Find the answer to your Linux question:
Results 1 to 2 of 2
Okay, now this is a strange one; and part of the problem must be that I don't think I had a full comprehension of what was going on BEFORE things ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2007
    Posts
    3

    External access to Linux servers behind internal gateway, by hostname/IP/service?


    Okay, now this is a strange one; and part of the problem must be that I don't think I had a full comprehension of what was going on BEFORE things stuffed up, which makes things doubly annoying... :-)

    I'm offering a $10 reward plus a scooby snack for anyone who gives me an idea that winds up leading to a solution of some sort :)

    I'm a relative Linux newbie, having been the reluctant Sysadmin thrown in the deep end for a network of around 100 Linux machines and 50 or so Windows machines, all haphazardly networked to each other within their own internal (ethernet) networks and/or sometimes via the internet...

    My problem now concerns a relatively independant arm of the network, namely, my very own office network, consisting of workstations[internal IP's], the gateway[both internal and external], webserver/mailserver[external only - actually external times SEVEN different IP's], and "projects" machine, which we use for everything from SVN to Bugzilla and even some Samba file-shares.

    The full story, which I have found to be exceptionally difficult to actually DESCRIBE in a meaningful way, is as follows:


    THE PROBLEM:
    [See Below for description of each host]

    Until a few days ago, the domain "projects.internal.kukanstudio.com" was accessible from the outside world (the internet at large).
    Now I can only access it via the internal office network, on its alternate IP, 192.168.0.12.
    Note that [www].kukanstudio.com (a different machine) is all fine and behaving as per usual.

    From an external machine, I can NOT ping either internal, projects, or their shared numeric IP.
    HOWEVER, PARADOXICALLY, I CAN ssh into ANY of the above domains, HOWEVER, previously, ssh'ing into projects.internal would
    correctly SSH into the actual [192.168.0.12] machine. Now it SSH's into internal [192.168.0.1].

    What I have never understood:
    internal.kukanstudio.com and projects.internal.kukanstudio.com are TWO distinct machines.
    One is 192.168.0.1 (internal) and the other .12, on the internal network.
    They BOTH SHARE 150.101.99.196 as their external IP.
    SSH'ing (and, I thought, pinging) either host by name would correctly SSH to the RIGHT host. Almost
    as if internal was FORWARDING SSH (and ping, although who knows) requests through to projects.
    Projects has never apparently had any connection to the outside world, except thru internal [the gateway - ie. from behind the firewall],
    but I have ALWAYS been able to SSH and PING it from outside. I've not asked questions, simply accepted that it works.

    What could have happened in my absence:
    A reboot
    Power loss
    (GULP!) Malicious wankers attack


    NETWORK BACKGROUND:

    Thanks to someone, somewhere hating ASCII art and making spaces into noncharacters, please consult the diagram for some clarity :)


    Host: internal.kukanstudio.com [aka office's gateway]
    TWO ethernet cards.
    eth0: 150.101.99.196
    eth1: 192.168.0.1

    Host: projects.internal.kukanstudio.com [aka SVN/Bugzilla]
    One ethernet card.
    eth0: 192.168.0.12.
    IP according to the outside word: 150.101.99.196 [THE SAME as internal.kukanstudio.com above]

    Our office PC's (mostly windows):
    192.168.0.* internal network.
    Gateway is 192.168.0.1/150.101.99.196.

    Host: kukanstudio.com
    Our webserver, mailserver, etc.
    One ethernet card/Seven unique,official IP addresses
    IP according to the outside world: 150.101.99.197
    See output for www below.

    [root@www.kukanstudio.com ~]
    $ route
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    150.101.99.192 * 255.255.255.240 U 0 0 0 eth0
    169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
    127.0.0.0 * 255.0.0.0 U 0 0 0 lo
    default fa5-0-751.rtr7. 0.0.0.0 UG 0 0 0 eth0
    [root@www.kukanstudio.com ~]
    $ ifconfig
    eth0 Link encap:Ethernet HWaddr 00:40:F4:15:3D:14
    inet addr:150.101.99.194 Bcast:150.101.99.207 Mask:255.255.255.240
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:952869 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1294352 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:211495067 (201.6 Mb) TX bytes:1263354482 (1204.8 Mb)
    Interrupt:11 Base address:0x8c00

    eth0:0 Link encap:Ethernet HWaddr 00:40:F4:15:3D:14
    inet addr:150.101.99.193 Bcast:150.101.99.207 Mask:255.255.255.240
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:952869 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1294352 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:211495067 (201.6 Mb) TX bytes:1263354482 (1204.8 Mb)
    Interrupt:11 Base address:0x8c00

    eth0:1 Link encap:Ethernet HWaddr 00:40:F4:15:3D:14
    inet addr:150.101.99.195 Bcast:150.101.99.207 Mask:255.255.255.240
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:952869 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1294352 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:211495067 (201.6 Mb) TX bytes:1263354482 (1204.8 Mb)
    Interrupt:11 Base address:0x8c00

