Find the answer to your Linux question:
Results 1 to 9 of 9
Okay, I don't ask questions very often, so I am going to make this one long and in-depth Problem: there is a computer we cannot ping from the outside Info: ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Enthusiast
    Join Date
    Jun 2002
    Location
    San Antonio
    Posts
    621

    Routing stuff


    Okay, I don't ask questions very often, so I am going to make this one long and in-depth
    Problem: there is a computer we cannot ping from the outside
    Info: This computer is a dual-nic computer hiding behind a firewall, with the router in-house. One nic is for the DMZ, the other for external interface. Both of these are connected to both ports of the router (through switches). There are other computers on this network with the same configuration (2 nics, through a switch, to the router) that we can ping from the outside. RedHat 8.0 (though 7.3 was tried first). All the nics work (have been tested in other machines). The network setup is like this:
    Code:
    (DMZ) eth0->switch->"local lan port" of router.
    Code:
    (External) eth1->switch->"external lan port" of router
    eth0 is 192.168.x.x
    eth1 is 216.199.16.x (40 is the one we are having problems with, 50 works fine)
    so I had the admin (soon to be replaced by me) download/install ethereal to see what is going on. The machine gets the ping request. It replies to the ping request, but somewhere between its reply and the external side of the router it gets blocked.

    Any ideas? Firewall is running NAT, router might have arp issues (which I know nothing about). These are my two main suspects.
    I respectfully decline the invitation to join your delusion.

  2. #2
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    Can you paste output from route -n

    EDIT
    Are you only losing icmp packets or can you actually connect to the box with like like ssh.

  3. #3
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    I must have misunderstood you somewhere, because as I see it you shouldn't be able to reach the machine at all if there's a NATting router in the way?

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Enthusiast
    Join Date
    Jun 2002
    Location
    San Antonio
    Posts
    621
    it is a DNAT firewall (only masquerading for the "workstation" boxes)
    Code:
    216.199.16.0    0.0.0.0         255.255.255.192 U     0      0        0 eth1
    192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
    127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
    0.0.0.0         216.199.16.1    0.0.0.0         UG    0      0        0 eth1
    Okay, the other administrator got it working by changing the ethernet card, but this is the like 5th time it has happened. I think it will surface again in a week or so, till then see if you can think of any other ideas
    I respectfully decline the invitation to join your delusion.

  6. #5
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    That is very strange that changing the ethernet card fixed it. Were you able to ssh into it at all?

  7. #6
    Linux Enthusiast
    Join Date
    Jun 2002
    Location
    San Antonio
    Posts
    621
    you could ssh to the public IP from the private network (ie ssh 216.199.16.40 from 216.199.16.50), but not from external (i.e my house). Yes, it is a weird problem, that is why I came here. I figure enough people know me to figure out my own problems, but maybe I am just looking past it. I still can't think what it is besides the router, which I have no clue how to configure, nor how to tell if it is configured "right".
    I respectfully decline the invitation to join your delusion.

  8. #7
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    What happens if you try and ping your computer from 216.199.16.40, then? Does the router let those through, perhaps? If not, I guess you could try a traceroute from 216.199.16.40 and see where it stops.
    What happens if you traceroute 216.199.16.40 from your house?

  9. #8
    Linux Enthusiast
    Join Date
    Jun 2002
    Location
    San Antonio
    Posts
    621
    using ethereal we found that the ping got to the .40 box, and it says it replied to the ping as well. But I never got the reply. With traceroute it gets to the router, shows up on the actual machine as being tracerouted, replies to the traceroute, but my connection shows nothing. It will hang with the standard .... * ..... * .... *
    and then time out. Like I said, this problem is gone for now, but this is all really baffling to me.
    I respectfully decline the invitation to join your delusion.

  10. #9
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    What I meant was what happened if you ran ping and traceroute on the .40 box, targeting your machine at home. Anyway, I guess you can't test that now, since it seems to work. Isn't that just too annoying, when things actually do work, when they shouldn't? =)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •