It happened again last night, but I wasn't able to investigate before I woke up, and for the moment it's not blocking anymore. Out of curiosity, I'm doing a regular MTR, and I've had a strange thing happen.
A normal one (rpi4 at home to OVH): └─# mtr -r 54.38.38.159 -4 Start: 2023-09-07T07:14:15+0000 HOST: rpi4 Loss% Snt Last Avg Best Wrst StDev 1.|-- livebox.home 0.0% 10 1.0 0.9 0.7 1.1 0.1 2.|-- 80.10.239.9 0.0% 10 3.0 2.9 2.7 3.5 0.3 3.|-- ae102-0.ncidf103.rbci.ora 0.0% 10 3.3 3.4 2.2 6.3 1.1 4.|-- ae51-0.nridf101.rbci.oran 0.0% 10 3.2 3.4 3.1 3.6 0.2 5.|-- ae41-0.noidf001.rbci.oran 0.0% 10 3.5 3.7 3.2 5.4 0.6 6.|-- be102.par-th2-pb1-nc5.fr. 0.0% 10 25.9 9.6 3.7 31.7 10.5 7.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 8.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 9.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 10.|-- be103.rbx-g4-nc5.fr.eu 0.0% 10 8.1 9.0 7.2 20.9 4.2 11.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 12.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 13.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 14.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 15.|-- mail.borezo.info 0.0% 10 6.9 7.2 6.7 7.9 0.4 The same one a few minutes later (not normal): └─# mtr -r 54.38.38.159 -4 Start: 2023-09-07T07:24:27+0000 HOST: rpi4 Loss% Snt Last Avg Best Wrst StDev 1.|-- livebox.home 0.0% 10 0.9 1.1 0.7 2.8 0.6 2.|-- 80.10.239.9 0.0% 10 2.8 3.0 2.7 4.4 0.5 3.|-- ae102-0.ncidf103.rbci.ora 0.0% 10 37.3 6.8 2.7 37.3 10.7 4.|-- ae51-0.nridf101.rbci.oran 0.0% 10 3.5 3.5 3.1 4.6 0.4 5.|-- ae41-0.noidf001.rbci.oran 0.0% 10 3.3 3.9 3.2 8.4 1.6 6.|-- be102.par-th2-pb1-nc5.fr. 0.0% 10 3.7 14.0 3.7 44.1 15.0 7.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 8.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 9.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 10.|-- be103.rbx-g4-nc5.fr.eu 0.0% 10 7.5 8.4 7.1 12.1 1.7 11.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 12.|-- rpi4.home 90.0% 10 7955. 7955. 7955. 7955. 0.0 Le mer. 6 sept. 2023 à 08:39, Romain <rom...@borezo.info> a écrit : > Hello everyone, > > I recently reinstalled a dedicated server (with OVH, in case that helps > with diagnosis), transitioning from Debian 11 to Debian 12. > > Since then, I have been experiencing regular and progressive IPv4 blocking > at my home. Access via IPv6 or from another IPv4 (including from the same > provider) is working. > > Here's an example from last night after a server reboot the previous > evening: > 01:43-02:13 (30 minutes) > 02:26-03:26 (1 hour) > 03:28-05:28 (2 hours) > 05:55-? (still blocked at the time of writing) > > Issues: > - The OVH Debian 12 template for dedicated servers doesn't come with any > pre-installed blocking tools (e.g., no fail2ban). > - I haven't added any such tools since installing the server, only Apache > (with mod_security), PHP, and MariaDB. > - From my home IP address last night, the only generated requests were > from my Uptime Kuma probe, which includes a ping every minute and a curl > request to a URL that consistently returns HTTP 200 (except when the IP is > blocked, of course). > > When my IP is blocked, curl returns a "Connection refused," and ping > returns "Destination Port Unreachable." > > I couldn't find any mentions of my IPv4 address in the server logs. MTR > (-4) doesn't report any issues reaching the server. OVH has confirmed that > it's not an issue with their network equipment, and a rescue mode restart > allows me to regain ping access. > > Do you have any ideas about what might be causing this on a nearly > pristine Debian 12 installation? I've been pulling my hair out for a few > days now... > > Thanks! > > Romain > > > > >
