Hi,

this may have been asked elsewhere, if so please point me in the right direction.. to date i am completely confused!! and have not been able to find anything significantly related to the problems listed below..

I have 5 servers handling connections to the following private networks:
10.10.1.x
10.10.10.x
10.10.12.x
10.10.101.x
10.10.110.x
subnet 255.255.255.0

the x.x.1.x, x.x.12.x and the x.x.101.x are all natted to the internet.

when i have a machine on x.x.1.0/24 i cannot remote desktop to a virtual windows server (sitting on linux vmware server), which is set to 10.10.12.201 netmask 255.255.255.0.
if i change the netmask to 255.255.0.0 the machine works connecting via remote desktop? why? this is only a problem when you are x.x.1.x and does not appear when using any other network. Ok i can deal with this but how can being on a different subnet solve the problem?

too add to this, i have a switch which is setup as a vlan server, servicing only 2 vlans. vlan 1 - 10.10.x.x and vlan 2 192.168.254.x netmask 255.255.255.0. everything was working with no problems until we lost power and our generator did not kick in, everything in the machine room shut down, and after the power came back on a new problem surfaced:

if i am on 192.168.254.x i cannot access a router connected to 10.10.1.x:8080, but all the other networks have no issues. the route from the gateway on the 192 is too the switch, and the switch routes to the server, who is a gateway for the 10 networks. the server then routes the 192 back to the switch.

this doesnt make sense because after everything rebooted and i checked the config's (i make copies of all the configs off all devices) and nothing is different - if a change is made its saved (so linux /etc/rc.local and cisco is written to the startup config).
This seems to be a port problem, because i can put a pc on x.x.1.x and \\x.x.1.x to it (from the 192), with no problems. the :8080 doesnt make sense to me because the networks are routed, and nothing else. does this again have something to do with subnetting, like i found with the remote desktop of the windows machine above? the 192.x.x.x is routed through the switch and the switch has an ip on the x.x.1.x and the 192.168.254.x networks. if i add an ip in any of the other networks i am still unable to access the routers on the x.x.1.x network. to add these devices ping wonderfully. also, i can be in vlan 1 with a x.x.1.x and use the switch as a gateway, and can access x.x.1.x:8080 with no prob, but as soon as i put myself in vlan2 with a 192.x.x.x ip i cannot reach the devices. the 192 net was setup as a management net, so we really need this to work again! putting people back in the 10.10.x.0/24 networks allows access to the internet, which we dont want management to do (they have there own internet access).


next, on the inside interfaces we have public networks (so eth0 services public and private ip's). when i ping from the gateway machine, say to google, i get around 250ms, and when i ping from another machine (using the public net) ping is 350ms. running traceroute doesnt show anything unusual, except 5 (or so) hops from us latency is +100ms. if i ping using the private ip's theres no problems?

Lastly, now this one makes no sense to me at all:
we have 2 machines. 1 with 1 outside (internet) connection, we will call this machine A, and one with 3 connections, machine B. both machines are connected to the same ISP - 2 fiber lines and 2 LS lines. machine B is load balancing. machine A has maybe 6 public networks on its inside interface, and the next hop uses machine A's outside ip as its gateway. when i add (and this is only a problem on 1 public network) an ip and run a traceroute, the route comes back via machine B, and not machine A. i know the routing from the ISP, because i put it there myself and this public network is definately routed to machine A. if i add an ip address on the public network, on machine B's inside interface this problem goes away. i tried routing the problem public net from machine B to the gateway of machine A (also directly to machine A), but this did nothing - though initially it appeared like it was the solution. this started when a client was complaining about a public ip being 'in use', when the fact was it wasnt. i tried the ip directly connected to the switch (all clients are behind radios - but these are nothing more than ether bridges) and i had no problems, but as soon as i went to the client sure enough i saw address conflict (adding the ip directly to the network card in a windows server machine). routing like i said initially solved the problem, but 2 days later the person called again with the same problem. again, i am the one who added the routes to all our public networks at the ISP, so i know the route is correct there. to me, i am wasting an ip by putting it on machine B, and it just shouldnt have to be done. i have checked the routing at the ISP and nothing there has changed in relation to our public networks...


