Results 1 to 10 of 10

Thread: Can ping SLES11 Server

Hybrid View

  1. #1

    Can ping SLES11 Server

    I have a new SLES11 server built at a branch 1.

    I can ping anything inside the branch from the server and everything at other branches as well. Can also access internet

    I go to another branch, lets say branch 2. I can't ping this server at branch 1 but can ping everything else at branch 1.

  2. Re: Can ping SLES11 Server

    Hi nix34,

    Quote Originally Posted by nix34 View Post
    I have a new SLES11 server built at a branch 1.

    I can ping anything inside the branch from the server and everything at other branches as well. Can also access internet

    I go to another branch, lets say branch 2. I can't ping this server at branch 1 but can ping everything else at branch 1.
    sounds like that new server does not have a proper default route set up.

    Regards,
    Jens

  3. Re: Can ping SLES11 Server

    Hi nix34,

    answered too quickly - I mis-read your second line (I somehow read the "others" at branch1 can reach anything else, too).

    Can you verify that the new server at branch1 receives the icmp echo requests from branch2? If yes, how/where are the replies sent? You can use "tcpdump -nvv icmp" on server at branch1 to trace the ICMP (echo request/response, AKA "ping") packets.

    Regards,
    Jens

  4. #4

    Re: Can ping SLES11 Server

    Basically trying to set up VNC so the helpdesk can access server. For example: http:\\server name or IP:5801 When trying this, it failed

    When we tried to ping the server, that failed. However, when we were pinging pc's, laptops, printers, switches, routers at that locaiton, we can ping those devices without any problems. What was missed when installing SLES11?

    Now, when we visit the site, we CAN ping the server since we are there locally.

  5. Re: Can ping SLES11 Server

    Hi nix34,

    unfortunately, you did not provide information on the ICMP packets, as seen from the new server. Could you please run the tcpdump and report back the results?

    *If* the new server receives the ICMP echo requests ("ping" requests), then please include the interface IP setup and routing table of the new server, per c&p of the according commands.

    Regards,
    Jens

  6. #6

    Re: Can ping SLES11 Server

    jmozdzen wrote:

    > sounds like that new server does not have a proper default route set
    > up.


    .... or has an incorrect network mask set.

    HTH.
    --
    Simon
    SUSE Knowledge Partner

  7. Re: Can ping SLES11 Server

    Hi Simon,

    Quote Originally Posted by smflood View Post
    jmozdzen wrote:

    > sounds like that new server does not have a proper default route set
    > up.


    .... or has an incorrect network mask set.

    HTH.
    --
    Simon
    SUSE Knowledge Partner
    then it'd be astonishing that the new server can ping everything at other branches. OTOH, it may not have been fully tested, that's why I'm after the c&p of the interface config.

    Regards,
    Jens

  8. #8

    Re: Can ping SLES11 Server

    nix34 wrote:

    > I go to another branch, lets say branch 2. I can't ping this server
    > at branch 1 but can ping everything else at branch 1.


    Is your firewall running?

    Check /etc/sysconfig/SuSEfirewall2. There you can specify what type of
    access is allowed. For example:


    > # 9.)
    > # Which TCP services _on the firewall_ should be accessible from
    > # untrusted networks?
    > #
    > # Enter all ports or known portnames below, seperated by a space.
    > # TCP services (e.g. SMTP, WWW) must be set in FW_SERVICES_*_TCP, and
    > # UDP services (e.g. syslog) must be set in FW_SERVICES_*_UDP.
    > # e.g. if a webserver on the firewall should be accessible from the
    > internet:
    > # FW_SERVICES_EXT_TCP="www"


    and

    > # 10.)
    > # Which services should be accessible from 'trusted' hosts or nets?
    > #
    > # Define trusted hosts or networks (doesn't matter whether they are
    > internal or
    > # external) and the services (tcp,udp,icmp) they are allowed to use.
    > This can
    > # be used instead of FW_SERVICES_* for further access restriction.
    > Please note
    > # that this is no replacement for authentication since IP addresses
    > can be
    > # spoofed. Also note that trusted hosts/nets are not allowed to ping
    > the
    > # firewall until you also permit icmp.
    > #
    > # Format: space separated list of network[,protocol[,port]]
    > # in case of icmp, port means the icmp type
    > #
    > # Example: "172.20.1.1 172.20.0.0/16 1.1.1.1,icmp 2.2.2.2,tcp,22"




    --
    Kevin Boyle - Knowledge Partner
    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  9. #9

    Re: Can ping SLES11 Server

    No firewall is on


    Quote Originally Posted by KBOYLE View Post
    nix34 wrote:

    > I go to another branch, lets say branch 2. I can't ping this server
    > at branch 1 but can ping everything else at branch 1.


    Is your firewall running?

    Check /etc/sysconfig/SuSEfirewall2. There you can specify what type of
    access is allowed. For example:


    > # 9.)
    > # Which TCP services _on the firewall_ should be accessible from
    > # untrusted networks?
    > #
    > # Enter all ports or known portnames below, seperated by a space.
    > # TCP services (e.g. SMTP, WWW) must be set in FW_SERVICES_*_TCP, and
    > # UDP services (e.g. syslog) must be set in FW_SERVICES_*_UDP.
    > # e.g. if a webserver on the firewall should be accessible from the
    > internet:
    > # FW_SERVICES_EXT_TCP="www"


    and

    > # 10.)
    > # Which services should be accessible from 'trusted' hosts or nets?
    > #
    > # Define trusted hosts or networks (doesn't matter whether they are
    > internal or
    > # external) and the services (tcp,udp,icmp) they are allowed to use.
    > This can
    > # be used instead of FW_SERVICES_* for further access restriction.
    > Please note
    > # that this is no replacement for authentication since IP addresses
    > can be
    > # spoofed. Also note that trusted hosts/nets are not allowed to ping
    > the
    > # firewall until you also permit icmp.
    > #
    > # Format: space separated list of network[,protocol[,port]]
    > # in case of icmp, port means the icmp type
    > #
    > # Example: "172.20.1.1 172.20.0.0/16 1.1.1.1,icmp 2.2.2.2,tcp,22"




    --
    Kevin Boyle - Knowledge Partner
    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  10. #10

    Re: Can ping SLES11 Server

    nix34 wrote:

    >
    > No firewall is on
    >


    How is your network at branch 1 configured?

    1. This new server connects to the Internet via a separate router...

    or

    2. This new server is your gateway to the Internet. It has one
    interface connected to the external network (Internet) and another
    interface connected to the internal network.

    As Jens already mentioned, the first step is to confirm that the ICMP
    echo request (ping) actually reaches the server. The next step is to
    determine whether a response is sent and what happens to it. If the
    default route is incorrect, the response may never be returned to the
    host that issues the ICMP echo request. If you're using
    nat/masquerading and it is misconfigured, the response may very well be
    sent but it may appear to be from a different device and not recognised
    as a valid reply to the ICMP echo request.

    --
    Kevin Boyle - Knowledge Partner
    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •