[CentOS] Not firewall, but what?

[Jussi Hirvi]

On 11.5.2010 18.36, Gordon Messmer wrote:
> That's odd.  Is there any output on that host from "ip rule show"?  What
> about:
>
> # ip rule show
> # ip rule show | awk '{print $NF}' | sort | uniq | \
>     while read table ; do echo ; echo "  $table" ;
>     ip route show table "$table" ; done

Interesting commands, and revealing, it seems to me.

Here's the results, first from a "healthy" (non-xen) host ("ordinary" 
(?) CentOS 5.4 with two nics, each connecting to their own public 
network segment:

[root at mail ~]# ip rule show
0:      from all lookup 255
500:    from 62.236.221.70 lookup 2
600:    from 62.220.237.110 lookup 1
32766:  from all lookup main
32767:  from all lookup default


[root at mail ~]# ip rule show | awk '{print $NF}' | sort | uniq | \
 >    while read table ; do echo ; echo "  $table" ;
 >    ip route show table "$table" ; done

   1
default via 62.220.237.126 dev eth0

   2
default via 62.236.221.65 dev eth1

   255
broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1
local 62.236.221.70 dev eth1  proto kernel  scope host  src 62.236.221.70
broadcast 62.220.237.127 dev eth0  proto kernel  scope link  src 
62.220.237.110
broadcast 62.236.221.64 dev eth1  proto kernel  scope link  src 
62.236.221.70
local 62.220.237.110 dev eth0  proto kernel  scope host  src 62.220.237.110
local 192.168.122.1 dev virbr0  proto kernel  scope host  src 192.168.122.1
broadcast 62.236.221.79 dev eth1  proto kernel  scope link  src 
62.236.221.70
broadcast 62.220.237.96 dev eth0  proto kernel  scope link  src 
62.220.237.110
broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1

   default

   main
62.236.221.64/28 dev eth1  proto kernel  scope link  src 62.236.221.70
62.220.237.96/27 dev eth0  proto kernel  scope link  src 62.220.237.110
169.254.0.0/16 dev eth1  scope link
default via 62.236.221.65 dev eth1
[root at mail ~]#


Now the "sick" host, the CentOS 5.4 xen box (dom0)  with two nics, each 
connecting to their own public network segment (there should be 
something more in "ip rule show", right?):

[root at farm1 ~]# ip rule show
0:      from all lookup 255
32766:  from all lookup main
32767:  from all lookup default


[root at farm1 ~]# ip rule show | awk '{print $NF}' | sort | uniq | \
 >    while read table ; do echo ; echo "  $table" ;
 >    ip route show table "$table" ; done

   255
broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1
local 62.220.237.104 dev eth1  proto kernel  scope host  src 62.220.237.104
broadcast 62.220.237.127 dev eth1  proto kernel  scope link  src 
62.220.237.104
broadcast 62.236.221.64 dev eth0  proto kernel  scope link  src 
62.236.221.67
local 192.168.122.1 dev virbr0  proto kernel  scope host  src 192.168.122.1
local 62.236.221.67 dev eth0  proto kernel  scope host  src 62.236.221.67
broadcast 192.168.122.0 dev virbr0  proto kernel  scope link  src 
192.168.122.1
broadcast 62.236.221.79 dev eth0  proto kernel  scope link  src 
62.236.221.67
broadcast 62.220.237.96 dev eth1  proto kernel  scope link  src 
62.220.237.104
broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1
broadcast 192.168.122.255 dev virbr0  proto kernel  scope link  src 
192.168.122.1
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1

   default

   main
62.236.221.64/28 dev eth0  proto kernel  scope link  src 62.236.221.67
62.220.237.96/27 dev eth1  proto kernel  scope link  src 62.220.237.104
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1
169.254.0.0/16 dev eth1  scope link
default via 62.220.237.126 dev eth1
[root at farm1 ~]#

- Jussi

-- 
Jussi Hirvi * Green Spot
Topeliuksenkatu 15 C * 00250 Helsinki * Finland
Tel. +358 9 493 981 * Mobile +358 40 771 2098 (only sms)
jussi.hirvi at greenspot.fi * http://www.greenspot.fi