i hope this is understandable, and any advice/help is greatly appreciated.

ok, this is much of text to read. I'll answer your first question.
If you want to have a connection between the 10.10.1.0/24 and the 10.10.12.0/24 Network you'll need a router between this two subnets. When you change the subnetmask to 16 both subnets are in the same big subnet. The subnetmask says which part of the ip-adress belongs to the subnet (24bit mask means the first 24 bit) and which part of the ip belongs to the host-adress.

You should read a tutorial about this before digging deeper in networking.

Be sure to know what is a switch and what is a router. A router is a device which manages connections between subnets. A switch only connects computers inside a subnet but never between subnets.

Markus

"You should read a tutorial about this before digging deeper in networking."

i have which is why im posting a question, telling me that, and telling me you havent read my post is XXXXXX.

there is a router between both networks, like duh? if you read what i said you would have gotten that. the router is the vmware server. the windows box is routed through the machine its sitting on top of.

its setup like this:

vmware server (the router)

eth0
x.x.1.x/24 (netmask 255.255.255.0)
x.x.12.245/24 (netmask 255.255.255.0)
x.x.101.x/24 (netmask 255.255.255.0)
x.x.110.x/24 (netmask 255.255.255.0)
eth1
public ip.



the virtual machine (windows server box)
eth0
x.x.12.201/24 (netmask 255.255.255.0)
gateway 10.10.12.245
eth1
public network, gateway of the same machine as above.


when i sit on any the x.x.1.x network i cant remote to the windows server. on any other network there is no problem.

after i change the subnet to 255.255.0.0, on the widows server - and change nothing else i can access the windows box from the x.x.1.x network

my question is why? they are now on different subnets - one is /24 the other is /16? being on the same subnet doesnt work, even though the router has an ip in every network. is this a bug/fault/floor in linux???

Well, I wrote that I'll only answered to your first question because this seemed clear to me.

I'll recommend to prepare a drawing of your network with the subnets and routers and so on. I think this will help yourself and other readers of the thread to understand whats going on.

Markus

I guess this is too difficult?? Maybe someone else needs a go?

the windows server is a virtual machine of the router (linux)

Computer | router (linux) | Traffic | windows server |

x.x.1.1/24 | 10.10.1.245/24 | NO | 10.10.12.201 | ip
x.x.12.1/24 | 10.10.10.245/24 | <-> | 255.255.255.0 | /24 subnet
x.x.10.1/24 | 10.10.12.245/24 | <-> | 10.10.12.245 | gateway
x.x.101.1/24 | 10.10.101.245/24 | <-> |
x.x.110/24 | 10.10.110.245/24 | <-> |



x.x.1.1/24 | 10.10.1.245/24 | <-> | 10.10.12.201 | ip
x.x.12.1/24 | 10.10.10.245/24 | <-> | 255.255.0.0 | /16 subnet
x.x.10.1/24 | 10.10.12.245/24 | <-> | 10.10.12.245 | gateway
x.x.101.1/24 | 10.10.101.245/24 | <-> |
x.x.110/24 | 10.10.110.245/24 | <-> |


wow posting this really screwed up my formatting..

The router in a subnet is called gateway, the gateway must be member of the subnet. This means: the router 10.10.10.245/24 cannot be the gateway for the 10.10.12.1/24 machine and also the router 10.10.12.245/24 cannot be the gateway for the 10.10.10.1 machine.

