LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Network Configuration on RHEL 6.2 Santiago - Need an advice (https://www.linuxquestions.org/questions/linux-networking-3/network-configuration-on-rhel-6-2-santiago-need-an-advice-4175449100/)

shaifulsafar 02-07-2013 09:15 PM

Network Configuration on RHEL 6.2 Santiago - Need an advice
 
Hi,

Have a nice day :-).

I just get new Dell PowerEdge R720 come with RHEL Server 6.2. This server come with Network Daugther Card (NDC) 4 ports.

I was configured the network configuration with IP below:

IP : 172.18.64.3
Nmask : 255.255.252.0
Gateway : 172.18.64.1

The network cable for this server was connected via eth1 port to network switch.

The problem I'm facing is:

1. I can ping to other pc or workstation in the same network (LAN) but the other pc/workstation can't ping, ssh, ftp and http access to the server.

Here is few method I had done :
1. Disable / Enable RHEL Firewall. Didn't work.
2. Disable / Enable Selinux. Didn't work also.
3. Checking on ipv4.config configuration at /etc/sysctl.conf. all set as 0.
4. Set the same IP on my notebook installed with apache server, and plug in the same network cable to my netbook. both way can ping. netbook can ping pc, and pc can ping and access apache server (http).
5. Set IP in notebook with the same network range as server, connect the notebook to server via cross network cable. both way can ping and http access.
6. use ifup and ifdown command at /etc/sysconfig/network-scripts/... still didn't work.

I need help from experts here to resolve this problem. Before I post this topic, I was do searching in google and this forum, but did not see any related or same with this problem.

Thank you.

Shaiful.
Kuala Lumpur, Malaysia.

nini09 02-08-2013 01:27 AM

You should check your route table on the server.

shaifulsafar 02-08-2013 02:17 AM

Quote:

Originally Posted by nini09 (Post 4886817)
You should check your route table on the server.

172.18.64.0 0.0.0.0 255.255.252.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 172.18.64.1 0.0.0.0 UG 0 0 0 lo

this is my routing table now.

fortran 02-08-2013 06:43 AM

Whatever you are trying, just disable SElinux first. Don't enable it.
Don't disable firewall. It is for your server's safety.

When you try to connect your server using ssh, does it give following error?
ssh: connect to host localhost port 22: Connection refused

Have you opened port 21,22 & 80 in firewall configuration of your server?

Can you connect your system from server using ssh?
# ssh yoursystem'sIP

Send text of /etc/sysconfig/iptables

shaifulsafar 02-08-2013 09:29 AM

Quote:

Originally Posted by pavi_kanetkar (Post 4886970)
Whatever you are trying, just disable SElinux first. Don't enable it.
Don't disable firewall. It is for your server's safety.

When you try to connect your server using ssh, does it give following error?
ssh: connect to host localhost port 22: Connection refused

Have you opened port 21,22 & 80 in firewall configuration of your server?

Can you connect your system from server using ssh?
# ssh yoursystem'sIP

Send text of /etc/sysconfig/iptables

[root@metweb2 sysconfig]# vi iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
#-A INPUT -j REJECT --reject-with icmp-host-prohibited
#-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

nini09 02-11-2013 02:25 PM

1. I can ping to other pc or workstation in the same network (LAN) but the other pc/workstation can't ping, ssh, ftp and http access to the server.

What's IP address of other PC or workstation?
The route table is very weird. First, two routes against same interface, eth1, even if same metric. Second, default route points to loopback interface.

shaifulsafar 02-12-2013 07:59 PM

Quote:

Originally Posted by nini09 (Post 4889362)
1. I can ping to other pc or workstation in the same network (LAN) but the other pc/workstation can't ping, ssh, ftp and http access to the server.

What's IP address of other PC or workstation?
The route table is very weird. First, two routes against same interface, eth1, even if same metric. Second, default route points to loopback interface.

I was test ping from other server with IP 172.18.64.5 and same gateway.

shaifulsafar 02-13-2013 12:23 AM

Quote:

Originally Posted by pavi_kanetkar (Post 4886970)
Whatever you are trying, just disable SElinux first. Don't enable it.
Don't disable firewall. It is for your server's safety.

When you try to connect your server using ssh, does it give following error?
ssh: connect to host localhost port 22: Connection refused

Have you opened port 21,22 & 80 in firewall configuration of your server?

Can you connect your system from server using ssh?
# ssh yoursystem'sIP

Send text of /etc/sysconfig/iptables

[root@metweb2 sysconfig]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0
5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

fortran 02-13-2013 02:01 AM

Paste output of following commands.

When you try to connect server using your system
$ ssh Ip-of-the-server

when you try to connect your system using server
$ ssh IP-of-your-system

nini09 02-13-2013 02:48 PM

Ping from other PC to server and sniffer on all interface on server. Check ping response whether is droped or sent to wrong interface.

shaifulsafar 02-13-2013 10:20 PM

Thank you for your response nini and pavi,

The problem has been resolve yesterday. I was back to the basic configuration of the network using command line.

1. I was disable the default gateway which is the status is lo/loop back.
Code:

Destination    Gateway        Genmask        Flags  MSS Window  irtt Iface
172.18.64.0    0.0.0.0        255.255.252.0  U        0 0          0 eth1
169.254.0.0    0.0.0.0        255.255.0.0    U        0 0          0 eth1
0.0.0.0        172.18.64.1    0.0.0.0        UG        0 0          0 lo

2. Then I add route default gateway to 172.18.64.1.
Code:

[root@metweb2 network-scripts]# netstat -rn
Kernel IP routing table
Destination    Gateway        Genmask        Flags  MSS Window  irtt Iface
172.18.64.0    0.0.0.0        255.255.252.0  U        0 0          0 eth1
169.254.0.0    0.0.0.0        255.255.0.0    U        0 0          0 eth1
0.0.0.0        172.18.64.1    0.0.0.0        UG        0 0          0 eth1


It works. Then now I can continue to configuring firewall rules to allow functions on this server e.g ssh, telnet, http, ftp etc.

Anyway, Thank you so much for all friends here. Your advice, help and response are much appreciated.


All times are GMT -5. The time now is 03:16 AM.