perfsonar-user - Re: [perfsonar-user] TracerouteSender 403 Forbidden Error
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Andrew Lake <>
- To: "Uhl, George D. (GSFC-423.0)[ARTS]" <>
- Cc: Mark Tinberg <>, "" <>
- Subject: Re: [perfsonar-user] TracerouteSender 403 Forbidden Error
- Date: Wed, 30 Apr 2014 09:30:33 -0400
Hi George,
You can forcibly generate some traffic to 8086 by running something like the
following:
curl -X GET --dump-header -
"http://archive.eos.nasa.gov:8086/perfSONAR_PS/services/tracerouteCollector"
That's a GET instead of a post but it'd be interesting to see what it does.
If it reaches the collector you will see something like the following:
HTTP/1.1 200 success
Date: Wed, 30 Apr 2014 13:07:00 GMT
Server: libwww-perl-daemon/5.827
User-Agent: perfSONAR-PS/3.2
Content-Length: 825
Content-Type: text/xml
<SOAP-ENV:Envelope xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"
id="message.1967190" type="ErrorResponse"><nmwg:metadata
id="metadata.16742872"><nmwg:eventType>error.common.transport</nmwg:eventType></nmwg:metadata><nmwg:data
metadataIdRef="metadata.16742872" id="data.9803672"><nmwgr:datum
xmlns:nmwgr="http://ggf.org/ns/nmwg/result/2.0/">Received message with an
invalid HTTP request, are you using a web
browser?</nmwgr:datum></nmwg:data></nmwg:message> </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
On Apr 29, 2014, at 5:06 PM, "Uhl, George D. (GSFC-423.0)[ARTS]"
<>
wrote:
> Mark,
>
> Thanks for following up. I was running tcpdump on the traceroute source
> host so I used tcpdump to look for it attempting to communicate to the
> remote archive server on port 8086. I'm not seeing anything related to
> http or traceroute in audit.log.
>
> Thanks again,
> -George
>
> On 4/29/14 4:53 PM, "Mark Tinberg"
> <>
> wrote:
>
>>
>> On Apr 29, 2014, at 2:48 PM, Uhl, George D. (GSFC-423.0)[ARTS]
>> <>
>> wrote:
>>
>>> Could this have something to do with selinux being enabled on the host?
>>> I
>>> did a tcpdump on this host and never saw any traffic sent to the MA
>>> server
>>> on port 8086.
>>
>> tcpdump would see the traffic before any packet filtering or selinux
>> policy could affect it so if you aren¹t seeing it inbound then it¹s not
>> getting to the machine at all and you can conclude the problem is not on
>> the local machine.
>>
>>> BTW, I'm prohibited from disabling selinux on this particular host.
>>
>> As a point of reference, SELinux logs to the audit subsystem and if
>> auditd is running those logs should end up in /var/log/audit/audit.log
>> which should be root-only readable. There are a lot of things which are
>> audited by default, look for AVC messages, they should tell you all the
>> information about what was denied, if anything. For example, here is
>> what happens when apache tries to access a users home directory when
>> httpd_enable_homedirs has not been enabled by setsebool.
>>
>> # grep AVC /var/log/audit/audit.log
>> type=AVC msg=audit(1398804336.495:232531): avc: denied { search } for
>> pid=9160 comm="httpd" name=³test" dev=dm-0 ino=663252
>> scontext=unconfined_u:system_r:httpd_t:s0
>> tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir
>> type=AVC msg=audit(1398804336.498:232532): avc: denied { getattr } for
>> pid=9160 comm="httpd" path="/home/test" dev=dm-0 ino=663252
>> scontext=unconfined_u:system_r:httpd_t:s0
>> tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir
>>
>>
>> ‹
>> Mark Tinberg, System Administrator
>> Division of Information Technology - Network Services
>> University of Wisconsin - Madison
>>
>>
>
- [perfsonar-user] TracerouteSender 403 Forbidden Error, Uhl, George D. (GSFC-423.0)[ARTS], 04/29/2014
- Re: [perfsonar-user] TracerouteSender 403 Forbidden Error, Andrew Lake, 04/29/2014
- Re: [perfsonar-user] TracerouteSender 403 Forbidden Error, Uhl, George D. (GSFC-423.0)[ARTS], 04/29/2014
- Re: [perfsonar-user] TracerouteSender 403 Forbidden Error, Dale W. Carder, 04/29/2014
- Re: [perfsonar-user] TracerouteSender 403 Forbidden Error, Mark Tinberg, 04/29/2014
- Re: [perfsonar-user] TracerouteSender 403 Forbidden Error, Uhl, George D. (GSFC-423.0)[ARTS], 04/29/2014
- Re: [perfsonar-user] TracerouteSender 403 Forbidden Error, Andrew Lake, 04/30/2014
- Re: [perfsonar-user] TracerouteSender 403 Forbidden Error, Uhl, George D. (GSFC-423.0)[ARTS], 04/30/2014
- Re: [perfsonar-user] TracerouteSender 403 Forbidden Error, Uhl, George D. (GSFC-423.0)[ARTS], 04/30/2014
- Re: [perfsonar-user] TracerouteSender 403 Forbidden Error, Andrew Lake, 04/30/2014
- Re: [perfsonar-user] TracerouteSender 403 Forbidden Error, Uhl, George D. (GSFC-423.0)[ARTS], 04/30/2014
- Re: [perfsonar-user] TracerouteSender 403 Forbidden Error, Uhl, George D. (GSFC-423.0)[ARTS], 04/30/2014
- Re: [perfsonar-user] TracerouteSender 403 Forbidden Error, Andrew Lake, 04/30/2014
- Re: [perfsonar-user] TracerouteSender 403 Forbidden Error, Uhl, George D. (GSFC-423.0)[ARTS], 04/29/2014
- Re: [perfsonar-user] TracerouteSender 403 Forbidden Error, Uhl, George D. (GSFC-423.0)[ARTS], 04/29/2014
- Re: [perfsonar-user] TracerouteSender 403 Forbidden Error, Andrew Lake, 04/29/2014
Archive powered by MHonArc 2.6.16.