The "/24" means 255.255.255.0 and "/16" means 255.255.0.0

Markus

Please don't do this

ok so your now turning my words (router and gateway) and this is not pro active. a router can be a gateway and vice versa. hey for that matter i have a switch which does routing and is a gateway! its also a switch and a vlan server. so ok lets keep going..

i have 5 servers (gateways and routers). if i change the default gateway to another machine the problem is still there, so were still not making any progress..

your first idea of the networks being in the same big subnet sounds good, but normally you need to be on the same subnet for it too work correctly. So it is currently working, but i am trying to understand how and why. i have found the problem - its because of the subnetting, i have found the solution, but now im trying to understand why.

this (below) comes from a subnet calculator.. it says that 10.10.10.0/24 and 10.10.10.0/16 are class A networks, but a true class A network is on the 255.0.0.0 subnet? so maybe our entire subnetting on the 10 networks is incorrect? i found this network like this when i arrived with this company..

Address: 10.10.1.0 00001010.00001010.00000001 .00000000
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111 .00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000 .11111111
=>
Network: 10.10.1.0/24 00001010.00001010.00000001 .00000000 (Class A)
Broadcast: 10.10.1.255 00001010.00001010.00000001 .11111111
HostMin: 10.10.1.1 00001010.00001010.00000001 .00000001
HostMax: 10.10.1.254 00001010.00001010.00000001 .11111110
Hosts/Net: 254 (Private Internet)


Address: 10.10.1.0 00001010.00001010 .00000001.00000000
Netmask: 255.255.0.0 = 16 11111111.11111111 .00000000.00000000
Wildcard: 0.0.255.255 00000000.00000000 .11111111.11111111
=>
Network: 10.10.0.0/16 00001010.00001010 .00000000.00000000 (Class A)
Broadcast: 10.10.255.255 00001010.00001010 .11111111.11111111
HostMin: 10.10.0.1 00001010.00001010 .00000000.00000001
HostMax: 10.10.255.254 00001010.00001010 .11111111.11111110
Hosts/Net: 65534 (Private Internet)




now all that being said i do appreciate any productive help.

what happened to the rest of my post?

Please don't do this
People are trying to help, don't react like this.

ok, but if you correctly understand question 1 (of 3) then you would see the problem is when the devices are on the same subnet. when i move one device to a different subnet (closer to the correct??? subnet for the class of network) things start working correctly.

have i answered my own question, and that is the real problem is the class and subnet that is being used?

look, sorry to be sarcastic before. i do appreciate any help. this problem (1 of 3) started purely randomly about 4 or 5 months ago, and no one has been able to give me a reason why it didnt work. the original solution was to not use the x.x.1.x network, to access that machine, not so bad it was affecting just one person, anyways i stumbled upon the solution about 2 weeks ago, but thats just it. it is not correct, but works. ive searched everywhere, so now i thought i would try to ask others, see if anyone else can give me the correct reason why this doesnt work. if its due to the wrong subnet, could this also be whats causing (impacting) on problem number 3, or the return route to a public network?

also, this isnt so much of an important problem. i have a solution, so yeah jsut use it, what i am most concerend about is the last problem in my original post.

look, thankyou for trying to help, and thankyou for doing that so quickly. i was surprised to see someone reply so fast.

anyways, im open to anything, cause right now idk!!!

@evilted, I started reading through your initial post, but frankly it gave me a headache. Please use normal punctuation when communicating (otherwise your sentences all blend together). And put your network diagrams, command output, etc. in code tags. It's virtually unreadable the way you've posted it.

And on top of it all, please be polite for muck's sake. People are trying to help you on a volunteer basis here.

yeah and i thought this was a Linux Networking forum. not an English lesson. im a newb to this forum, i guess youve forgotten what that was?

i have been, i guess you didnt read that either:


so why not try to be helpful??

This isn't something I am looking to argue about. You don't have to use precise grammar, but people have to be able to actually read your posts. Failure to communicate clearly is going to likely mean failure to get help.

Also, a quick example regarding using code tags - which is easier to read?

$ netstat -ltn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:32705 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 ::1:631 :::* LISTEN

--- or ---

Finally, lose the nasty little attitude.

the server
i have left out the other networks as they are unrelated


like this there is no problem:

when its like this:
there is no 10.10.12.201/24 access (remote desktop, file sharing, domain, dns, basically nothing works except ping)
But any other 10.10.x.0/24 has no problem with the windows server box.

any ideas?