Find the answer to your Linux question:
Results 1 to 7 of 7
Hello all, I am a network admin and have a little experience with linux but I am trying to figure this out nonetheless I have a network with several subnets ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2012
    Posts
    3

    Network (possible subnet/route) issue


    Hello all,
    I am a network admin and have a little experience with linux but I am trying to figure this out nonetheless I have a network with several subnets and I am having an issue getting icmp traffic to cross. my management network is 10.16.x.x mask 255.255.248.0 gateway 10.16.88.1, then I have core 192.168.x.x mask 255.255.255.0 gateway 192.168.140.1 and core_mgmt 10.16.41.x mask 255.255.255.0 gateway 255.255.55.0. This is an AD environment, and there is a firewall between management and core but the firewall is not the issue as I had placed an any any rule to take that factor out. So on to the issue. I am able to ping from 10.16.x.x (windows+linux)to 10.16.41.x (win+lin) and 10.16.x.x (win+lin) 192.168.x.x (win only) no linux response. However I can ping from 192.168.x.x (win+lin) back to 10.16.x.x (win+lin) and I can ping from 10.16.41.x (win+lin) to 192.168.140.x (win+lin) The Core and Core_mgmt are on the same domain and core is front end address and core_mgmt is backside (management) addresses. so basically the servers have two address each on a separate NIC. the mgmt NIC does not have a gateway but th core NIC does. Hopefully this is clear enough to understand. Thank you in advance for any help.

  2. #2
    Just Joined!
    Join Date
    Nov 2007
    Location
    San Diego
    Posts
    17
    I am not sure what you mean by management network.
    It would help to see your configuration.
    Can you post the output of:
    ifconfig
    route -n
    iptables -L

    Somtimes it helps to clear out all firewall rules with iptables -F, but make sure you have a copy of your firewall rules first.

  3. #3
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    779
    Quote Originally Posted by townsendej View Post
    Hello all,
    I am a network admin and have a little experience with linux but I am trying to figure this out nonetheless I have a network with several subnets and I am having an issue getting icmp traffic to cross. my management network is 10.16.x.x mask 255.255.248.0 gateway 10.16.88.1, then I have core 192.168.x.x mask 255.255.255.0 gateway 192.168.140.1 and core_mgmt 10.16.41.x mask 255.255.255.0 gateway 255.255.55.0. This is an AD environment, and there is a firewall between management and core but the firewall is not the issue as I had placed an any any rule to take that factor out. So on to the issue. I am able to ping from 10.16.x.x (windows+linux)to 10.16.41.x (win+lin) and 10.16.x.x (win+lin) 192.168.x.x (win only) no linux response. However I can ping from 192.168.x.x (win+lin) back to 10.16.x.x (win+lin) and I can ping from 10.16.41.x (win+lin) to 192.168.140.x (win+lin) The Core and Core_mgmt are on the same domain and core is front end address and core_mgmt is backside (management) addresses. so basically the servers have two address each on a separate NIC. the mgmt NIC does not have a gateway but th core NIC does. Hopefully this is clear enough to understand. Thank you in advance for any help.
    Hello,

    This is incomprehensible the way it is currently written. I think you should break this up into smaller paragraphs, each articulating a specific part of the set up. Then, at the bottom, describe your problem.

  4. #4
    Just Joined!
    Join Date
    Apr 2012
    Posts
    3
    Hey, thanks for your quick responses my apologies I was unable to get beck to you until this morning. I will try to describe the network layout a little clearer this time. Also @Systemnotes here are the outputs requested (sorry can't add attachment):

    root@Server:~[root@Server ~]# ifconfig

    eth0 Link encap:Ethernet HWaddr 00:50:56:84:3F:61
    inet addr:10.16.x.x Bcast:10.16.41.255 Mask:255.255.255.0
    inet6 addr: fe80::250:56ff:fe84:3f61/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:330029 errors:0 dropped:0 overruns:0 frame:0
    TX packets:101723 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:33158844 (31.6 MiB) TX bytes:8237585 (7.8 MiB)

    eth1 Link encap:Ethernet HWaddr 00:50:56:84:3F:62
    inet addr:192.168.x.x Bcast:192.168.140.255 Mask:255.255.255.0
    inet6 addr: fe80::250:56ff:fe84:3f62/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:1448706 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1014154 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:185432401 (176.8 MiB) TX bytes:124737297 (118.9 MiB)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:21534 errors:0 dropped:0 overruns:0 frame:0
    TX packets:21534 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:5497897 (5.2 MiB) TX bytes:5497897 (5.2 MiB)

    root@Server:~[root@Server ~]# route -n

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    10.16.x.x 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    192.168.x.x 0.0.0.0 255.255.255.0 U 0 0 0 eth1
    10.16.x.x 10.16.x.x 255.255.248.0 UG 0 0 0 eth0
    169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
    0.0.0.0 192.168.140.1 0.0.0.0 UG 0 0 0 eth1

    root@Server[root@Server ~]# iptables -L

    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    OK now back to the network layout:

    I have two domains one is a management domain on 10.16.x.x, the other is our production domain which has several subnets on it. The two I am concerned with are 10.16.41.x which is the management subnet for the frontside addresses on subnet 192.168.x.x. the issue is I can not ping between these domains to linux machines. I can do windows to linux and linux to linux inside of each domain, so management to management and production to production windows or linux doesnt matter it works. and I can ping from management to production from windows to windows or linux to windows but only on the management subnet of 10.16.41.x but I can not get a ping across the 192.168.x.x addresses. Both windows and Linux firewalls are disabled.

  5. #5
    Just Joined!
    Join Date
    Apr 2012
    Posts
    3
    Ok, so after a lot of time spent on Google one of our Linux admins found the answer. This was not a network issue but an issue with how Linux was routing the packets. It was coming in on interface eth0 but sending out on eth1. Here is a link for anyone who may encounter this issue in the future. kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/ (sorry can't post a link until after 15th post) so copy and paste to browser

  6. #6
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    Quote Originally Posted by townsendej View Post
    root@Server:~[root@Server ~]# route -n

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    10.16.x.x 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    192.168.x.x 0.0.0.0 255.255.255.0 U 0 0 0 eth1
    10.16.x.x 10.16.x.x 255.255.248.0 UG 0 0 0 eth0
    169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
    0.0.0.0 192.168.140.1 0.0.0.0 UG 0 0 0 eth1
    One issue I see right away is you have 2 Gateways defined. How is the system to know which gateway to use? You should only be defining one gateway. This is neither a network or system issue, this is an admin issue.

    Another issue is your 10 network. You have 2 defined and they over lap.
    Code:
    10.16.x.x      0.0.0.0         255.255.255.0   U     0      0        0 eth0
    10.16.x.x      10.16.x.x      255.255.248.0   UG    0      0        0 eth0
    Look at your masks.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  7. #7
    Just Joined!
    Join Date
    May 2012
    Location
    Novosibirsk
    Posts
    9
    At the next time you will need to use a MS Viso for describing network configuration. If you are network admin then you must know about it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •