|
On Tue, Oct 14, 2003 at 02:13:00PM +0100, paul.rogers@xxxxxxxxxx wrote:
> Horms
>
> Many thanks for your reply, and sorry for the delay in replying back.
>
> >I suspect the two most likely causes of this problem
> >are some nefilter rules that you don\'t know about
>
> How would I tell what netfilter rules are in place? Sorry, it\'s a
> very basic question I know.
Hehe, if you don't know what they are then you probably
aren't using them. Netfilter is the packetfiltering
infastructure in the linux kernel. It is usually accessed
using the iptables command.
> >or you aren\'t actually connecting to the box at all when you make
> >the inbound connections.
>
> >Try running tcpdump with the -e option to try and verify just which
> >machine you are making connections to.
>
> If I run ping from my webserver, that all works ok (IP 10.80.18.27) to
> the server with the problem (IP 10.80.18.207) and then run tcpdump -e
> host 10.80.18.207 I get the following output repeated over and over.
>
> 14:55:10.355955 0:50:4:67:ab:9b 0:6:5b:f6:63:73 ip 98: edm_bfhxx_fp002
> > 10.80.18.207: icmp: echo request (DF) 14:55:10.355955
> > 0:6:5b:f6:63:73 0:50:4:67:ab:9b ip 98: 10.80.18.207 >
> > edm_bfhxx_fp002: icmp: echo reply
>
> If I try the same exercise in the opposite direction I get the
> following output over and over again
>
> 13:39:32.000864 0:6:5b:f6:63:73 Broadcast arp 42: arp who-has
> 10.80.18.27 tell edm_bfhxx_wb005 13:39:33.000793 0:6:5b:f6:63:73
> Broadcast arp 42: arp who-has 10.80.18.27 tell edm_bfhxx_wb005
>
> Finally if I try tcpdump -e host 10.80.23.6 which is th machine i\'m
> connected via ssh, I get
>
>
> 13:42:30.161070 0:6:5b:f6:63:73 0:c0:9f:6:4d:1 ip 338:
> edm_bfhxx_wb005.ssh > 10.80.23.6.4325: P 69184:69468(284) ack 1 win
> 9648 (DF) [tos 0x10] 13:42:30.167807 0:c0:9f:6:4d:1 0:6:5b:f6:63:73 ip
> 74: 10.80.23.6.4325 > edm_bfhxx_wb005.ssh: P 1:21(20) ack 69468 win
> 17236 (DF)
>
> I think this means I\'m connected to the correct box but that the
> server is having problems with the IP address. Any thoughts on where
Yes, it does look like you are connected to the right machine
as the MAC addresses match up.
It looks like 10.80.18.207 is having trouble finding the
MAC address of other machines. More specifically it is
sending out arp requests but there are no replies. Thus
10.80.18.207 doesn't know which MAC address to use to send
packets to 10.80.18.27. Which would explain why not much happens.
This would effect all packets.
I am not sure why this would occur. Can you run tcpdump on
10.80.18.27 and verify that the arp requests are seen there too.
This thread is a bit off topic for this list so we should
probably take it offline. Feel free to email me personally
if you have more questions.
--
Horms
|
