TCP services not listening on multiple IPs
RHEL4
I have a DMZ server that will only listen to TCP requests one one IP or the other based on what the default gateway is. eth0 = 192.168.7.16 (core LAN) eth1 = 192.168.5.23 (DMZ) With the respective gateways ending in .1 for each subnet. I have the default gateway for the machine being 192.168.7.1 but this prevents me from connecting to 192.168.5.23 via SSH/FTP/etc, anything TCP. If I force the default gateway to 192.168.5.1 then I can connect to 192.168.5.23 but nothing on 192.168.7.1 works. The two things that confuse me are: 1) I can ping both IPs no matter what the default gateway scenario is. 2) We have similar boxes that run on 192.168.8.* and 192.168.7.* whose default gateway is 192.168.8.1 and I can SSH/FTP/etc into both IPs on every box and I didn't have to set anything specifically to allow this. Thanks for any help. Edit: Here is the tcpdump I get [root@collin07 ~]# tcpdump -i eth1 -vv | grep ssh tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 09:07:31.995440 IP (tos 0x0, ttl 127, id 19146, offset 0, flags [DF], proto 6, length: 64) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: S [tcp sum ok] 2729021493:2729021493(0) win 65535 <mss 1300,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK> 09:07:31.995708 IP (tos 0x0, ttl 127, id 19147, offset 0, flags [none], proto 6, length: 40) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: R [tcp sum ok] 3038169644:3038169644(0) win 0 09:07:35.009484 IP (tos 0x0, ttl 127, id 19226, offset 0, flags [DF], proto 6, length: 64) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: S [tcp sum ok] 3281011647:3281011647(0) win 65535 <mss 1300,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK> 09:07:35.009706 IP (tos 0x0, ttl 127, id 19227, offset 0, flags [none], proto 6, length: 40) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: R [tcp sum ok] 3590159798:3590159798(0) win 0 09:07:40.944032 IP (tos 0x0, ttl 127, id 19298, offset 0, flags [DF], proto 6, length: 64) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: S [tcp sum ok] 24460256:24460256(0) win 65535 <mss 1300,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK> 09:07:40.944273 IP (tos 0x0, ttl 127, id 19299, offset 0, flags [none], proto 6, length: 40) pc0360.ads-pipe.com.2704 > 192.168.5.23.ssh: R [tcp sum ok] 333608407:333608407(0) win 0 |
Actually, doesn't have anything to do with the firewall/DMZ. Basically I need the routing table to look like this:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.7.0 192.168.7.1 255.255.255.0 U 0 0 0 eth0 192.168.5.0 192.168.5.1 255.255.255.0 U 0 0 0 eth1 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 default 192.168.7.1 0.0.0.0 UG 0 0 0 eth1 And not how it looks like currently: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.7.0 * 255.255.255.0 U 0 0 0 eth0 192.168.5.0 * 255.255.255.0 U 0 0 0 eth1 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 default 192.168.5.1 0.0.0.0 UG 0 0 0 eth1 I know the default gateway is easy to change but I have no clue to tell it to use 192.168.5.1 for any traffic to/from 192.168.5.23 |
All times are GMT -5. The time now is 09:55 AM. |