dear All, I'm facing this routing problem, the setup is actualy part of ltsp, but I think this problem is Centos-specific. The server is a Dell Poweredge R210. The install is standard 6.4, updated. I have one nic facing the public internet: vi /etc/sysconfig/network-scripts/ifcfg-em1 DEVICE=em1 BOOTPROTO=none HWADDR=d4:ae:52:c1:28:2b NM_CONTROLLED=no ONBOOT=yes TYPE=Ethernet UUID="cdfe1d58-c56c-47fc-8a93-5df2e168d176" IPV6INIT=no USERCTL=no DNS2=195.238.2.22 DNS1=192.168.66.1 IPADDR=192.168.66.5 NETMASK=255.255.255.128 GATEWAY=192.168.66.1 and one nic serving the lan and dhpcd. vi /etc/sysconfig/network-scripts/ifcfg-em2 DEVICE=em2 BOOTPROTO=none HWADDR=d4:ae:52:c1:28:2c NM_CONTROLLED=no ONBOOT=yes TYPE=Ethernet UUID="e72a17b6-fb5f-43f0-9136-fa4d92b542ae" IPADDR=192.168.70.129 NETMASK=255.255.255.128 IPV6INIT=no USERCTL=no in iptables, prerouting and masquerading are configured : # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o eth+ -j MASQUERADE -A POSTROUTING -o em2 -j MASQUERADE COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth+ -j ACCEPT -A INPUT -i em2 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -p icmp -j ACCEPT -A FORWARD -i lo -j ACCEPT -A FORWARD -i eth+ -j ACCEPT -A FORWARD -i em2 -j ACCEPT -A FORWARD -o eth+ -j ACCEPT -A FORWARD -o em2 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT and in /etc/sysctl.conf ipforwarding is set to 1 # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 1 clients get ip adresses from dhcp server, and there's no other dhcp server on the lan. But clients cannot ping the public internet, e.g. 8.8.8.8 the only EM I'm seeing is when executing command : [root at centoshofkwartier ~]# sysctl -p /etc/sysctl.conf net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key error: "net.bridge.bridge-nf-call-iptables" is an unknown key error: "net.bridge.bridge-nf-call-arptables" is an unknown key kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 I switched the cables and switches, and changed the connection with the public internet. Can anybody offer some advise on this? Greetings, J. -- Johan Vermeulen IT-medewerker Caw De Kempen Opensource Software is the future.
Johan Vermeulen wrote:> dear All, > > I'm facing this routing problem, the setup is actualy part of ltsp, but > I think this problem is Centos-specific. > > The server is a Dell Poweredge R210. The install is standard 6.4, updated. > > I have one nic facing the public internet: >First, we always have BOOTPROTO set - in your case, assuming you're getting em1's IP from DHCP, you should have that; in the case of em2, it's BOOTPROTO=static. As it is, I'd think (without testing) that em1 is trying to present a reserved IP to the 'Net, which is a no-no.> vi /etc/sysconfig/network-scripts/ifcfg-em1 > > DEVICE=em1 > BOOTPROTO=none > HWADDR=d4:ae:52:c1:28:2b > NM_CONTROLLED=no > ONBOOT=yes > TYPE=Ethernet > UUID="cdfe1d58-c56c-47fc-8a93-5df2e168d176" > IPV6INIT=no > USERCTL=no > DNS2=195.238.2.22 > DNS1=192.168.66.1 > IPADDR=192.168.66.5 > NETMASK=255.255.255.128 > GATEWAY=192.168.66.1 > > and one nic serving the lan and dhpcd. > > vi /etc/sysconfig/network-scripts/ifcfg-em2 > > DEVICE=em2 > BOOTPROTO=none > HWADDR=d4:ae:52:c1:28:2c > NM_CONTROLLED=no > ONBOOT=yes > TYPE=Ethernet > UUID="e72a17b6-fb5f-43f0-9136-fa4d92b542ae" > IPADDR=192.168.70.129 > NETMASK=255.255.255.128 > IPV6INIT=no > USERCTL=no<snip> Secondly, what does route show? mark
On 06/04/2013 09:20 AM, Johan Vermeulen wrote:> dear All, > > I'm facing this routing problem, the setup is actualy part of ltsp, but > I think this problem is Centos-specific. > > The server is a Dell Poweredge R210. The install is standard 6.4, updated. > > I have one nic facing the public internet: > > vi /etc/sysconfig/network-scripts/ifcfg-em1 > > DEVICE=em1 > BOOTPROTO=none > HWADDR=d4:ae:52:c1:28:2b > NM_CONTROLLED=no > ONBOOT=yes > TYPE=Ethernet > UUID="cdfe1d58-c56c-47fc-8a93-5df2e168d176" > IPV6INIT=no > USERCTL=no > DNS2=195.238.2.22 > DNS1=192.168.66.1 > IPADDR=192.168.66.5 > NETMASK=255.255.255.128 > GATEWAY=192.168.66.1 > > and one nic serving the lan and dhpcd. > > vi /etc/sysconfig/network-scripts/ifcfg-em2 > > DEVICE=em2 > BOOTPROTO=none > HWADDR=d4:ae:52:c1:28:2c > NM_CONTROLLED=no > ONBOOT=yes > TYPE=Ethernet > UUID="e72a17b6-fb5f-43f0-9136-fa4d92b542ae" > IPADDR=192.168.70.129 > NETMASK=255.255.255.128 > IPV6INIT=no > USERCTL=no > > in iptables, prerouting and masquerading are configured : > > # Firewall configuration written by system-config-firewall > # Manual customization of this file is not recommended. > *nat > :PREROUTING ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > -A POSTROUTING -o eth+ -j MASQUERADE > -A POSTROUTING -o em2 -j MASQUERADEShouldn't this be em1?