2 votes

Mac Mavericks 10.9 Problème de DNS avec des adresses spécifiques

Un certain nombre d'adresses réseau semblent inaccessibles depuis mon ordinateur (Mac Mavericks, 10.9.2). Par exemple, je ne vois aucune image sur wikipedia. L'article vedette d'aujourd'hui n'affiche pas l'image http://upload.wikimedia.org/wikipedia/commons/5/54/Potret_Roekiah1.jpg (Safari se bloque en essayant de charger l'image).

Voici mes tentatives pour comprendre ce qui se passe (j'ai modifié les identifiants et certains numéros d'IP).

[Radek ~]$ ping upload.wikimedia.org
PING upload-lb.esams.wikimedia.org (91.198.174.234): 56 data bytes
36 bytes from ae2.cr1-esams.wikimedia.org (195.69.145.176): Destination Net Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  48 5400 e066   0 0000  3c  01 d18f 192.168.1.18  91.198.174.234 

Request timeout for icmp_seq 0
Request timeout for icmp_seq 1

(et le ping s'arrête ou rapporte Destination Net Unreachable pour d'autres tentatives)

[Radek ~]$ traceroute upload.wikimedia.org
traceroute to upload-lb.esams.wikimedia.org (91.198.174.234), 64 hops max, 52 byte packets
 1  192.168.1.1 (192.168.1.1)  2.359 ms  2.102 ms  2.016 ms
 2  xxx.adsl2.static.versatel.nl (82.173.xx.xx)  104.734 ms  106.157 ms      107.574 ms
 3 xxx.xxx.versatel.net (217.16.39.169)  125.938 ms *  49.443 ms
 4  ae6-xxx.brxxxsara.versatel.net (212.53.xx.xx)  55.765 ms  66.818 ms  80.532 ms
 5  * * *
...
 64  * * *

Voici quelques détails de ma configuration :

[Radek ~]$ ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    options=3<RXCSUM,TXCSUM>
    inet6 ::1 prefixlen 128 
    inet 127.0.0.1 netmask 0xff000000 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
    nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether xx:xx 
    inet6 xxxx:xxxx%en0 prefixlen 64 scopeid 0x4 
    inet 192.168.1.18 netmask 0xffffff00 broadcast 192.168.1.255
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=60<TSO4,TSO6>
    ether xx:xx 
    media: autoselect <full-duplex>
    status: inactive
en2: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=60<TSO4,TSO6>
    ether xx:xx 
    nd6 options=1<PERFORMNUD>
    media: autoselect <full-duplex>
    status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=63<RXCSUM,TXCSUM,TSO4,TSO6>
    ether xx:xx 
    Configuration:
        id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
        maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
        root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
        ipfilter disabled flags 0x2
    member: en1 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 6 priority 0 path cost 0
    nd6 options=1<PERFORMNUD>
    media: <unknown type>
    status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
    ether xx:xx 
    media: autoselect
    status: inactive

[Radek ~]$ netstat -s
tcp:
    4041934 packets sent
        2109154 data packets (2412741336 bytes)
        4336 data packets (4973578 bytes) retransmitted
        0 resends initiated by MTU discovery
        1515058 ack-only packets (788 delayed)
        0 URG only packets
        8 window probe packets
        315897 window update packets
        98042 control packets
        997 data packets sent after flow control
        3032003 checksummed in software
            3032003 segments (2030699244 bytes) over IPv4
            0 segments (0 bytes) over IPv6
    4874936 packets received
        1245553 acks (for 2412436596 bytes)
        61704 duplicate acks
        0 acks for unsent data
        3590173 packets (4105070383 bytes) received in-sequence
        4782 completely duplicate packets (2495220 bytes)
        881 old duplicate packets
        103 packets with some dup. data (44979 bytes duped)
        88880 out-of-order packets (119408758 bytes)
        0 packets (0 bytes) of data after window
        0 window probes
        1297 window update packets
        2853 packets received after close
        0 bad resets
        1 discarded for bad checksum
        3221507 checksummed in software
            3221507 segments (2755880532 bytes) over IPv4
            0 segments (0 bytes) over IPv6
        0 discarded for bad header offset fields
        0 discarded because packet too short
    53415 connection requests
    11 connection accepts
    0 bad connection attempts
    0 listen queue overflows
    45391 connections established (including accepts)
    53529 connections closed (including 5839 drops)
        742 connections updated cached RTT on close
        742 connections updated cached RTT variance on close
        258 connections updated cached ssthresh on close
    5357 embryonic connections dropped
    2919226 segments updated rtt (of 1129684 attempts)
    7233 retransmit timeouts
        44 connections dropped by rexmit timeout
        0 connections dropped after retransmitting FIN
    21 persist timeouts
        0 connections dropped by persist timeout
    137 keepalive timeouts
        1 keepalive probe sent
        84 connections dropped by keepalive
    522089 correct ACK header predictions
    3349375 correct data packet header predictions
    1800 SACK recovery episodes
    3142 segment rexmits in SACK recovery episodes
    4404841 byte rexmits in SACK recovery episodes
    40073 SACK options (SACK blocks) received
    88105 SACK options (SACK blocks) sent
    0 SACK scoreboard overflow
    0 LRO coalesced packets
        0 times LRO flow table was full
        0 collisions in LRO flow table
        0 times LRO coalesced 2 packets
        0 times LRO coalesced 3 or 4 packets
        0 times LRO coalesced 5 or more packets
    2627 limited transmits done
    1212 early retransmits done
    1495 times cumulative ack advanced along with SACK
udp:
    1116361 datagrams received
        0 with incomplete header
        0 with bad data length field
        0 with bad checksum
        1 with no checksum
        831232 checksummed in software
            814776 datagrams (107515088 bytes) over IPv4
            16456 datagrams (5525356 bytes) over IPv6
        463 dropped due to no socket
        588682 broadcast/multicast datagrams undelivered
        0 times multicast source filter matched
        0 dropped due to full socket buffers
        0 not for hashed pcb
        527216 delivered
    68356 datagrams output
        57620 checksummed in software
            50288 datagrams (3553575 bytes) over IPv4
            7332 datagrams (1789298 bytes) over IPv6
ip:
    6126838 total packets received
        0 bad header checksums
        4194980 headers (83905872 bytes) checksummed in software
        0 with size smaller than minimum
        0 with data size < data length
        154979 with data size > data length
            0 packets forced to software checksum
        0 with ip length > max ip packet size
        0 with header length < data size
        0 with data length < header length
        0 with bad options
        0 with incorrect version number
        121 fragments received
            0 dropped (dup or out of space)
            0 dropped after timeout
            60 reassembled ok
        5964502 packets for this host
        7957 packets for unknown/unsupported protocol
        0 packets forwarded (0 packets fast forwarded)
        2108 packets not forwardable
        152210 packets received for unknown multicast group
        0 redirects sent
    4125494 packets sent from this host
        305 packets sent with fabricated ip header
        0 output packets dropped due to no bufs, etc.
        3 output packets discarded due to no route
        0 output datagrams fragmented
        0 fragments created
        0 datagrams that can't be fragmented
        0 tunneling packets that can't find gif
        0 datagrams with bad address in header
        0 packets dropped due to no bufs for control data
        3091053 headers (61835944 bytes) checksummed in software
icmp:
    463 calls to icmp_error
    0 errors not generated 'cuz old message was icmp
    Output histogram:
        echo reply: 4
        destination unreachable: 463
    0 messages with bad code fields
    0 messages < minimum length
    0 bad checksums
    0 messages with bad length
    0 multicast echo requests ignored
    0 multicast timestamp requests ignored
    Input histogram:
        echo reply: 100
        destination unreachable: 6099
        echo: 4
        time exceeded: 71
    4 message responses generated
    ICMP address mask responses are disabled
igmp:
    1971 messages received
    0 messages received with too few bytes
    1 message received with wrong TTL
    0 messages received with bad checksum
    1963 V1/V2 membership queries received
    0 V3 membership queries received
    0 membership queries received with invalid field(s)
    1963 general queries received
    0 group queries received
