LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 04-10-2008, 08:05 AM   #1
jgrumbles
LQ Newbie
 
Registered: Apr 2008
Posts: 5

Rep: Reputation: 0
TCP services not listening on multiple IPs


RHEL4

I have a DMZ server that will only listen to TCP requests one one IP or the other based on what the default gateway is.

eth0 = 192.168.7.16 (core LAN)
eth1 = 192.168.5.23 (DMZ)

With the respective gateways ending in .1 for each subnet.

I have the default gateway for the machine being 192.168.7.1 but this prevents me from connecting to 192.168.5.23 via SSH/FTP/etc, anything TCP. If I force the default gateway to 192.168.5.1 then I can connect to 192.168.5.23 but nothing on 192.168.7.1 works.

The two things that confuse me are:

1) I can ping both IPs no matter what the default gateway scenario is.
2) We have similar boxes that run on 192.168.8.* and 192.168.7.* whose default gateway is 192.168.8.1 and I can SSH/FTP/etc into both IPs on every box and I didn't have to set anything specifically to allow this.

Thanks for any help.

Edit: Here is the tcpdump I get

[root@collin07 ~]# tcpdump -i eth1 -vv | grep ssh
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
09:07:31.995440 IP (tos 0x0, ttl 127, id 19146, offset 0, flags [DF], proto 6, length: 64) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: S [tcp sum ok] 2729021493:2729021493(0) win 65535 <mss 1300,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
09:07:31.995708 IP (tos 0x0, ttl 127, id 19147, offset 0, flags [none], proto 6, length: 40) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: R [tcp sum ok] 3038169644:3038169644(0) win 0
09:07:35.009484 IP (tos 0x0, ttl 127, id 19226, offset 0, flags [DF], proto 6, length: 64) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: S [tcp sum ok] 3281011647:3281011647(0) win 65535 <mss 1300,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
09:07:35.009706 IP (tos 0x0, ttl 127, id 19227, offset 0, flags [none], proto 6, length: 40) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: R [tcp sum ok] 3590159798:3590159798(0) win 0
09:07:40.944032 IP (tos 0x0, ttl 127, id 19298, offset 0, flags [DF], proto 6, length: 64) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: S [tcp sum ok] 24460256:24460256(0) win 65535 <mss 1300,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
09:07:40.944273 IP (tos 0x0, ttl 127, id 19299, offset 0, flags [none], proto 6, length: 40) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: R [tcp sum ok] 333608407:333608407(0) win 0

Last edited by jgrumbles; 04-10-2008 at 08:08 AM.
 
Old 04-10-2008, 08:51 AM   #2
jgrumbles
LQ Newbie
 
Registered: Apr 2008
Posts: 5

Original Poster
Rep: Reputation: 0
Actually, doesn't have anything to do with the firewall/DMZ. Basically I need the routing table to look like this:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.7.0 192.168.7.1 255.255.255.0 U 0 0 0 eth0
192.168.5.0 192.168.5.1 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default 192.168.7.1 0.0.0.0 UG 0 0 0 eth1

And not how it looks like currently:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.7.0 * 255.255.255.0 U 0 0 0 eth0
192.168.5.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default 192.168.5.1 0.0.0.0 UG 0 0 0 eth1

I know the default gateway is easy to change but I have no clue to tell it to use 192.168.5.1 for any traffic to/from 192.168.5.23

Last edited by jgrumbles; 04-10-2008 at 11:20 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting things straight: Apache, SSL, Multiple External IPs / Internal IPs robin.com.au Linux - Server 21 10-13-2007 11:39 PM
Script listening on TCP port pcmilhouse Linux - Networking 2 10-24-2006 12:15 PM
TCP Port not listening Craig Cox Linux - Security 1 10-10-2006 11:08 AM
tcp listening port help pbaxter Linux - Networking 4 07-11-2006 03:38 PM
how to define a specific range of IPs and/or multiple IPs in an iptables rule?... TheHellsMaster Linux - Security 9 09-20-2004 10:06 AM


All times are GMT -5. The time now is 03:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration