Hello everyone !
My LAN topology is this :
[ [VMs] PC1] -- [ISP box] -- [PC2]
PC1: 192.168.1.3
ISP Box : 192.168.1.1
PC2; 192.168.1.42
More info:
- The VMs are bridged on an ethernet NIC.
- I'm using full ethernet connectivity, full duplex 100Mb/s
The issue is (or seems to be) located on the server.
-- On PC1 --
The first thing I witnessed was that I wasn't able to access the internet. So I investigated.
I tried to ping the ISP Box :
Code:
# ping -c 3 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2000ms
So I thought I had a bad netmask or bad routes (but it would be weird since I'am able to PING PC2) :
Code:
# ifconfig br0
br0 Link encap:Ethernet HWaddr 50:e5:49:ca:c7:e4
inet adr:192.168.1.3 Bcast:192.168.1.255 Masque:255.255.255.0
adr inet6: fe80::52e5:49ff:feca:c7e4/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:60558 errors:0 dropped:0 overruns:0 frame:0
TX packets:39180 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:36478349 (34.7 MiB) TX bytes:6522301 (6.2 MiB)
# route -n
Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
Thus, I thought it's much more likely to be a bad iptables/ebtables rule, I checked it out :
Code:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# ebtables -L
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
# iptables-save
# Generated by iptables-save v1.4.8 on Sat Jul 7 16:21:43 2012
*filter
:INPUT ACCEPT [51162:35416108]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [38757:6082687]
COMMIT
# Completed on Sat Jul 7 16:21:43 2012
But there's nothing... so I decided to do some network sniffing :
Code:
# ping -c 3 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2015ms
# tshark icmp
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
0.000000 192.168.1.3 -> 192.168.1.1 ICMP Echo (ping) request
0.000563 192.168.1.1 -> 192.168.1.3 ICMP Echo (ping) reply
1.007245 192.168.1.3 -> 192.168.1.1 ICMP Echo (ping) request
1.008007 192.168.1.1 -> 192.168.1.3 ICMP Echo (ping) reply
2.015409 192.168.1.3 -> 192.168.1.1 ICMP Echo (ping) request
2.016052 192.168.1.1 -> 192.168.1.3 ICMP Echo (ping) reply
It's not the ISP box doing the filtering here, so it's clearly located on PC1.
Then I tried an ARPING :
Code:
# arping -c 3 192.168.1.1
ARPING 192.168.1.1
60 bytes from 00:25:15:37:68:18 (192.168.1.1): index=0 time=351.191 usec
60 bytes from 00:25:15:37:68:18 (192.168.1.1): index=1 time=337.839 usec
60 bytes from 00:25:15:37:68:18 (192.168.1.1): index=2 time=353.098 usec
--- 192.168.1.1 statistics ---
3 packets transmitted, 3 packets received, 0% unanswered (0 extra)
# tshark arp
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
0.000000 50:e5:49:ca:c7:e4 -> Broadcast ARP Who has 192.168.1.1? Tell 192.168.1.3
0.000342 Sfr_37:68:18 -> 50:e5:49:ca:c7:e4 ARP 192.168.1.1 is at 00:25:15:37:68:18
1.000489 50:e5:49:ca:c7:e4 -> Broadcast ARP Who has 192.168.1.1? Tell 192.168.1.3
1.000829 Sfr_37:68:18 -> 50:e5:49:ca:c7:e4 ARP 192.168.1.1 is at 00:25:15:37:68:18
2.000934 50:e5:49:ca:c7:e4 -> Broadcast ARP Who has 192.168.1.1? Tell 192.168.1.3
2.001288 Sfr_37:68:18 -> 50:e5:49:ca:c7:e4 ARP 192.168.1.1 is at 00:25:15:37:68:18
ARP works well..
I tried removing the bridge and ifconfig-ing ethO to set a static IP address but I had the same results...
-- On PC2 --
I noticed that SSHing PC1 is taking 3-4 seconds instead of being almost instantaneous.
And I don't know if this could be of any help but I tried to PING PC1 from PC2 while IP spoofing :
Code:
# hping3 --icmp -a 192.168.1.1 -c 3 192.168.1.3
HPING 192.168.1.3 (eth0 192.168.1.3): icmp mode set, 28 headers + 0 data bytes
--- 192.168.1.3 hping statistic ---
3 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
Of course I don't receive the ICMP Reply on PC2 but there's a capture on PC1 :
Code:
# tshark icmp
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
0.000000 192.168.1.1 -> 192.168.1.3 ICMP Echo (ping) request
0.000016 192.168.1.3 -> 192.168.1.1 ICMP Echo (ping) reply
1.000086 192.168.1.1 -> 192.168.1.3 ICMP Echo (ping) request
1.000098 192.168.1.3 -> 192.168.1.1 ICMP Echo (ping) reply
2.000128 192.168.1.1 -> 192.168.1.3 ICMP Echo (ping) request
2.000141 192.168.1.3 -> 192.168.1.1 ICMP Echo (ping) reply
I need help ! Thanks !
I set up an HTTP proxy to install packages using APT, just in case.