> COMMIT > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A INPUT -p icmp -j ACCEPT > -A INPUT -i lo -j ACCEPT > -A INPUT -i eth+ -j ACCEPT > -A INPUT -i em2 -j ACCEPT > -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT > -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > -A FORWARD -p icmp -j ACCEPT > -A FORWARD -i lo -j ACCEPT > -A FORWARD -i eth+ -j ACCEPT > -A FORWARD -i em2 -j ACCEPT > -A FORWARD -o eth+ -j ACCEPT > -A FORWARD -o em2 -j ACCEPT > -A INPUT -j REJECT --reject-with icmp-host-prohibited > -A FORWARD -j REJECT --reject-with icmp-host-prohibited > COMMIT > > and in /etc/sysctl.conf > > ipforwarding is set to 1 > > # Kernel sysctl configuration file for Red Hat Linux > # > # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and > # sysctl.conf(5) for more details. > > # Controls IP packet forwarding > net.ipv4.ip_forward = 1 > > > clients get ip adresses from dhcp server, and there's no other dhcp > server on the lan. > > But clients cannot ping the public internet, e.g. 8.8.8.8 > > the only EM I'm seeing is when executing command : > > [root at centoshofkwartier ~]# sysctl -p /etc/sysctl.conf > net.ipv4.ip_forward = 1 > net.ipv4.conf.default.rp_filter = 1 > net.ipv4.conf.default.accept_source_route = 0 > kernel.sysrq = 0 > kernel.core_uses_pid = 1 > net.ipv4.tcp_syncookies = 1 > error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key > error: "net.bridge.bridge-nf-call-iptables" is an unknown key > error: "net.bridge.bridge-nf-call-arptables" is an unknown key > kernel.msgmnb = 65536 > kernel.msgmax = 65536 > kernel.shmmax = 68719476736 > kernel.shmall = 4294967296 > > I switched the cables and switches, and changed the connection with the > public internet. > > Can anybody offer some advise on this? > > Greetings, J. > > > >-- Stephen Clark *NetWolves* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.clark at netwolves.com http://www.netwolves.com
Sent from my HTC ----- Reply message ----- From: "Johan Vermeulen" <jvermeulen at cawdekempen.be> To: "CentOS mailing list" <centos at centos.org> Subject: [CentOS] Centos6.4 routing problem Date: Tue, Jun 4, 2013 16:13 hello Mark, thanks for the help. Op 04-06-13 15:56, m.roth at 5-cent.us schreef:> Johan Vermeulen wrote: >> dear All, >> >> I'm facing this routing problem, the setup is actualy part of ltsp, but >> I think this problem is Centos-specific. >> >> The server is a Dell Poweredge R210. The install is standard 6.4, updated. >> >> I have one nic facing the public internet: >> > First, we always have BOOTPROTO set - in your case, assuming you're > getting em1's IP from DHCP, you should have that; in the case of em2, it's > BOOTPROTO=static. As it is, I'd think (without testing) that em1 is trying > to present a reserved IP to the 'Net, which is a no-no.both ifcfg's now have BOOTPROTO=static and I restarted network and dhcpd.> >> vi /etc/sysconfig/network-scripts/ifcfg-em1 >> >> DEVICE=em1 >> BOOTPROTO=none >> HWADDR=d4:ae:52:c1:28:2b >> NM_CONTROLLED=no >> ONBOOT=yes >> TYPE=Ethernet >> UUID="cdfe1d58-c56c-47fc-8a93-5df2e168d176" >> IPV6INIT=no >> USERCTL=no >> DNS2=195.238.2.22 >> DNS1=192.168.66.1 >> IPADDR=192.168.66.5 >> NETMASK=255.255.255.128 >> GATEWAY=192.168.66.1 >> >> and one nic serving the lan and dhpcd. >> >> vi /etc/sysconfig/network-scripts/ifcfg-em2 >> >> DEVICE=em2 >> BOOTPROTO=none >> HWADDR=d4:ae:52:c1:28:2c >> NM_CONTROLLED=no >> ONBOOT=yes >> TYPE=Ethernet >> UUID="e72a17b6-fb5f-43f0-9136-fa4d92b542ae" >> IPADDR=192.168.70.129 >> NETMASK=255.255.255.128 >> IPV6INIT=no >> USERCTL=no > <snip> > Secondly, what does route show? > > mark > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos[root at centoshofkwartier ~]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.70.128 * 255.255.255.128 U 0 0 0 em2 192.168.66.0 * 255.255.255.128 U 0 0 0 em1 link-local * 255.255.0.0 U 1002 0 0 em1 link-local * 255.255.0.0 U 1003 0 0 em2 default 192.168.66.1 0.0.0.0 UG 0 0 0 em1 greetings, J. _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos