Find the answer to your Linux question:
Results 1 to 6 of 6
I have something very funky is going on here. I must be missing something obvious but I cannot find it. I cannot seem to access systems across subnets from Linux ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2012
    Posts
    4

    Angry Strange (to me) problem


    I have something very funky is going on here. I must be missing something obvious but I cannot find it. I cannot seem to access systems across subnets from Linux boxes only. I'm testing from a Debian and a Ubuntu server.

    Access from 172.16.0.x on 10.40.10.10 Windows – OK
    Access from 172.16.0.x on 10.40.10.10 Linux – OK
    Access from 10.10.10.x to 10.40.10.10 on Windows – OK
    Access from 10.10.10.x on 10.40.10.10 Linux – Doesn't work

    All of the network access/routing is being done on a Sonicwall NSA240, not that I think it matters here.

    Thinking this through I know that there is route from 172.16.0.x since I have connectivity from both types of systems. I also have to accept that there is a route from 10.10.10.x from 10.40.10.x because windows systems can get there. The Linux systems simply will not make it.

    I cleared the counters on the firewall and attempted a ping from the 10.10.10.x Linux box and saw transmit activity on the rule, but not receive. Which means the Linux box on 10.10.10.x is sending the packets. It seems that the systems on the 10.40.10.x network are either not receiving the request or aren’t responding.

    Taking it a step further I know that the default gateway on the 10.10.10.1 network is forwarding requests because all systems can ping the gateway and hit the internet.

    In this particular situation all of these systems are virtual hosted on a VMware ESXi 5.0 host.

    I tried to provide as much information as I thought was relevant but if there more that will help please let me know.

  2. #2
    Just Joined!
    Join Date
    Oct 2012
    Posts
    4
    More information. On my target machine, 10.40.10.10 I did a TCPDUMP ICMP and sent the ping from my 10.10.10.x Linux system. 10.40.10.10 received and replied to the ICMP request, but its not making it back to the 10.10.10.x Linux system.

  3. #3
    Linux Newbie
    Join Date
    Apr 2012
    Posts
    112
    Quote Originally Posted by tfk917 View Post
    More information. On my target machine, 10.40.10.10 I did a TCPDUMP ICMP and sent the ping from my 10.10.10.x Linux system. 10.40.10.10 received and replied to the ICMP request, but its not making it back to the 10.10.10.x Linux system.
    it might be helpful to trace a route rather than use ping.

  4. #4
    Just Joined!
    Join Date
    Oct 2012
    Posts
    4
    I have. It shows the last responding hop as the gateway. However due to TCPDUMP I know it's getting beyond that.

  5. #5
    Linux Newbie
    Join Date
    Jun 2012
    Location
    SF Bay area
    Posts
    115
    One question to clarify something that's bugging me... If all these systems are VM's on the same VMware ESXi 5.0 host, how is the firewall device even seeing the packets? Are you routing packet in/out of the VMware host through an external firewall device?

  6. #6
    Just Joined!
    Join Date
    Oct 2012
    Posts
    4
    Same host stack, different networking. The network isolation requirements are mandated by a project constraint. Essentially the servers have dedicated NICs going to two physical switch stacks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •