have a centos server with 2 NICs hanging at 2 different gateways can ping gateway one gateway two not tested from localhost (10.10.10.10 eth0) to 10.10.10.1 sorry my english is not the best... i hope i made everything correct... if not please tell me what to do... ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com
David Butsch wrote:> have a centos server with 2 NICs hanging at 2 different gateways can > ping gateway one gateway two not > tested from localhost (10.10.10.10 eth0) to 10.10.10.1 > > sorry my english is not the best... > > i hope i made everything correct... if not please tell me what to do...First, you have installed Shorewall-perl but you are not using it. To use the Shorewall-perl compiler, you must set SHOREWALL_COMPILER=Perl in shorewall.conf. Second, if you disable Shorewall ("shorewall clear"), can you then ping to 10.10.10.1? If not, then fix your network configuration. It appears that the ping packets are being sent: Chain fw2dmz (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 6 504 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 <=== 6 packets, 504 bytes sent -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com
thank you very much for the quick answer! i set the compiler to Perl. afterwards i restarted the firewall (didnt work than too) and when i "cleared" the firewall i could not ping too. can you help me setting up my network configuration? i don''t know what could be wrong there because ifcfg-eth0 and ifcfg-eth1 is pretty much the same. both static both ethernet and so on... a friend of mine tried something with the arp protocoll and thisone said that it knows 10.10.10.1 i can ping 10.10.10.10 (localhost) it would be very kind if you would help me with my further problem! Thank you Tom Eastep schrieb:> David Butsch wrote: > >> have a centos server with 2 NICs hanging at 2 different gateways can >> ping gateway one gateway two not >> tested from localhost (10.10.10.10 eth0) to 10.10.10.1 >> >> sorry my english is not the best... >> >> i hope i made everything correct... if not please tell me what to do... >> > > First, you have installed Shorewall-perl but you are not using it. To > use the Shorewall-perl compiler, you must set SHOREWALL_COMPILER=Perl in > shorewall.conf. > > Second, if you disable Shorewall ("shorewall clear"), can you then ping > to 10.10.10.1? If not, then fix your network configuration. It appears > that the ping packets are being sent: > > Chain fw2dmz (1 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 6 504 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmp type 8 <=== 6 packets, 504 bytes sent > > > -Tom > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > The Planet: dedicated and managed hosting, cloud storage, colocation > Stay online with enterprise data centers and the best network in the business > Choose flexible plans and management services without long-term contracts > Personal 24x7 support from experience hosting pros just a phone call away. > http://p.sf.net/sfu/theplanet-com > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-devel mailing list > Shorewall-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-devel >------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com
David Butsch wrote:> thank you very much for the quick answer! > i set the compiler to Perl. > afterwards i restarted the firewall (didnt work than too) > and when i "cleared" the firewall i could not ping too. > > can you help me setting up my network configuration? > > i don''t know what could be wrong there because ifcfg-eth0 and ifcfg-eth1 > is pretty much the same. both static both ethernet and so on... > > a friend of mine tried something with the arp protocoll and thisone said > that it knows 10.10.10.1Yes; from the dump: ? (10.10.10.1) at 00:23:F8:27:99:F2 [ether] on eth0> > i can ping 10.10.10.10 (localhost) > > it would be very kind if you would help me with my further problem!Check the IP configuration on 10.10.10.1. It should have a netmask of 255.255.255.0 (/24) and its default gateway should be 10.10.10.10 (assuming that you want your Shorewall system to act as its gateway). Be sure that 10.10.10.1 is not running a firewall that drops ping (like many Windoze firewalls do). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com
10.10.10.10 is a server and 10.10.10.1 is the router/gateway
the router ist correct configured too, because if i hang in my laptop in
this port i can ping it...
this is what tcpdump says while pinging 10.10.10.1 6 times and then
waiting for about a minute...
tcpdump -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
02:02:30.515456 IP 10.10.10.1.router > 10.10.10.255.router: RIPv1,
Response, length: 64
02:02:31.958179 arp who-has 10.10.10.1 tell 10.10.10.10
02:02:31.958440 arp reply 10.10.10.1 is-at 00:23:f8:27:99:f2 (oui Unknown)
02:02:31.958446 IP 10.10.10.10 > 10.10.10.1: ICMP echo request, id 4111,
seq 1, length 64
02:02:32.957279 IP 10.10.10.10 > 10.10.10.1: ICMP echo request, id 4111,
seq 2, length 64
02:02:33.957356 IP 10.10.10.10 > 10.10.10.1: ICMP echo request, id 4111,
seq 3, length 64
02:02:34.957437 IP 10.10.10.10 > 10.10.10.1: ICMP echo request, id 4111,
seq 4, length 64
02:02:35.956519 IP 10.10.10.10 > 10.10.10.1: ICMP echo request, id 4111,
seq 5, length 64
02:02:36.956600 IP 10.10.10.10 > 10.10.10.1: ICMP echo request, id 4111,
seq 6, length 64
02:03:00.519640 IP 10.10.10.1.router > 10.10.10.255.router: RIPv1,
Response, length: 64
02:03:30.523768 IP 10.10.10.1.router > 10.10.10.255.router: RIPv1,
Response, length: 64
02:04:00.527935 IP 10.10.10.1.router > 10.10.10.255.router: RIPv1,
Response, length: 64
02:04:10.529121 IP 10.10.10.1 > ALL-SYSTEMS.MCAST.NET: ICMP router
advertisement lifetime 30:00 1: {10.10.10.1 0}, length 16
02:04:30.532073 IP 10.10.10.1.router > 10.10.10.255.router: RIPv1,
Response, length: 64
02:05:00.536229 IP 10.10.10.1.router > 10.10.10.255.router: RIPv1,
Response, length: 64
i send you my ifcfg-eth0 as attachement..
I stack @ this problem since 13hours ...
Tom Eastep schrieb:> David Butsch wrote:
>
>> thank you very much for the quick answer!
>> i set the compiler to Perl.
>> afterwards i restarted the firewall (didnt work than too)
>> and when i "cleared" the firewall i could not ping too.
>>
>> can you help me setting up my network configuration?
>>
>> i don''t know what could be wrong there because ifcfg-eth0 and
ifcfg-eth1
>> is pretty much the same. both static both ethernet and so on...
>>
>> a friend of mine tried something with the arp protocoll and thisone
said
>> that it knows 10.10.10.1
>>
>
> Yes; from the dump:
>
> ? (10.10.10.1) at 00:23:F8:27:99:F2 [ether] on eth0
>
>
>> i can ping 10.10.10.10 (localhost)
>>
>> it would be very kind if you would help me with my further problem!
>>
>
> Check the IP configuration on 10.10.10.1. It should have a netmask of
> 255.255.255.0 (/24) and its default gateway should be 10.10.10.10
> (assuming that you want your Shorewall system to act as its gateway).
>
> Be sure that 10.10.10.1 is not running a firewall that drops ping (like
> many Windoze firewalls do).
>
> -Tom
>
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the
business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> ------------------------------------------------------------------------
>
> _______________________________________________
> Shorewall-devel mailing list
> Shorewall-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-devel
>
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
On Fri, 2010-02-05 at 01:15 +0100, David Butsch wrote:> 10.10.10.10 is a server and 10.10.10.1 is the router/gateway > > the router ist correct configured too, because if i hang in my laptop in > this port i can ping it... > > > this is what tcpdump says while pinging 10.10.10.1 6 times and then> i send you my ifcfg-eth0 as attachement.. > > I stack @ this problem since 13hours ...Well, your problem has nothing to do with Shorewall. I will help with Shorewall problems but I don''t have the time or the energy to solve all of the worlds IP problems. Sorry. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com