thr3ads.net - LARTC - Multihome routing question [Jan 2004]

If this information is useful, please help other people find it:
Share via:

<eduard@technios.com>

2004-Jan-30 09:06 UTC

Multihome routing question

Hello,

I am new to network routing and I need help configuring a linux box with
two ethernet cards. In this case it''s a Linux RH 7.3 box, in a cabinet
that already has a couple of Windows servers. The Windows server routing
is below as an example.

The Linux box has an out-of-band interface at 10.130.36.38 and a public
eth at 62.50.8.84. I had to add a route for the private interface so I
could access its ports. However, since I did that, the Linux box cannot
access the internet. The incoming requests to 62.50.8.84 are fine, I can
hit the web service fine, but the net is not visible from the linux box.
I  think it''s just a matter of adding a route but am not sure how.

Interestingly enough I can ping the outside machines but cannot browse
over the net. I remember that this worked fine before I added the route
to  the private interface, so it must be a routing problem and not some
other  issue.

The Linux routing table:

[root@sylvester root]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
62.50.8.80      0.0.0.0         255.255.255.248 U     0      0        0
eth0
10.130.36.32    0.0.0.0         255.255.255.240 U     0      0        0
eth1
172.17.1.0      10.130.36.34    255.255.255.240 UG    0      0        0
eth1
10.0.0.0        10.130.36.33    255.0.0.0       UG    0      0        0
eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         62.50.8.81      0.0.0.0         UG    0      0        0
eth0

[root@sylvester root]# ip route
62.50.8.80/29 dev eth0  scope link
10.130.36.32/28 dev eth1  scope link
172.17.1.0/28 via 10.130.36.34 dev eth1
10.0.0.0/8 via 10.130.36.33 dev eth1
127.0.0.0/8 dev lo  scope link
default via 62.50.8.81 dev eth0


The Windows server routing, which works fine:

[c:\4nt]route PRINT
==========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...44 45 53 54 42 00 ...... NOC Extranet Access Adapter
0x1000004 ...00 0b cd 1c 99 84 ...... Compaq NC7780 Gigabit Server Adapter
0x1000005 ...00 0b cd 1c 96 95 ...... Compaq NC7780 Gigabit Server Adapter
==========================================================================
==========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       62.50.8.81      62.50.8.83       1
         10.0.0.0        255.0.0.0     10.130.36.33    10.130.36.36       1
     10.130.36.32  255.255.255.240     10.130.36.36    10.130.36.36
1 10.130.36.36  255.255.255.255        127.0.0.1       127.0.0.1       1
   10.255.255.255  255.255.255.255     10.130.36.36    10.130.36.36       1
      62.50.0.221  255.255.255.255     10.130.36.33    10.130.36.36
1 62.50.0.222  255.255.255.255     10.130.36.33    10.130.36.36       1
       62.50.8.80  255.255.255.248       62.50.8.83      62.50.8.83
1 62.50.8.83  255.255.255.255        127.0.0.1       127.0.0.1       1
   62.255.255.255  255.255.255.255       62.50.8.83      62.50.8.83       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
       172.17.1.0  255.255.255.240     10.130.36.34    10.130.36.36       1
        224.0.0.0        224.0.0.0     10.130.36.36    10.130.36.36
1 224.0.0.0        224.0.0.0       62.50.8.83      62.50.8.83       1
  255.255.255.255  255.255.255.255       62.50.8.83               2       1
Default Gateway:        62.50.8.81
==========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
         10.0.0.0        255.0.0.0     10.130.36.33       1
      62.50.0.221  255.255.255.255     10.130.36.33       1
      62.50.0.222  255.255.255.255     10.130.36.33       1
       172.17.1.0  255.255.255.240     10.130.36.34       1

Any help would be appreciated.
Eduard



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Greg Scott

2004-Jan-31 14:20 UTC

head link

RE: Multihome routing question

I''ll take a stab at this . . .

Try a traceroute to your ISP''s DNS server or even the ISP''s
gateway to
you.  (This is the next hop beyond your onsite gateway to the world.)
This will tell you what interface your stuff chooses when you want to go
out to the public Internet.  Also check your firewall rules on this box
(iptables -L -v -n) to see if you''re blocking anything.  And also look
to see if you have any alternate routing tables going on (ip rule list
and stuff like that).  

- Greg Scott


-----Original Message-----
From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]
On Behalf Of eduard@technios.com
Sent: Friday, January 30, 2004 3:06 AM
To: lartc@mailman.ds9a.nl
Cc: eduard@technios.com
Subject: [LARTC] Multihome routing question


Hello,

I am new to network routing and I need help configuring a linux box with
two ethernet cards. In this case it''s a Linux RH 7.3 box, in a cabinet
that already has a couple of Windows servers. The Windows server routing
is below as an example.

The Linux box has an out-of-band interface at 10.130.36.38 and a public
eth at 62.50.8.84. I had to add a route for the private interface so I
could access its ports. However, since I did that, the Linux box cannot
access the internet. The incoming requests to 62.50.8.84 are fine, I can
hit the web service fine, but the net is not visible from the linux box.
I  think it''s just a matter of adding a route but am not sure how.

Interestingly enough I can ping the outside machines but cannot browse
over the net. I remember that this worked fine before I added the route
to  the private interface, so it must be a routing problem and not some
other  issue.

The Linux routing table:

[root@sylvester root]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
62.50.8.80      0.0.0.0         255.255.255.248 U     0      0        0
eth0
10.130.36.32    0.0.0.0         255.255.255.240 U     0      0        0
eth1
172.17.1.0      10.130.36.34    255.255.255.240 UG    0      0        0
eth1
10.0.0.0        10.130.36.33    255.0.0.0       UG    0      0        0
eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0
lo
0.0.0.0         62.50.8.81      0.0.0.0         UG    0      0        0
eth0

[root@sylvester root]# ip route
62.50.8.80/29 dev eth0  scope link
10.130.36.32/28 dev eth1  scope link
172.17.1.0/28 via 10.130.36.34 dev eth1
10.0.0.0/8 via 10.130.36.33 dev eth1
127.0.0.0/8 dev lo  scope link
default via 62.50.8.81 dev eth0


The Windows server routing, which works fine:

[c:\4nt]route PRINT
=========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...44 45 53 54 42 00 ...... NOC Extranet Access Adapter 0x1000004
...00 0b cd 1c 99 84 ...... Compaq NC7780 Gigabit Server Adapter
0x1000005 ...00 0b cd 1c 96 95 ...... Compaq NC7780 Gigabit Server
Adapter
=========================================================================
========================================================================= Active
Routes:
Network Destination        Netmask          Gateway       Interface
Metric
          0.0.0.0          0.0.0.0       62.50.8.81      62.50.8.83
1
         10.0.0.0        255.0.0.0     10.130.36.33    10.130.36.36
1
     10.130.36.32  255.255.255.240     10.130.36.36    10.130.36.36
1 10.130.36.36  255.255.255.255        127.0.0.1       127.0.0.1       1
   10.255.255.255  255.255.255.255     10.130.36.36    10.130.36.36
1
      62.50.0.221  255.255.255.255     10.130.36.33    10.130.36.36
1 62.50.0.222  255.255.255.255     10.130.36.33    10.130.36.36       1
       62.50.8.80  255.255.255.248       62.50.8.83      62.50.8.83
1 62.50.8.83  255.255.255.255        127.0.0.1       127.0.0.1       1
   62.255.255.255  255.255.255.255       62.50.8.83      62.50.8.83
1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1
1
       172.17.1.0  255.255.255.240     10.130.36.34    10.130.36.36
1
        224.0.0.0        224.0.0.0     10.130.36.36    10.130.36.36
1 224.0.0.0        224.0.0.0       62.50.8.83      62.50.8.83       1
  255.255.255.255  255.255.255.255       62.50.8.83               2
1
Default Gateway:        62.50.8.81
=========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
         10.0.0.0        255.0.0.0     10.130.36.33       1
      62.50.0.221  255.255.255.255     10.130.36.33       1
      62.50.0.222  255.255.255.255     10.130.36.33       1
       172.17.1.0  255.255.255.240     10.130.36.34       1

Any help would be appreciated.
Eduard



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

<eduard@technios.com>

2004-Jan-31 21:27 UTC

head link

RE: Multihome routing question

Thanks for the suggestions. I noticed that traceroute just gives me a
timeout on the first hop (the local gateway). In a similar test on the
working machine, the local gateway responds perfectly well. Same result is
given with "lft" tracing agent.

Furthermore, in a frenzy to try to correct this problem, I ended up
removing iptables/ipchains from the server. I won''t be able to try your
suggestions now... but I spoke to the hosting company and they suggested
that I should request a Firewall change on their security appliance.

I think that there was a configuration change on their firewall, that''s
going to be handled later, for now there''s not much I can do.

Thanks again,
Eduard
> I''ll take a stab at this . . .
>
> Try a traceroute to your ISP''s DNS server or even the
ISP''s gateway to
> you.  (This is the next hop beyond your onsite gateway to the world.)
> This will tell you what interface your stuff chooses when you want to
> go out to the public Internet.  Also check your firewall rules on this
> box (iptables -L -v -n) to see if you''re blocking anything.  And
also
> look to see if you have any alternate routing tables going on (ip rule
> list and stuff like that).
>
> - Greg Scott
>
>
> -----Original Message-----
> From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]
> On Behalf Of eduard@technios.com
> Sent: Friday, January 30, 2004 3:06 AM
> To: lartc@mailman.ds9a.nl
> Cc: eduard@technios.com
> Subject: [LARTC] Multihome routing question
>
>
> Hello,
>
> I am new to network routing and I need help configuring a linux box
> with two ethernet cards. In this case it''s a Linux RH 7.3 box, in
a
> cabinet that already has a couple of Windows servers. The Windows
> server routing is below as an example.
>
> The Linux box has an out-of-band interface at 10.130.36.38 and a public
> eth at 62.50.8.84. I had to add a route for the private interface so I
> could access its ports. However, since I did that, the Linux box cannot
> access the internet. The incoming requests to 62.50.8.84 are fine, I
> can hit the web service fine, but the net is not visible from the linux
> box. I  think it''s just a matter of adding a route but am not sure
how.
>
> Interestingly enough I can ping the outside machines but cannot browse
> over the net. I remember that this worked fine before I added the route
> to  the private interface, so it must be a routing problem and not some
> other  issue.
>
> The Linux routing table:
>
> [root@sylvester root]# route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 62.50.8.80      0.0.0.0         255.255.255.248 U     0      0        0
> eth0
> 10.130.36.32    0.0.0.0         255.255.255.240 U     0      0        0
> eth1
> 172.17.1.0      10.130.36.34    255.255.255.240 UG    0      0        0
> eth1
> 10.0.0.0        10.130.36.33    255.0.0.0       UG    0      0        0
> eth1
> 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0
> lo
> 0.0.0.0         62.50.8.81      0.0.0.0         UG    0      0        0
> eth0
>
> [root@sylvester root]# ip route
> 62.50.8.80/29 dev eth0  scope link
> 10.130.36.32/28 dev eth1  scope link
> 172.17.1.0/28 via 10.130.36.34 dev eth1
> 10.0.0.0/8 via 10.130.36.33 dev eth1
> 127.0.0.0/8 dev lo  scope link
> default via 62.50.8.81 dev eth0
>
>
> The Windows server routing, which works fine:
>
> [c:\4nt]route PRINT
> =======================================================================>
==> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x2 ...44 45 53 54 42 00 ...... NOC Extranet Access Adapter 0x1000004
> ...00 0b cd 1c 99 84 ...... Compaq NC7780 Gigabit Server Adapter
> 0x1000005 ...00 0b cd 1c 96 95 ...... Compaq NC7780 Gigabit Server
> Adapter
> =======================================================================>
==>
> =======================================================================>
==> Active Routes:
> Network Destination        Netmask          Gateway       Interface
> Metric
>          0.0.0.0          0.0.0.0       62.50.8.81      62.50.8.83
> 1
>         10.0.0.0        255.0.0.0     10.130.36.33    10.130.36.36
> 1
>     10.130.36.32  255.255.255.240     10.130.36.36    10.130.36.36
> 1 10.130.36.36  255.255.255.255        127.0.0.1       127.0.0.1
> 1
>   10.255.255.255  255.255.255.255     10.130.36.36    10.130.36.36
> 1
>      62.50.0.221  255.255.255.255     10.130.36.33    10.130.36.36
> 1 62.50.0.222  255.255.255.255     10.130.36.33    10.130.36.36       1
>       62.50.8.80  255.255.255.248       62.50.8.83      62.50.8.83
> 1 62.50.8.83  255.255.255.255        127.0.0.1       127.0.0.1       1
>   62.255.255.255  255.255.255.255       62.50.8.83      62.50.8.83
> 1
>        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1
> 1
>       172.17.1.0  255.255.255.240     10.130.36.34    10.130.36.36
> 1
>        224.0.0.0        224.0.0.0     10.130.36.36    10.130.36.36
> 1 224.0.0.0        224.0.0.0       62.50.8.83      62.50.8.83       1
>  255.255.255.255  255.255.255.255       62.50.8.83               2
> 1
> Default Gateway:        62.50.8.81
> =======================================================================>
==> Persistent Routes:
>  Network Address          Netmask  Gateway Address  Metric
>         10.0.0.0        255.0.0.0     10.130.36.33       1
>      62.50.0.221  255.255.255.255     10.130.36.33       1
>      62.50.0.222  255.255.255.255     10.130.36.33       1
>       172.17.1.0  255.255.255.240     10.130.36.34       1
>
> Any help would be appreciated.
> Eduard
>
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Maybe Matching Threads

Search for more reasonably related threads

LARTC - Jan 2004 - Multihome routing question

Multihome routing question

RE: Multihome routing question

RE: Multihome routing question

Maybe Matching Threads