Results 1 to 8 of 8

Thread: Multi-homed SLES11 Server

Hybrid View

  1. Multi-homed SLES11 Server

    I originally posted this on the sonicwall forum but the more I think about this the more I am lead to believe this is a multi-homed issue.
    SLES11 SP1. Heres the problem (stay with me, you will see why I posted here):
    site to site VPN (sonicwall 192.168.123.x to pix 192.168.143.x). From the 192.168.143.x side, i need to get to 192.168.123.4; cannot ping this ip, cannot access any resources on this 1 ip. All other ip's on the 192.168.123.x side are reachable and working fine (single NIC configured). Here is what i am seeing on the sonicwall logs when accessing 192.168.123.4 from 192.168.143.x:
    Code:
    04/27/2012 08:27:07.320 Notice Network Access TCP handshake violation detected; TCP connection dropped 192.168.143.x, 3537, WAN 192.168.123.4, 80, LAN Handshake Timeout

    Also, can not reach the 192.168.143.x single address from 192.168.123.x single address:
    Code:
    04/27/2012 08:43:08.576 Info Network Access ICMP packet from LAN allowed 192.168.124.3, 13927, OPT 192.168.143.x, 8, WAN ICMP Echo, Code: 0

    As i look at this log from 192.168.123.x single address, notice he ping comes from 192.168.124 NIC? it appears that it may be making it to the 192.168.143.x single address, the ping is not making it back to the 192.168.123.x single address. This is a multi-NIC server and this ping originates from the OPT side, which also may be a reason the ping is not making it back. Could this be the problem (multi-NIC server)? The 192.168.123 NIC does not have a gateway set: the 192.168.124 NIC does have a default gateway.
    Can anyone help me configure the default gateway for the 192.168.123 network?

  2. Re: Multi-homed SLES11 Server

    Quote Originally Posted by carnold6 View Post
    This is a multi-NIC server and this ping originates from the OPT side, which also may be a reason the ping is not making it back. Could this be the problem (multi-NIC server)? The 192.168.123 NIC does not have a gateway set: the 192.168.124 NIC does have a default gateway.
    Can anyone help me configure the default gateway for the 192.168.123 network?
    I am fairly certain this is a route issue due to multi-homed server. I changed the default gateway to 192.168.123.x's gateway and stuff on the other side of the VPN started working. But now, email does not work. So, until i find out how to add a second gateway, i changed back to 192.168.124.x's gateway. IProute2 is installed and i have found this but the ip route add 192.168.124.0/24 dev eth1 src 192.168.124.2 table admin returns RTNETLINK answers: invalid argument
    So clearly i do not know the correct command to run to add a second gateway.

  3. Re: Multi-homed SLES11 Server

    Quote Originally Posted by carnold6 View Post
    i have found this but the ip route add 192.168.124.0/24 dev eth1 src 192.168.124.2 table admin returns RTNETLINK answers: invalid argument
    So clearly i do not know the correct command to run to add a second gateway.
    That is because that was the wrong src !!!! What can I say, it was late here...
    Anyway, after typing in the right ip route command and adding rules, that link solved my problem.

  4. Re: Multi-homed SLES11 Server

    On a reboot, the ip route/rules disappear. Anyway to "hard-code" these in so they don't go away after a server reboot?

  5. #5
    ab NNTP User

    Re: Multi-homed SLES11 Server

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I do not know if there is a way to do this with the YaST/sysconfig
    route, but if nothing else you could create a startup script that runs
    the commands again... an after.local file or something symlinked from
    /etc/init.d/rc3.d or something. None of the network settings, other
    than those in YaST or equivalent, will be persistent from one boot to
    another.

    Good luck.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.18 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJPnuYPAAoJEF+XTK08PnB5iQ4P/12qC1EZD9pnKuBD4Uer60iU
    cTA7mxaan8a+oxtkspfQeNM8rfnCn0pr+NgT3CkReBQY46OkFR Bgw952bP49ywDn
    +/fJeKmSI6+WHhra+kD5YUO/+MDmbZc9CMTU1X91UBlGOE2l70OuuKsALF5Wcdbg
    xNyOWLfHAFK0zQy4CHIakWr/2CZLlekHFfiitBbN8h9ERCcDhb01xPZkY0Mdydgr
    w6p5dLk64NUeU1Hv3ukrkJ7eeaSXuLTWvf8ohvjvhLDCQFSoBn dw5KOVekZTnDfO
    xezfYDiydt6Ai9TayHm7swGsHRW46GjDP6Ej49DD15WtTUI2h1 kzduMXxJz//LIq
    0ERg7yYH2puLlcw2J2d/mfyPyQmX+ToLKg53olFwx5w7xaQryeN2ZD40VrGcPckv
    n5FTIN5PInt79KV61w3fPDvwDLjMyGp+7NMexKqYFevGNaZdvd IjIO6odN9DHyHg
    BmbSEKLbxOX1B28GNjTXslgmtd1xGiS+cq/QeORfRaU77+8U/j51M0F9Nf5j3wmn
    OhzHKQP5n7Y8u2nbHTtuq3OpdMFnaATHielNKWDOg0+EYJvJS6 DOPoAJVpvu850A
    FqcfatGoaJGp6dY1QbeIsRm+GHswVUHmHLT0EQg1v3oi5bSu8n 8+k6o+yc1RzJ+7
    7gDocjJA2W316Vh3NVBP
    =h72T
    -----END PGP SIGNATURE-----

  6. #6

    Re: Multi-homed SLES11 Server

    @carnold6: you can persist settings in several ways.
    ifcfg-<nic>: you can add a PRE_UP_SCRIPT, POST_UP_SCRIPT etc... entry to the individual ifcfg-files. The scripts invoked here are usually located in /etc/sysconfig/network/scripts
    /etc/sysconfig/network/config - for a global configuration, you can use the entries in this file:
    GLOBAL_POST_UP_EXEC="yes" , GLOBAL_PRE_DOWN_EXEC="yes" which run the scripts in /etc/sysconfig/network/if-up.d and if-down.d
    For firewall scripts/settings, check the FW_CUSTOMRULES="" line in /etc/sysconfig/SuSEfirewall2 which is usually /etc/sysconfig/scripts/SuSEfirewall2-custom .
    HTH

  7. #7

    Re: Multi-homed SLES11 Server

    Quote Originally Posted by ab View Post
    I do not know if there is a way to do this with the YaST/sysconfig route
    Yes, this should be possible within YaST's Network (lan) module, at least in SLES 11 it is. Just head to the Routes TAB and add the needed routes in the section right under the default route. The will be persistent and also become more "portable" as in the sense that the routes will be added in the same place the network configuration is found: /etc/sysconfig/network... I believe in the routes file. When you have configured one servers routes, just copy that file over to another servers /etc/sysconfig/network and restart the network services to make the new route effective (assuming the needed routes, including default route, are the same for the other server).

    Cheers,
    Willem
    Knowledge Partner (voluntary sysop)
    ---
    If you find a post helpful and are logged into the web interface,
    please show your appreciation and click on the star below it. Thanks!

  8. Re: Multi-homed SLES11 Server

    Quote Originally Posted by Magic31 View Post
    Yes, this should be possible within YaST's Network (lan) module, at least in SLES 11 it is. Just head to the Routes TAB and add the needed routes in the section right under the default route. The will be persistent and also become more "portable" as in the sense that the routes will be added in the same place the network configuration is found: /etc/sysconfig/network... I believe in the routes file. When you have configured one servers routes, just copy that file over to another servers /etc/sysconfig/network and restart the network services to make the new route effective (assuming the needed routes, including default route, are the same for the other server).
    I dont see where there is a yast network (lan) module. Could you be more specific? I see a routing option in yast network devices and then the eth(x) but nothing else.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •