Suse Routing Question

[rxwhore]

Background first... I am running suse 10.3 on a small cluster of boxes. All of the boxes sit behind a firewall (10.1.1.1). Two servers sit directly behind the firewall (10.1.1.20-21). Along with that, a load balancer sits behind the firewall (10.1.1.5) and three other boxes site behind that (10.1.1.50-52).

On 10.1.1.20-21, the default gateway is 10.1.1.1 and on 10.1.1.50-52 the default gateway for those is 10.1.1.5. The issue is when these boxes try to communicate with each other. We get connection that seem to be randomly closed. I remember having a similar issue where the suse firewall was giving an error and someone told be that my routes were bad, so I am wondering if that is the same. How can I get the traffic to route correctly?

Thanks
Al

[fkarimou]

May I ask you why are you giving the load balancer's IP as a gateway for your 10.1.1.50-52 boxes ?

[rxwhore]

Well, we started using the IP of the firewall (10.1.1.1) as the default route but it would never return. One of the network guys there suggested that packet arriving from the 10.1.1.5 load balancer could not go out using 10.1.1.1 for some reason. We were seeing message in the firewall and the client would never return anything. Once I switched it back to 10.1.1.5 rom 50-52 I was able to send traffic back through the load balancer. Does that make sense?

[HROAdmin26]

Ditto what fkarimou said...

You have all of these machines using a subnet that a routing table would list as all being connected together. But physically, you have machines behind a balancer that is separating these into different networks.

Thus, your connections don't work as expected.

PS: You cannot describe a network segment without specifying the network IP *and it's subnet mask/length.* You haven't listed this, but I am assuming you are using a /24 length.

[rxwhore]

Physically, all of the servers are connected to the same switch, they just have different default routes as I put above. So, the 10.1.1.20 with 10.1.1.1 is connected to the same switch on the same subnet as 10.1.1.50 with 10.1.1.5. I am (obviously) horrible with routing, so I don't understand the PS you posted about network segments. Is there something that I could post that would help identify what I am doing there?

Thanks!

[HROAdmin26]

I don't understand how you expect to troubleshoot and fix a networking issue without any knowledge of networking? This is not a knock on you, just a statement of fact.

This setup does not make any sense to me at all. But, if this is the setup, then I can understand *why* the 50-52 machines cannot use the 10.1.1.1 gateway.

You should still post the subnet mask - ifconfig on everything machine should have the same subnet mask - like 255.255.255.0 or similar.

If all of these machines are on the same physical switch (and no VLAN's configured), then the gateway for all the machines should be 10.1.1.1 and the firewall on the gateway should be changed to allow 50-52 and .5 machines to initiate connections going out. Although that still may have issues.

My own .02 is that this load balancer is not implemented correctly and that is what is causing the problem.

PS. What *would* make sense to me is if 10.1.1.5 had 2 NIC's, and the 2ND NIC goes to another switch with just the 50-52 machines attached. (And this would mean different subnet would be used on the 50-52 machines.) Or this could be done with VLAN's on a single managed switch.