    eth0:2 Link encap:Ethernet HWaddr 00:40:F4:15:3D:14
    inet addr:150.101.99.197 Bcast:150.101.99.207 Mask:255.255.255.240
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:952869 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1294352 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:211495067 (201.6 Mb) TX bytes:1263354482 (1204.8 Mb)
    Interrupt:11 Base address:0x8c00

    eth0:3 Link encap:Ethernet HWaddr 00:40:F4:15:3D:14
    inet addr:150.101.99.198 Bcast:150.101.99.207 Mask:255.255.255.240
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:952869 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1294352 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:211495067 (201.6 Mb) TX bytes:1263354482 (1204.8 Mb)
    Interrupt:11 Base address:0x8c00

    eth0:4 Link encap:Ethernet HWaddr 00:40:F4:15:3D:14
    inet addr:150.101.99.199 Bcast:150.101.99.207 Mask:255.255.255.240
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:952869 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1294352 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:211495067 (201.6 Mb) TX bytes:1263354482 (1204.8 Mb)
    Interrupt:11 Base address:0x8c00

    eth0:5 Link encap:Ethernet HWaddr 00:40:F4:15:3D:14
    inet addr:150.101.99.200 Bcast:150.101.99.207 Mask:255.255.255.240
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:952869 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1294352 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:211495067 (201.6 Mb) TX bytes:1263354482 (1204.8 Mb)
    Interrupt:11 Base address:0x8c00

    eth0:6 Link encap:Ethernet HWaddr 00:40:F4:15:3D:14
    inet addr:150.101.99.201 Bcast:150.101.99.207 Mask:255.255.255.240
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:952869 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1294352 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:211495067 (201.6 Mb) TX bytes:1263354482 (1204.8 Mb)
    Interrupt:11 Base address:0x8c00

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:91419 errors:0 dropped:0 overruns:0 frame:0
    TX packets:91419 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:6548879 (6.2 Mb) TX bytes:6548879 (6.2 Mb)


    OUTPUT FROM internal:

    -bash-3.00# uname -a
    Linux internal.kukanstudio.com 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56 EDT 2005 i686 i686 i386 GNU/Linux
    -bash-3.00# ifconfig
    eth0 Link encap:Ethernet HWaddr 00:40:F4:15:44:DC
    inet addr:150.101.99.196 Bcast:150.101.99.207 Mask:255.255.255.240
    inet6 addr: fe80::240:f4ff:fe15:44dc/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:2837825 errors:0 dropped:0 overruns:0 frame:0
    TX packets:2350368 errors:0 dropped:0 overruns:3 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:2649132657 (2.4 GiB) TX bytes:446225799 (425.5 MiB)
    Interrupt:10 Base address:0x1400

    eth1 Link encap:Ethernet HWaddr 00:80:AD:84:69:40
    inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
    inet6 addr: fe80::280:adff:fe84:6940/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:4637440 errors:0 dropped:0 overruns:0 frame:0
    TX packets:5177375 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:1147660073 (1.0 GiB) TX bytes:3816299802 (3.5 GiB)
    Interrupt:11 Base address:0x1000

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:1172 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1172 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:122415 (119.5 KiB) TX bytes:122415 (119.5 KiB)

    -bash-3.00# route
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    150.101.99.192 * 255.255.255.240 U 0 0 0 eth0
    192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
    169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
    default fa5-0-751.rtr7. 0.0.0.0 UG 0 0 0 eth0
    -bash-3.00#



    OUTPUT FROM PROJECTS:

    projects ~ # route
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
    loopback localhost 255.0.0.0 UG 0 0 0 lo
    default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
    projects ~ # ifconfig
    eth0 Link encap:Ethernet HWaddr 00:D0:09:F5:B6:9A
    inet addr:192.168.0.12 Bcast:192.168.0.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:3699314 errors:0 dropped:0 overruns:0 frame:0
    TX packets:2460160 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:701902105 (669.3 Mb) TX bytes:3098894134 (2955.3 Mb)
    Interrupt:9 Base address:0xd800

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:330465 errors:0 dropped:0 overruns:0 frame:0
    TX packets:330465 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:90765734 (86.5 Mb) TX bytes:90765734 (86.5 Mb)

    projects ~ # arp
    Address HWtype HWaddress Flags Mask Iface
    192.168.0.1 ether 00:80:AD:84:69:40 C eth0
    192.168.0.126 ether 00:15:C5:C8:65:D8 C eth0
    projects ~ #


  2. #2
    Just Joined!
    Join Date
    Jan 2007
    Posts
    3

    Clue! "named" DNS zone errors found in /var/log/messages

    Aug 1 16:42:59 www named[824]: client 150.101.99.196#4888: updating zone 'kukanstudio.com/IN': update failed: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSE
    T)
    Aug 1 16:42:59 www named[824]: client 150.101.99.196#4891: update 'kukanstudio.com/IN' denied
    Aug 1 16:43:42 www named[824]: client 150.101.99.196#4896: updating zone 'kukanstudio.com/IN': update failed: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSE
    T)
    Aug 1 16:43:42 www named[824]: client 150.101.99.196#4899: update 'kukanstudio.com/IN' denied


    I'm as yet unsure what exactly all of this means, and why it's happened, but I feel like I'm on the right track.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •