Routing stuff

[wassy121]

Okay, I don't ask questions very often, so I am going to make this one long and in-depth
Problem: there is a computer we cannot ping from the outside
Info: This computer is a dual-nic computer hiding behind a firewall, with the router in-house. One nic is for the DMZ, the other for external interface. Both of these are connected to both ports of the router (through switches). There are other computers on this network with the same configuration (2 nics, through a switch, to the router) that we can ping from the outside. RedHat 8.0 (though 7.3 was tried first). All the nics work (have been tested in other machines). The network setup is like this:

Code:

(DMZ) eth0->switch->"local lan port" of router.

Code:

(External) eth1->switch->"external lan port" of router

eth0 is 192.168.x.x
eth1 is 216.199.16.x (40 is the one we are having problems with, 50 works fine)
so I had the admin (soon to be replaced by me) download/install ethereal to see what is going on. The machine gets the ping request. It replies to the ping request, but somewhere between its reply and the external side of the router it gets blocked.

Any ideas? Firewall is running NAT, router might have arp issues (which I know nothing about). These are my two main suspects.

[genlee]

Can you paste output from route -n

EDIT
Are you only losing icmp packets or can you actually connect to the box with like like ssh.

[Dolda2000]

I must have misunderstood you somewhere, because as I see it you shouldn't be able to reach the machine at all if there's a NATting router in the way?

[wassy121]

it is a DNAT firewall (only masquerading for the "workstation" boxes)

Code:

216.199.16.0    0.0.0.0         255.255.255.192 U     0      0        0 eth1
192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         216.199.16.1    0.0.0.0         UG    0      0        0 eth1

Okay, the other administrator got it working by changing the ethernet card, but this is the like 5th time it has happened. I think it will surface again in a week or so, till then see if you can think of any other ideas

[genlee]

That is very strange that changing the ethernet card fixed it. Were you able to ssh into it at all?

[wassy121]

you could ssh to the public IP from the private network (ie ssh 216.199.16.40 from 216.199.16.50), but not from external (i.e my house). Yes, it is a weird problem, that is why I came here. I figure enough people know me to figure out my own problems, but maybe I am just looking past it. I still can't think what it is besides the router, which I have no clue how to configure, nor how to tell if it is configured "right".

[Dolda2000]

What happens if you try and ping your computer from 216.199.16.40, then? Does the router let those through, perhaps? If not, I guess you could try a traceroute from 216.199.16.40 and see where it stops.
What happens if you traceroute 216.199.16.40 from your house?

[wassy121]

using ethereal we found that the ping got to the .40 box, and it says it replied to the ping as well. But I never got the reply. With traceroute it gets to the router, shows up on the actual machine as being tracerouted, replies to the traceroute, but my connection shows nothing. It will hang with the standard .... * ..... * .... *
and then time out. Like I said, this problem is gone for now, but this is all really baffling to me.

[Dolda2000]

What I meant was what happened if you ran ping and traceroute on the .40 box, targeting your machine at home. Anyway, I guess you can't test that now, since it seems to work. Isn't that just too annoying, when things actually do work, when they shouldn't? =)