Strange problem with network interfaces... need some assistance.

tiger.woods · 12-20-2011, 09:53 AM

I'm running a server on Ubuntu 10.04 Lucid using dual nics, 192.168.1.100 and 192.168.2.1.

All had been running fine until I changed the gateway(s) from a dual setup to a single setup using a WRT54G and Vlan and then I got to messing with the server and now I think I've done something to some file on the server that has blocked the 192.168.1.0 and 192.168.2.0 subnets... ugh user error.

The 192.168.1.0 subnet is for intranet use only and the 192.168.2.0 subnet is for hosting, there is/was a rule in iptables to eliminate the communication between the subnets. The NIC's are set up as static in /etc/network/interfaces as such:

Quote:

iface eth0 inet static
address 192.168.2.99
gateway 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255

iface eth1 inet static
address 192.168.1.100
gateway 192.168.1.9
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255

auto eth0
auto eth1

Here's my problem, the interfaces are not able to ping their respective gateways nor the gateways able to ping the respective IP's on the server. Specifically I've been working on the local 192.168.1.100 and for the life of me can't get it to ping the Gateway...

However, when I changed the eth1 to use DHCP it gets another available IP from the DHCP server/router and all is good, very strange.

Quote:

iface eth1 inet dhcp
auto eth1

So this tells me everything from the computer is good and there is something going on with the IP's sepcifically.

It seems anytime that I use the 192.168.1.100 address it no longer works? could iptables be incorrect or something else be blocking that particular IP?

Hopefully someone has some ideas on how to figure this out because I'm at a loss...

TW,

malekmustaq · 12-20-2011, 11:04 AM

tiger.woods,
I am in a hurry and your problem needs thinking before posting any help.
But this one thing I do to help you:
I am replying to put this into the top of the linux-net forum, just perchance there are more network gurus viewing there than this Zero-Reply-Threads.
The least help I can do for you.
Hope you can make a birdie soon

m.m.

tiger.woods · 12-20-2011, 02:17 PM

Appreciate the feedback I look forward to some expert advice... fore!

TW,

MidGe48 · 12-20-2011, 10:52 PM

Hi there, TW!

There is really too little info to be able to answer definitively. What you show, seems correct. So the solution might be elsewhere. It may be in the router. For instance is the router mask correct? Is the router able to allocate addresses, as you have them, static? Is your network configuration correct? Are your iptables or firewall setup correctly?

Sorry I can't be more help. It would be nice if you post what was the solution, or the problem, when you find it.

tiger.woods · 12-21-2011, 05:44 AM

Quote:

Are your iptables or firewall setup correctly?

This is where I think the problems might be hiding..?

I think the answers about the router can be answered by when I change the eth1 to:

Code:

iface eth1 inet dhcp
auto eth1

everything works...

MidGe48 · 12-21-2011, 07:28 AM

tw,

do a iptables -L to see whether they block your access.

tiger.woods · 12-21-2011, 06:01 PM

so check this out... I set up a static IP on eth2 and it shows a different IP in ifconfig... How is that possible?

Quote:

eth1 Link encap:Ethernet HWaddr
inet addr:192.168.2.99 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:19 Base address:0xd100

eth2 Link encap:Ethernet HWaddr
inet addr:192.168.1.136 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::210:5aff:fe19:1959/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18373 errors:0 dropped:0 overruns:0 frame:0
TX packets:1616 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5487296 (5.4 MB) TX bytes:179607 (179.6 KB)
Interrupt:18 Base address:0xd000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2789 errors:0 dropped:0 overruns:0 frame:0
TX packets:2789 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:622355 (622.3 KB) TX bytes:622355 (622.3 KB)

Quote:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback
address 127.0.0.1
netmask 255.0.0.0

# The primary network interface
iface eth2 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255

iface eth1 inet static
address 192.168.2.99
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255

auto eth1
auto eth2

tiger.woods · 12-21-2011, 06:25 PM

[edit]

After a reboot the ip address fixed itself...

When the ip was 192.168.1.136 I was able to get to the Internet and i actually posted from the server. The ip is now 192.168.1.100 and Internet access is gone again...

Iptables -L had nothing in it... I reset it through webmin and it is empty.

tiger.woods · 12-21-2011, 09:33 PM

OK, making some progress I think...

The problem only seems to happen when I assign a static IP to the server.

ifconfig with DHCP enabled:

Code:

eth2      Link encap:Ethernet  HWaddr 
          inet addr:192.168.1.145  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::210:5aff:fe19:1959/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5189 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2643 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1095148 (1.0 MB)  TX bytes:2208103 (2.2 MB)
          Interrupt:18 Base address:0xd000

ifconfig with static IP:

Code:

eth2      Link encap:Ethernet  HWaddr   
          inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::210:5aff:fe19:1959/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:293 errors:0 dropped:0 overruns:0 frame:0
          TX packets:81 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:41232 (41.2 KB)  TX bytes:10753 (10.7 KB)
          Interrupt:18 Base address:0xd000

Not sure what that says but could it be related to DNS somehow?

I'm really hoping someone can help me solve this...

TW,

tiger.woods · 12-21-2011, 09:43 PM

Just printed off the routes but don't know what should/shouldn't be there...

tiger.woods · 12-22-2011, 06:56 AM

So this is the layout that I'm trying to achieve (see image).

I think my problem lies with the gateway for the server, eth0 will be 192.168.2.99 and eth1 192.168.1.100.

Do I use the gateway for 192.168.2.99 or 192.168.1.100 since from what I read I can only have one?

I also spotted this post with an example of what seems to be using 2 gateways...

(http://www.cyberciti.biz/tips/config...x-systems.html)

Quote:

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 10.9.38.76
netmask 255.255.255.240
network 10.9.38.64
broadcast 10.9.38.79
### static routing ###
post-up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.9.38.65
pre-down route del -net 10.0.0.0 netmask 255.0.0.0 gw 10.9.38.65
auto eth1
iface eth1 inet static
address 204.186.149.140
netmask 255.255.255.240
network 204.186.149.128
broadcast 204.186.149.143
gateway 204.186.149.129
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 10.0.80.11 10.0.80.12

MidGe48 · 12-22-2011, 11:20 PM

eth0 is on a network 10.9.38.64-79
eth1 is on a network 204.186.149.128-143

if your main connection is eth0, then you use 10.9.38.65 as the gateway.

or, according to your first post:

eth0 is on a network 192.168.2.0-254
eth1 is on a network 192.168.1.0-254

if your main connection is eth0, then you use 192.168.2.1 as the gateway.

You got me confised now... I am not sure I understand the question any longer!

MidGe48 · 12-22-2011, 11:21 PM

Correction, I meant 0-255 for the second alternatives not 0-254. 255 is the broadcast address usually.

MidGe48 · 12-22-2011, 11:43 PM

I am just thinking aloud trying to understand...

In your first post you mentioned two sub-nets, but you are showing two different networks rather than two sub-nets as the mask for them is 255.255.255.0. Is that a source of misunderstanding? How did you design the sub-nets?

tiger.woods · 12-23-2011, 06:04 AM

Midge48, you are correct they are 2 different networks and not 2 subnets that's my inexperience showing through.

I believe I'm getting close to total resolution but still have a Firewall issue to deal with since the two networks can talk to each other which I don't want at all.

Using iproute I created 2 routing tables.

Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth1
0.0.0.0 192.168.1.9 0.0.0.0 UG 100 0 0 eth0
0.0.0.0 192.168.2.1 0.0.0.0 UG 100 0 0 eth1

But I'm looking for a firewall rule to stop them from talking to each other.. any ideas? I thought maybe the following:

Quote:

iptables -I FORWARD -i 192.168.1.0/24 -o 192.168.2.0/24 -j DROP