I am unable to ping NE.TW.RKB.IP1 from an outside network. Other machines which do not have access or routes for NET.WOR.KA.0 respond just fine.
How do I get it to respond on both NET.WOR.KA.0 and NE.TW.RKB.0 given all default traffic should go through NET.WOR.KA.1 unless it is in reply to traffic from NE.TW.RKB.1 or there is an outage.
[root@host20 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface NET.WOR.KA.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 NET.WOR.KA.1 0.0.0.0 UG 0 0 0 eth1 0.0.0.0 NE.TW.RKB.1 0.0.0.0 UG 20 0 0 eth0
[root@host20 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:NE.TW.RKB.IP1 Bcast:NE.TW.RKB.255 Mask:255.255.255.0 eth0:pn Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr 00:01:03:E9:42:D0 inet addr:NET.WOR.KA.IP2 Bcast:NET.WOR.KA.255 Mask:255.255.255.0 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0
TIA
-jason
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Sr. Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited.
Jason Pyeron wrote:
I am unable to ping NE.TW.RKB.IP1 from an outside network. Other machines which do not have access or routes for NET.WOR.KA.0 respond just fine.
How do I get it to respond on both NET.WOR.KA.0 and NE.TW.RKB.0 given all default traffic should go through NET.WOR.KA.1 unless it is in reply to traffic from NE.TW.RKB.1 or there is an outage.
[root@host20 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface NET.WOR.KA.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 NET.WOR.KA.1 0.0.0.0 UG 0 0 0 eth1 0.0.0.0 NE.TW.RKB.1 0.0.0.0 UG 20 0 0 eth0
[root@host20 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:NE.TW.RKB.IP1 Bcast:NE.TW.RKB.255 Mask:255.255.255.0 eth0:pn Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr 00:01:03:E9:42:D0 inet addr:NET.WOR.KA.IP2 Bcast:NET.WOR.KA.255 Mask:255.255.255.0 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0
You can have only 1 default route.
You can use RIP or some other routing protocol to advertise defualt routes to the host from the gateways based upon route availability or weight, or you can deploy reverse NAT'ing on the gateways so external IPs will be masqueraded as the internal IP of the gateway and thus be routed to the appropriate gateway based on which IP they arrived on.
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Ross S. W. Walker Sent: Tuesday, January 29, 2008 17:38 To: CentOS mailing list Subject: RE: [CentOS] Network routes
Jason Pyeron wrote:
I am unable to ping NE.TW.RKB.IP1 from an outside network. Other machines which do not have access or routes for NET.WOR.KA.0 respond
just fine.
How do I get it to respond on both NET.WOR.KA.0 and NE.TW.RKB.0 given all default traffic should go through NET.WOR.KA.1 unless it is in reply to traffic from NE.TW.RKB.1 or there is an outage.
[root@host20 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface NET.WOR.KA.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 NET.WOR.KA.1 0.0.0.0 UG 0 0 0 eth1 0.0.0.0 NE.TW.RKB.1 0.0.0.0 UG 20 0 0 eth0
[root@host20 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:NE.TW.RKB.IP1 Bcast:NE.TW.RKB.255 Mask:255.255.255.0 eth0:pn Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr 00:01:03:E9:42:D0 inet addr:NET.WOR.KA.IP2 Bcast:NET.WOR.KA.255 Mask:255.255.255.0 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0
You can have only 1 default route.
You can use RIP or some other routing protocol to advertise defualt routes to the host from the gateways based upon route availability or weight, or you can deploy reverse NAT'ing on the gateways so external IPs will be masqueraded as the internal IP of the gateway and thus be routed to the appropriate gateway based on which IP they arrived on.
-Ross
But I have 2 physical network cards, on 2 different networks. Should they not both have default routes?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Sr. Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited.
on 1/29/2008 2:53 PM Jason Pyeron spake the following:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Ross S. W. Walker Sent: Tuesday, January 29, 2008 17:38 To: CentOS mailing list Subject: RE: [CentOS] Network routes
Jason Pyeron wrote:
I am unable to ping NE.TW.RKB.IP1 from an outside network. Other machines which do not have access or routes for NET.WOR.KA.0 respond
just fine.
How do I get it to respond on both NET.WOR.KA.0 and NE.TW.RKB.0 given all default traffic should go through NET.WOR.KA.1 unless it is in reply to traffic from NE.TW.RKB.1 or there is an outage.
[root@host20 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface NET.WOR.KA.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 NET.WOR.KA.1 0.0.0.0 UG 0 0 0 eth1 0.0.0.0 NE.TW.RKB.1 0.0.0.0 UG 20 0 0 eth0
[root@host20 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:NE.TW.RKB.IP1 Bcast:NE.TW.RKB.255 Mask:255.255.255.0 eth0:pn Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr 00:01:03:E9:42:D0 inet addr:NET.WOR.KA.IP2 Bcast:NET.WOR.KA.255 Mask:255.255.255.0 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0
You can have only 1 default route.
You can use RIP or some other routing protocol to advertise defualt routes to the host from the gateways based upon route availability or weight, or you can deploy reverse NAT'ing on the gateways so external IPs will be masqueraded as the internal IP of the gateway and thus be routed to the appropriate gateway based on which IP they arrived on.
-Ross
But I have 2 physical network cards, on 2 different networks. Should they not both have default routes?
You would think so, but it will confuse the system so bad that traffic won't know where to go. The default route is the route that packets need to take to leave your network to enter the outside world. Every thing under your control should have static routes of some kind, or a routing daemon.
Jason Pyeron wrote:
I am unable to ping NE.TW.RKB.IP1 from an outside network. Other machines which do not have access or routes for NET.WOR.KA.0 respond just fine.
How do I get it to respond on both NET.WOR.KA.0 and NE.TW.RKB.0 given all default traffic should go through NET.WOR.KA.1 unless it is in reply to traffic from NE.TW.KB.1 or there is an outage.
You probably want to remove the default route through NE.TW.KB.1 and add routes for the specific networks that you can reach though it. Normally routing is done toward a destination network/address without regard to the route of a packet you might be replying to. As for an 'outage', how do you define/detect the outage? Normally if you want routes to be determined dynamically you would set up a routing protocol with the next-hop routers - or for simple failover the alternative gateway routers might be configured via hsrp or vrrp to have a floating IP address that the rest of the LAN uses as the default gateway address.
[root@host20 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface NET.WOR.KA.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 NET.WOR.KA.1 0.0.0.0 UG 0 0 0 eth1 0.0.0.0 NE.TW.RKB.1 0.0.0.0 UG 20 0 0 eth0
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Les Mikesell Sent: Tuesday, January 29, 2008 18:25 To: CentOS mailing list Subject: Re: [CentOS] Network routes
You probably want to remove the default route through NE.TW.KB.1 and add routes for the specific networks that you can reach though it. Normally routing is done toward a destination network/address
without
regard to the route of a packet you might be replying to. As for an 'outage', how do you define/detect the outage? Normally if you want
routes to be
determined dynamically you would set up a routing protocol with the next-hop routers - or for simple failover the alternative gateway routers might be configured via hsrp or vrrp to have a floating IP address that the rest of the LAN uses as the default gateway address.
Droping the failover requirements, pings still do not respond off the local subnet.
[root@host20 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface NET.WOR.KA.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 NET.WOR.KA.1 0.0.0.0 UG 0 0 0 eth1
[root@host20 ~]# tcpdump -n 'icmp[0] = 8 or icmp[0] = 0' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 20:27:02.789177 IP 192.168.1.114 > 192.168.1.20: icmp 64: echo request seq 0 20:27:02.789277 IP 192.168.1.20 > 192.168.1.114: icmp 64: echo reply seq 0 20:27:03.786470 IP 192.168.1.114 > 192.168.1.20: icmp 64: echo request seq 256 20:27:03.786509 IP 192.168.1.20 > 192.168.1.114: icmp 64: echo reply seq 256 20:27:04.778574 IP 192.168.1.114 > 192.168.1.20: icmp 64: echo request seq 512 20:27:04.778612 IP 192.168.1.20 > 192.168.1.114: icmp 64: echo reply seq 512 20:27:05.778262 IP 192.168.1.114 > 192.168.1.20: icmp 64: echo request seq 768 20:27:05.778299 IP 192.168.1.20 > 192.168.1.114: icmp 64: echo reply seq 768 20:27:08.032006 IP CO.MC.A.ST > NE.TW.RKB.IP1: icmp 64: echo request seq 0 20:27:09.026055 IP CO.MC.A.ST > NE.TW.RKB.IP1: icmp 64: echo request seq 256 20:27:10.032333 IP CO.MC.A.ST > NE.TW.RKB.IP1: icmp 64: echo request seq 512 20:27:11.025881 IP CO.MC.A.ST > NE.TW.RKB.IP1: icmp 64: echo request seq 768 20:27:13.022155 IP CO.MC.A.ST > NE.TW.RKB.IP1: icmp 64: echo request seq 1280
13 packets captured 13 packets received by filter 0 packets dropped by kernel
Why are there no replies being sent?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Sr. Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited.
on 1/29/2008 5:24 PM Jason Pyeron spake the following:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Les Mikesell Sent: Tuesday, January 29, 2008 18:25 To: CentOS mailing list Subject: Re: [CentOS] Network routes
You probably want to remove the default route through NE.TW.KB.1 and add routes for the specific networks that you can reach though it. Normally routing is done toward a destination network/address
without
regard to the route of a packet you might be replying to. As for an 'outage', how do you define/detect the outage? Normally if you want
routes to be
determined dynamically you would set up a routing protocol with the next-hop routers - or for simple failover the alternative gateway routers might be configured via hsrp or vrrp to have a floating IP address that the rest of the LAN uses as the default gateway address.
Droping the failover requirements, pings still do not respond off the local subnet.
[root@host20 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface NET.WOR.KA.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 NET.WOR.KA.1 0.0.0.0 UG 0 0 0 eth1
But none of the destinations have a gateway address. So all of the traffic is trying to go from every interface to the default gateway. Do both interfaces go out the same router? As an example in my system, I have a local interface and a wan interface. Only the wan interface needs to use the default route, as it is the only interface that talks to the outside world. But my internal interface has routes to other private networks through IPSec tunnels on other routers.
So the internal interface has multiple routes and each has a gateway address of the router that handles that route.
Are your network-a and network-b addresses actually public addresses or rfc-1918 private addresses?
It took me a while to get mine right, so don't feel bad.
[root@host20 ~]# tcpdump -n 'icmp[0] = 8 or icmp[0] = 0' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 20:27:02.789177 IP 192.168.1.114 > 192.168.1.20: icmp 64: echo request seq 0 20:27:02.789277 IP 192.168.1.20 > 192.168.1.114: icmp 64: echo reply seq 0 20:27:03.786470 IP 192.168.1.114 > 192.168.1.20: icmp 64: echo request seq 256 20:27:03.786509 IP 192.168.1.20 > 192.168.1.114: icmp 64: echo reply seq 256 20:27:04.778574 IP 192.168.1.114 > 192.168.1.20: icmp 64: echo request seq 512 20:27:04.778612 IP 192.168.1.20 > 192.168.1.114: icmp 64: echo reply seq 512 20:27:05.778262 IP 192.168.1.114 > 192.168.1.20: icmp 64: echo request seq 768 20:27:05.778299 IP 192.168.1.20 > 192.168.1.114: icmp 64: echo reply seq 768 20:27:08.032006 IP CO.MC.A.ST > NE.TW.RKB.IP1: icmp 64: echo request seq 0 20:27:09.026055 IP CO.MC.A.ST > NE.TW.RKB.IP1: icmp 64: echo request seq 256 20:27:10.032333 IP CO.MC.A.ST > NE.TW.RKB.IP1: icmp 64: echo request seq 512 20:27:11.025881 IP CO.MC.A.ST > NE.TW.RKB.IP1: icmp 64: echo request seq 768 20:27:13.022155 IP CO.MC.A.ST > NE.TW.RKB.IP1: icmp 64: echo request seq 1280
13 packets captured 13 packets received by filter 0 packets dropped by kernel
Why are there no replies being sent?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-- Jason Pyeron PD Inc. http://www.pdinc.us -
- Sr. Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Scott Silva Sent: Wednesday, January 30, 2008 12:30 To: centos@centos.org Subject: [CentOS] Re: Network routes
on 1/29/2008 5:24 PM Jason Pyeron spake the following:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Les Mikesell Sent: Tuesday, January 29, 2008 18:25 To: CentOS mailing list Subject: Re: [CentOS] Network routes
You probably want to remove the default route through
NE.TW.KB.1 and add
routes for the specific networks that you can reach though it. Normally routing is done toward a destination network/address
without
regard to the route of a packet you might be replying to.
As for an
'outage', how do you define/detect the outage? Normally
if you want
routes to be
determined dynamically you would set up a routing protocol
with the
next-hop routers - or for simple failover the alternative gateway routers might be configured via hsrp or vrrp to have a floating IP address that the rest of the LAN uses as the default
gateway address.
Droping the failover requirements, pings still do not
respond off the local
subnet.
[root@host20 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags
Metric Ref Use
Iface NET.WOR.KA.0 0.0.0.0 255.255.255.0 U 0
0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0
0 0 eth0
NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0
0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0
0 0 eth1
0.0.0.0 NET.WOR.KA.1 0.0.0.0 UG 0
0 0 eth1
But none of the destinations have a gateway address. So all of the traffic is trying to go from every interface to the default gateway. Do both interfaces go out the same router? As an example in my system, I have a local interface and a wan interface. Only the wan interface needs to use the default route, as it is the only interface that talks to the outside world. But my internal interface has routes to other private networks through IPSec tunnels on other routers.
So the internal interface has multiple routes and each has a gateway address of the router that handles that route.
Are your network-a and network-b addresses actually public addresses or rfc-1918 private addresses?
Public.
BTW thank you all for the help so far.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Sr. Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited.
-
Jason Pyeron -
Les Mikesell -
Ross S. W. Walker -
Scott Silva