nagios-plugins 1.4.16)
Connection: close
Host: www.google.it
http://www.google.it:80/ is 1418 characters
STATUS: HTTP/1.1 200 OK
**** HEADER ****
Date: Wed, 24 Sep 2014 15:22:03 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=3895778cf97a2f1f:FF=0:TM=1411572123:LM=1411572123:S=lu9EzRnfMnW24Ofz; expires=Fri, 23-Sep-2016 15:22:03 GMT; path=/; domain=.google.it
Set-Cookie: NID=67=W2ebqPOENSvaEygl5E0rkCD6ceiCjUeqMERfFSmaGsqDo83HqG7znm_VRaFSsuEZULeKJl9uxj5YGYK9YUQOhK4DlRxUd1BCY3qTBzfPfxtGrdOlVtPwfUUn47n0Zwp8; expires=Thu, 26-Mar-2015 15:22:03 GMT; path=/; domain=.google.it; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=0.002
Connection: close
**** CONTENT ****
[[ skipped ]]
HTTP OK: HTTP/1.1 200 OK - 1418 bytes in 10.390 second response time |time=10.390028s;;;0.000000 size=1418B;;;0
It seems thats the problem is between the server and internet...
The version of check_http is: check_http v1.4.16.29.g3c10.dirty (nagios-plugins 1.4.16)
eloyd
Cool Title Here
Posts: 2190 Joined: Thu Sep 27, 2012 9:14 amLocation: Rochester, NY
Contact:
Post
by eloyd Wed Sep 24, 2014 10:32 am
I agree. I see nothing wrong with the iptables or anything else, so I am guessing that it is something specific to your server or the network that it is plugged in to. Unfortunately, I do not think there is going to be much additional help to you here, so you may want to talk with your network administrator - unless that is you!!