    0 group-source queries received
    0 group-source queries dropped
    7 membership reports received
    0 membership reports received with invalid field(s)
    7 membership reports received for groups to which we belong
    0 V3 reports received without Router Alert
    3506 membership reports sent
ipsec:
    0 inbound packets processed successfully
    0 inbound packets violated process security policy
    0 inbound packets with no SA available
    0 invalid inbound packets
    0 inbound packets failed due to insufficient memory
    0 inbound packets failed getting SPI
    0 inbound packets failed on AH replay check
    0 inbound packets failed on ESP replay check
    0 inbound packets considered authentic
    0 inbound packets failed on authentication
    0 outbound packets processed successfully
    0 outbound packets violated process security policy
    0 outbound packets with no SA available
    0 invalid outbound packets
    0 outbound packets failed due to insufficient memory
    0 outbound packets with no route
arp:
    1236 ARP requests sent
    1838 ARP replies sent
    0 ARP announcements sent
    171129 ARP requests received
    1141 ARP replies received
    172326 total ARP packets received
    0 ARP conflict probes sent
    0 invalid ARP resolve requests
    0 total packets dropped due to lack of memory
    2014 total packets dropped due to no ARP entry
    71 total packets dropped during ARP entry removal
    960 ARP entries timed out
    0 Duplicate IPs seen
ip6:
    33159 total packets received
        0 with size smaller than minimum
        0 with data size < data length
        0 with data size > data length
            0 packets forced to software checksum
        0 with bad options
        0 with incorrect version number
        1208 fragments received
            0 dropped (dup or out of space)
            0 dropped after timeout
            0 exceeded limit
            604 reassembled ok
        27697 packets for this host
        0 packets forwarded
        4297 packets not forwardable
        0 redirects sent
        4297 multicast packets which we don't join
        0 packets whose headers are not continuous
        0 tunneling packets that can't find gif
        0 packets discarded due to too may headers
        0 forward cache hit
        0 forward cache miss
        0 packets dropped due to no bufs for control data
    5010 packets sent from this host
        0 packets sent with fabricated ip header
        0 output packets dropped due to no bufs, etc.
        5782 output packets discarded due to no route
        0 output datagrams fragmented
        0 fragments created
        0 datagrams that can't be fragmented
        0 packets that violated scope rules
    Input histogram:
        hop by hop: 62
        TCP: 30
        UDP: 26459
        fragment: 1208
        ICMP6: 5397
    Mbuf statistics:
        7285 one mbuf
        two or more mbuf:
            lo0= 4535
        21339 one ext mbuf
        0 two or more ext mbuf
        0 failures of source address selection
icmp6:
    0 calls to icmp_error
    0 errors not generated because old message was icmp error or so
    0 errors not generated because rate limitation
    Output histogram:
        router solicitation: 186
        neighbor solicitation: 73
        neighbor advertisement: 73
        MLDv2 listener report: 113
    0 messages with bad code fields
    0 messages < minimum length
    0 bad checksums
    0 messages with bad length
    Input histogram:
        MLDv1 listener report: 50
        neighbor solicitation: 21
        neighbor advertisement: 1091
    Histogram of error messages to be generated:
        0 no route
        0 administratively prohibited
        0 beyond scope
        0 address unreachable
        0 port unreachable
        0 packet too big
        0 time exceed transit
        0 time exceed reassembly
        0 erroneous header field
        0 unrecognized next header
        0 unrecognized option
        0 redirect
        0 unknown
    0 message responses generated
    0 messages with too many ND options
    0 messages with bad ND options
    0 bad neighbor solicitation messages
    19 bad neighbor advertisement messages
    0 bad router solicitation messages
    0 bad router advertisement messages
    0 bad redirect messages
    0 path MTU changes
ipsec6:
    0 inbound packets processed successfully
    0 inbound packets violated process security policy
    0 inbound packets with no SA available
    0 invalid inbound packets
    0 inbound packets failed due to insufficient memory
    0 inbound packets failed getting SPI
    0 inbound packets failed on AH replay check
    0 inbound packets failed on ESP replay check
    0 inbound packets considered authentic
    0 inbound packets failed on authentication
    0 outbound packets processed successfully
    0 outbound packets violated process security policy
    0 outbound packets with no SA available
    0 invalid outbound packets
    0 outbound packets failed due to insufficient memory
    0 outbound packets with no route
rip6:
    0 messages received
    0 checksum calcurations on inbound
    0 messages with bad checksum
    0 messages dropped due to no socket
    0 multicast messages dropped due to no socket
    0 messages dropped due to full socket buffers
    0 delivered
    0 datagrams output
pfkey:
    0 requests sent to userland
    0 bytes sent to userland
    0 messages with invalid length field
    0 messages with invalid version field
    0 messages with invalid message type field
    0 messages too short
    0 messages with memory allocation failure
    0 messages with duplicate extension
    0 messages with invalid extension type
    0 messages with invalid sa type
    0 messages with invalid address extension
    0 requests sent from userland
    0 bytes sent from userland
    0 messages toward single socket
    0 messages toward all sockets
    0 messages toward registered sockets
    0 messages with memory allocation failure

