Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
help! (routing question)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
methodtwo
Apprentice
Apprentice


Joined: 01 Feb 2008
Posts: 231

PostPosted: Tue Feb 01, 2011 5:11 pm    Post subject: help! (routing question) Reply with quote

Hi
I'm trying to configure a web server from another host on the same LAN, same subnet through a router. I can ping from the configuration host to the web server. but i can't ping from the web server to the host. i've never ever had this problem before. There are no port forwarding rules but i've tried adding a rule which says pass port 80 traffic to the web server. I know that such a rule isn't required though as there both on the same LAN. I have no idea what the heck is going on. I ran tcpdump but it just listed the ICMP echo requests which didn't get replied. This has never happened to me before.Thank you very much for any ideas.
Back to top
View user's profile Send private message
papahuhn
l33t
l33t


Joined: 06 Sep 2004
Posts: 623

PostPosted: Tue Feb 01, 2011 5:28 pm    Post subject: Reply with quote

What do you mean by same subnet trough a router? You have two devices in the same subnet and LAN, but route traffic through a third one?
_________________
Death by snoo-snoo!
Back to top
View user's profile Send private message
maxime1986
n00b
n00b


Joined: 23 Oct 2009
Posts: 74

PostPosted: Tue Feb 01, 2011 6:28 pm    Post subject: Reply with quote

It look like a firewall issue...

Did you try with firewall completely disabled ?
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2567

PostPosted: Tue Feb 01, 2011 6:48 pm    Post subject: Reply with quote

If you're talking about trying to use the router as an intermediate system, then I know what's going on.

Both your systems are on the same subnet. So even if you convince your system that it needs to go through the router, the remote system realizes you're on the local net and sends its responses straight back to your workstation directly. Your local system, however, is expecting a response from the router so it doesn't acknowledge the packets as valid and discards them.

<soapbox>
If this is what you're doing, stop it. There's no good reason to do that, and if you get it working you have a security problem that will come back to bite you later. If you want two separate networks, then configure your switch/router to use VLANs or string the wire and make two completely separate networks.
</soapbox>
Back to top
View user's profile Send private message
methodtwo
Apprentice
Apprentice


Joined: 01 Feb 2008
Posts: 231

PostPosted: Tue Feb 01, 2011 6:59 pm    Post subject: Reply with quote

Sorry i don't understand. What's wrong with talking to another machine on the LAN using a router?. Set up:
|config_host|-----------|router|------------|Web server|
Both machines talk to the Internet via the router. Both machines have I.Ps that start: 192.168.1.0/24
Back to top
View user's profile Send private message
methodtwo
Apprentice
Apprentice


Joined: 01 Feb 2008
Posts: 231

PostPosted: Tue Feb 01, 2011 7:02 pm    Post subject: Reply with quote

This is not how my network will be when i've set everything up. I'm just trying to configure the web server at the moment.
Back to top
View user's profile Send private message
papahuhn
l33t
l33t


Joined: 06 Sep 2004
Posts: 623

PostPosted: Tue Feb 01, 2011 7:21 pm    Post subject: Reply with quote

Could you post the interface settings and routing tables of both machines and the router, please?
_________________
Death by snoo-snoo!
Back to top
View user's profile Send private message
methodtwo
Apprentice
Apprentice


Joined: 01 Feb 2008
Posts: 231

PostPosted: Tue Feb 01, 2011 9:04 pm    Post subject: Reply with quote

The ifconfig -a and netstat -rn of the config host are:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 34:15:9e:2e:0b:ac
inet6 fe80::3615:9eff:fe2e:bac%en0 prefixlen 64 scopeid 0x4
inet 192.168.11.14 netmask 0xffffff00 broadcast 192.168.11.255
media: autoselect (1000baseT <full-duplex,flow-control>)
status: active
en1: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
ether 58:b0:35:68:09:a5
media: autoselect (<unknown type>)
status: inactive

And:
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.11.1 UGSc 1 0 en0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 0 0 lo0
169.254 link#4 UCS 0 0 en0
192.168.11 link#4 UCS 2 0 en0
192.168.11.1 0:24:a5:d7:cb:2a UHLWI 2 1 en0 1032
192.168.11.14 127.0.0.1 UHS 0 0 lo0



The ifconfig and netstat -rn on the web server are:
eth0 Link encap:Ethernet HWaddr 1C:6F:65:4D:48:1A
inet addr:192.168.11.33 Bcast:192.168.11.255 Mask:255.255.255.0
inet6 addr: fe80::1e6f:65ff:fe4d:481a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1880 (1.8 KiB) TX bytes:7202 (7.0 KiB)
Interrupt:50 Base address:0x4000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:588 (588.0 b) TX bytes:588 (588.0 b)

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

And the routing table on the web server(the output of netstat -rn didn't copy onto the usb stick(it's got no Xorg etc)) lists the correct defualt gateway(192.168.11.1) and it lists itself as the gateway to send packets bound for 192.168.11.0/24.
The routing table on the router is:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo

thank you very much for your assistance dude.
regards methodtwo
Back to top
View user's profile Send private message
methodtwo
Apprentice
Apprentice


Joined: 01 Feb 2008
Posts: 231

PostPosted: Tue Feb 01, 2011 9:07 pm    Post subject: Reply with quote

The routing table on the router is incomplete because i haven't yet got it to talk to the Internet. the router that talks to the net can't print it's routing table. It's a long story. Both routers are experiencing the same problem. Which leads me to think it's something wrong with the web server(i can ping from config host to server but not the other way round)
Back to top
View user's profile Send private message
papahuhn
l33t
l33t


Joined: 06 Sep 2004
Posts: 623

PostPosted: Tue Feb 01, 2011 10:21 pm    Post subject: Reply with quote

> and it lists itself as the gateway to send packets bound for 192.168.11.0/24.

Normally, it should list 0.0.0.0 as the router for its attached subnet. However, I don't think that this is the problem.
The router interface is bridging something; probably the config host broadcast domain and the webserver broadcast domain. If so, then this is not a routing issue.
You should check if the webserver receives arp replies from the config host by issuing an "arping 192.168.11.14" instead of a ping.
My wild guess is that there are some ARP filtering rules (ebtables or arptables, I'm not sure which one) on the router.
_________________
Death by snoo-snoo!
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2567

PostPosted: Tue Feb 01, 2011 11:55 pm    Post subject: Reply with quote

Let's start at the beginning, which would be the Internet connection.

I have the impression that this is a home system with a cable modem or DSL or similar. Just about every modern ISP in the USA uses DHCP to assign public addresses to the cable modem.

Here's what I do:

  1. Unplug absolutely every network cable, turn off unnecessary hardware.
  2. Hook up a simple, reliable system to the cable modem.
  3. Turn the cable modem on.
  4. Turn the workstation on.
  5. Connect to the cable modem in whatever way works.
  6. Make the cable modem work on the Internet. This includes routing, DNS, whatever. This almost always means you accept whatever DHCP information came from your ISP
  7. When your workstation is able to use the Internet normally, then pull the plug and hook in your router/switch and repeat.
  8. Router needs to have a compatible address from the modem, which is NOT in the DHCP pool provided by the cable modem.
  9. Now go back and configure each host independently.


IMO, everything that can possibly use an automatic configuration should do so. Obviously your web server needs a static. Chances are any workstations you have do not.

If you want to play with manual and nonstandard TCP/IP configuration, then get the system working correctly and in a standard way BEFORE you start messing with things. This way you know it worked before you started messing, which means the problem with a nonworking system is only what you did, not some other problem.
Back to top
View user's profile Send private message
AngelKnight
Tux's lil' helper
Tux's lil' helper


Joined: 14 Jan 2003
Posts: 126

PostPosted: Wed Feb 02, 2011 4:05 am    Post subject: Reply with quote

methodtwo wrote:
The ifconfig -a and netstat -rn of the config host are:

Code:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
   inet 127.0.0.1 netmask 0xff000000
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
   ether 34:15:9e:2e:0b:ac
   inet6 fe80::3615:9eff:fe2e:bac%en0 prefixlen 64 scopeid 0x4
   inet 192.168.11.14 netmask 0xffffff00 broadcast 192.168.11.255
   media: autoselect (1000baseT <full-duplex,flow-control>)
   status: active
en1: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
   ether 58:b0:35:68:09:a5
   media: autoselect (<unknown type>)
   status: inactive


And:
Code:

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.11.1       UGSc            1        0     en0
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH              0        0     lo0
169.254            link#4             UCS             0        0     en0
192.168.11         link#4             UCS             2        0     en0
192.168.11.1       0:24:a5:d7:cb:2a   UHLWI           2        1     en0   1032
192.168.11.14      127.0.0.1          UHS             0        0     lo0



The ifconfig and netstat -rn on the web server are:
Code:

eth0      Link encap:Ethernet  HWaddr 1C:6F:65:4D:48:1A 
          inet addr:192.168.11.33  Bcast:192.168.11.255  Mask:255.255.255.0
          inet6 addr: fe80::1e6f:65ff:fe4d:481a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1880 (1.8 KiB)  TX bytes:7202 (7.0 KiB)
          Interrupt:50 Base address:0x4000

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:588 (588.0 b)  TX bytes:588 (588.0 b)

sit0      Link encap:IPv6-in-IPv4 
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)


And the routing table on the web server(the output of netstat -rn didn't copy onto the usb stick(it's got no Xorg etc)) lists the correct defualt gateway(192.168.11.1) and it lists itself as the gateway to send packets bound for 192.168.11.0/24.

Code:

The routing table on the router is:
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.11.0    0.0.0.0         255.255.255.0   U         0 0          0 br0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 br0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo


thank you very much for your assistance dude.
regards methodtwo


Hiyas,

So looks a lot like your router is actually using bridging? (br0) You have the config host plugged into 1 ethernet interface on the router, the web host on another ethernet interface, and you've set it up for bridging?

In that case... I'd check to make sure that the bridging is really working correctly. The output of "/sbin/brctl show" would be useful here. Also let us know if you can ping both hosts from the router (I suspect you can, but I need to ask).
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum