LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   TCP services not listening on multiple IPs (http://www.linuxquestions.org/questions/linux-networking-3/tcp-services-not-listening-on-multiple-ips-634395/)

jgrumbles 04-10-2008 09:05 AM

TCP services not listening on multiple IPs
 
RHEL4

I have a DMZ server that will only listen to TCP requests one one IP or the other based on what the default gateway is.

eth0 = 192.168.7.16 (core LAN)
eth1 = 192.168.5.23 (DMZ)

With the respective gateways ending in .1 for each subnet.

I have the default gateway for the machine being 192.168.7.1 but this prevents me from connecting to 192.168.5.23 via SSH/FTP/etc, anything TCP. If I force the default gateway to 192.168.5.1 then I can connect to 192.168.5.23 but nothing on 192.168.7.1 works.

The two things that confuse me are:

1) I can ping both IPs no matter what the default gateway scenario is.
2) We have similar boxes that run on 192.168.8.* and 192.168.7.* whose default gateway is 192.168.8.1 and I can SSH/FTP/etc into both IPs on every box and I didn't have to set anything specifically to allow this.

Thanks for any help.

Edit: Here is the tcpdump I get

[root@collin07 ~]# tcpdump -i eth1 -vv | grep ssh
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
09:07:31.995440 IP (tos 0x0, ttl 127, id 19146, offset 0, flags [DF], proto 6, length: 64) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: S [tcp sum ok] 2729021493:2729021493(0) win 65535 <mss 1300,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
09:07:31.995708 IP (tos 0x0, ttl 127, id 19147, offset 0, flags [none], proto 6, length: 40) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: R [tcp sum ok] 3038169644:3038169644(0) win 0
09:07:35.009484 IP (tos 0x0, ttl 127, id 19226, offset 0, flags [DF], proto 6, length: 64) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: S [tcp sum ok] 3281011647:3281011647(0) win 65535 <mss 1300,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
09:07:35.009706 IP (tos 0x0, ttl 127, id 19227, offset 0, flags [none], proto 6, length: 40) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: R [tcp sum ok] 3590159798:3590159798(0) win 0
09:07:40.944032 IP (tos 0x0, ttl 127, id 19298, offset 0, flags [DF], proto 6, length: 64) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: S [tcp sum ok] 24460256:24460256(0) win 65535 <mss 1300,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
09:07:40.944273 IP (tos 0x0, ttl 127, id 19299, offset 0, flags [none], proto 6, length: 40) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: R [tcp sum ok] 333608407:333608407(0) win 0

jgrumbles 04-10-2008 09:51 AM

Actually, doesn't have anything to do with the firewall/DMZ. Basically I need the routing table to look like this:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.7.0 192.168.7.1 255.255.255.0 U 0 0 0 eth0
192.168.5.0 192.168.5.1 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default 192.168.7.1 0.0.0.0 UG 0 0 0 eth1

And not how it looks like currently:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.7.0 * 255.255.255.0 U 0 0 0 eth0
192.168.5.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default 192.168.5.1 0.0.0.0 UG 0 0 0 eth1

I know the default gateway is easy to change but I have no clue to tell it to use 192.168.5.1 for any traffic to/from 192.168.5.23


All times are GMT -5. The time now is 10:47 AM.