Le problème est spécifique à mon Mac (wikipedia fonctionne sur les appareils iOS) et persiste malgré les essais :

  • des réseaux différents (défaillances au travail et à la maison)
  • différentes interfaces (via wi-fi ou ethernet)
  • redémarrage (même les mises à jour du système, actuellement 10.9.2)
  • différents DNS ("automatique" ainsi que google 8.8.8.8 et 8.8.4.4)

UPDATE :

Résolu ! Merci.... C'est un client "VPN over ssh" sshuttle qui a changé mon /etc/hosts fichier à rediriger de wikimedia (parmi >1000 autres )

1voto

Ruskes Points 44895

Dans l'hypothèse où vous n'avez pas installé de logiciel qui bloquerait explicitement ces sites, voici ce qui suit comment bloquer et débloquer des sites web .

Le fichier hosts d'un Mac est un simple fichier texte qui dicte ce que le système doit faire lorsque des domaines ou des adresses IP spécifiques sont consultés.

Vous pouvez déclencher une erreur "la page ne peut pas être affichée" ou même les rediriger vers vers d'autres domaines/IP de votre choix.

Dans le cadre de ce tutoriel, tous les sites web bloqués seront dirigés vers 127.0.0 ou le système lui-même.

  • Pour commencer, copiez et collez le code suivant dans le terminal :

    sudo /bin/cp /etc/hosts /etc/hosts-original
  • Le terminal vous demandera votre mot de passe.

  • Nous pouvons maintenant commencer à éditer le fichier hosts. Copiez et collez ce code dans le Terminal (une seule ligne) :

    sudo /Applications/TextEdit.app/Contents/MacOS/TextEdit /etc/hosts

Le fichier hosts s'ouvre dans TextEdit.

Notez les lignes suivantes et ne les supprimez en aucun cas :

127.0.0.1 localhost

255.255.255.255 broadcasthost

:1 localhost

fe80::1%lo0 localhost

Vous ne devriez pas avoir d'autres données ici.

Créez une nouvelle ligne directement sous la dernière ligne indiquée ci-dessus. Tapez ce qui suit, en remplaçant l'exemple de domaine par le domaine ou l'IP que vous souhaitez bloquer :

    127.0.0.1 sample.com www.sample.com

Continuez à ajouter des lignes en suivant le format de l'étape 6 pour chaque site web que vous souhaitez bloquer. W le fichier hosts lorsque vous y êtes invité. De retour dans Terminal, exécutez la commande suivante pour purger le DNS de l'ordinateur et appliquer le nouveau fichier hosts. Si vous préférez, vous pouvez redémarrer votre Mac.

    dscacheutil -flushcache

C'est tout ce qu'il y a à faire ! Les sites web ajoutés au fichier hosts ne ne seront plus accessibles à partir d'un compte d'utilisateur sur ce Mac.

Dans votre cas, recherchez les adresses IP bloquées

  • rétablir l'accès aux sites web bloqués Il suffit de répéter ce processus et les lignes que vous avez ajoutées dans le fichier hosts. N'oubliez pas de ne pas supprimer les 4 lignes d'origine indiquées à l'étape 5.

LesApples.com

LesApples est une communauté de Apple où vous pouvez résoudre vos problèmes et vos doutes. Vous pouvez consulter les questions des autres utilisateurs d'appareils Apple, poser vos propres questions ou résoudre celles des autres.

Powered by:

X