Hello,

I have 2 subnets, A and B and a router connected to both A and B and the WAN.

I have 4 servers dual homed on subnets A and B, 2 of them are Mac OS and 2 of them are Centos 7 (1503). They are all configured to reply on the same interface that requests were received and the gateway on the B subnet is their default gateway. This diagram shows the network.

The 2 Mac OS servers and one of the CentOS servers, Bob, work fine in that each can ping and ssh into the others via their subnet A or B addresses.

Additionally, clients on subnet A can also access the Mac OS servers and the CentOS server, Bob via their subnet A or B addresses; and the three servers can access any of the clients on subnet A.

The second CentOS server, Alice, is the problem.

None of the other dual-homed servers or clients on subnet A can ping or ssh into Alice using Alice's subnet A address. Pings and ssh simply hang and I see no evidence of traffic at Alice via tcpdump. The arp tables on the other servers and clients all show that Alice's IP addresses on subnets A and B are mapped to the appropriate MAC addresses.

None of the other dual-homed servers can ping or ssh into Alice using Alice's subnet B address.

However, clients on subnet A are able to ping and ssh into Alice by using Alice's address on subnet B.

Further, Alice can ping and ssh into all servers and clients via subnet A; and can ping the other three servers on subnet B, but when Alice attempts to ssh into any of the servers via their subnet B addresses, Alice receives "Connection refused"?!

The servers Bob and Alice are intended to be configured the same except of course for addresses.

I've compared the various /etc/sysconfig/network-scripts/{ifcfg-, route-, rule-}{eno1, eno2} on Bob and Alice and they appear to be identical except for the addresses assigned to each interface.

I've compared "ip addr", "ip route", "ip rule" between Bob and Alice and all look identical save for address assignments.

I have disabled SELinux and disabled the firewall on Alice to remove these from consideration.

I'm befuddled regarding where the misconfiguration on Alice is.

It seems to me from the evidence that there is not A hardware problem with either of Alice's interfaces since I can reach each interface from the router via the subnet A and B addresses for Alice and clients on subnet A can reach Alice via the subnet B address.

It doesn't seem to be A problem in the router since all other combinations of communication are working.

Further, the connection refused doesn't seem to be A configuration issue with the other three servers via subnet B since they are all able to connect to each other on subnet B. From looking at tcpdump when Alice tries to connect to the other three servers on subnet B, I don't see any packets arriving at the B interfaces on the other three servers.

I would really appreciate any ideas about where to probe to try and resolve this issue.

Thank you,
Chris

Can you ping Alice's subnet ip address? If not try bouncing the interface on that network.

I can ping both interfaces on Alice from the router and can ssh into Alice from the WAN through the router. Further, the single-homed clients on subnet A can ping and ssh into Alice with no problem via Alice's subnet B address.

I have restarted NetworkManager and rebooted several times in the course of trying to troubleshoot this.

Firewall active?

After some wireshark captures with quite a few ICMP redirects from the router to the "hidden" server, I traced the problem to an overly zealous use of policy routing rules. Once the rules were simplified the problem was resolved.