problems connecting to a lan from another subnet

dsids · 08-30-2006, 04:56 AM

Hi,
My office has ip range from 192.168.10. Two days back I was told to install a couple of servers so I attached two network cards to a pc.

( Server 1)

eth0 - 192.168.10.235 ( connected to my office lan running dhcp )

eth1 - 172.22.1.1 ( statically assinged the ip )

Then I installed another server ( Server 2 )and gave it the ip 172.22.1.2.

Now Im able to ping from:

172.22.1.2 to 172.22.1.1
172.22.1.2 to 192.168.10.235

But Im not able to go beyond 192.168.10.235 from 172.22.1.2. I also cannot access any service from Server2 on Server1, for eg ssh

Im able to ping Server2 from Server1 and am also able to access any service on Server2

Please Advise

Thanks
Danish

blackhole54 · 08-30-2006, 06:13 AM

Any of these problems could be caused by the firewall (iptables) rules on server 1. If they are not too long, perhaps you would like to post these?

The inability to ping the 192.168.10.0/24 subnet could, in addition, be caused by server 1 not being set to forward packets (in which case the 192.168.10.0/24 clients couldn't get out to the 17.22 addresses either) or by the routing table in server 1 not containing a route to the 192.168.10.0/24 subnet. Perhaps you want to publish the routing table also?

Check for forwarding with:

Code:

sysctl -a 2> /dev/null | grep forward

nuxrl · 08-30-2006, 06:32 AM

Quote:

Originally Posted by dsids

Now Im able to ping from:

172.22.1.2 to 172.22.1.1
172.22.1.2 to 192.168.10.235

Are you able or not able to ping 192.168.10.235 from 172.22.1.2?

If you have not configured routing on server 1, a simple solution is to change the servers to listen on 172.22.1.1. For example, ssh, change /etc/ssh/sshd_config to have

Code:

ListenAddress 172.22.1.1

and restart sshd should do it.

blackhole54 · 08-30-2006, 06:50 AM

nuxrl,

I just about injured myself laughing at your sig!

dsids · 08-30-2006, 07:07 AM

# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.22.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 172.22.1.2 0.0.0.0 UG 0 0 0 eth1

# sysctl -a 2> /dev/null | grep forward
net.ipv6.conf.eth1.forwarding = 0
net.ipv6.conf.lo.forwarding = 0
net.ipv6.conf.eth0.forwarding = 0
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.all.forwarding = 0
net.ipv4.conf.eth1.mc_forwarding = 0
net.ipv4.conf.eth1.forwarding = 0
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 0
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 0
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 0
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.forwarding = 0
net.ipv4.ip_forward = 0

Quote:

Are you able or not able to ping 192.168.10.235 from 172.22.1.2?

Yes Im able to ping 192.168.10.235 from 172.22.1.2

Thanks
Danish

dsids · 08-30-2006, 07:16 AM

Quote:

Originally Posted by dsids

# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.22.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 172.22.1.2 0.0.0.0 UG 0 0 0 eth1

# sysctl -a 2> /dev/null | grep forward
net.ipv6.conf.eth1.forwarding = 0
net.ipv6.conf.lo.forwarding = 0
net.ipv6.conf.eth0.forwarding = 0
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.all.forwarding = 0
net.ipv4.conf.eth1.mc_forwarding = 0
net.ipv4.conf.eth1.forwarding = 0
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 0
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 0
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 0
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.forwarding = 0
net.ipv4.ip_forward = 0

Yes Im able to ping 192.168.10.235 from 172.22.1.2

Thanks
Danish

Also I switched off the iptables on Server1. I ran the above route command and the sysctl command on Server1

This is the routing table on 172.22.1.2 ( Server2 )
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.22.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 172.22.1.1 0.0.0.0 UG 0 0 0 eth0

blackhole54 · 08-30-2006, 09:31 AM

I am not sure why you can't access your services on server 1. If you wan't to be able to ping (or do anything else) between the two subnets, you are going to have to turn on ip forwarding. One way is to add the line

Code:

net.ipv4.ip_forward = 1

to /etc/sysctl.conf and run:

sysctl -p

as root.

EDIT: I just noticed that you have the default gateway on both servers 1 and 2 set to the other server. I think the kernel can actually detect and break this infinite loop type routing, but it is still probably not a good idea.