The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 23, 2019, 06:00:16 AM

Login with username, password and session length


Pages: [1] 2
  Print  
Author Topic: Networking weirdness ... looking for assistance  (Read 3492 times)
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« on: February 12, 2010, 06:06:53 PM »

Hey all -

Just moved a couple of my Linux (FC 7, I believe) machines from one data center to another. They are sitting behind a SonicWall. I did the exact same steps to both, with the exception of what address I gave each of them. They behave identically.

  • I used SETUP to change the IP address.
  • It can ping it's local network, it can ping the outside world, it can ping all VPN addresses. It can ping, specifically, my desktop across a VPN.
  • From the local network, on a machine sitting right next to it, I can ping it - in fact, on a machine right next to it, I can ssh into it, no problems or complaints.
  • From my machine across the VPN, I cannot ping it, see it, connect to it in any way.
  • I can ping, see and connect to any other machines on the same subnet across the VPN. In fact, the way I get to it is by RDPing into a machine sitting right next to it, then using putty to log on to it.
  • It USED TO BE addressed the same as another set of machines on a VPN connected to the Sonic Wall, but that is no longer so. I also turned down that VPN just to make sure. I say this only because it's on a high-end managed switch and I didn't know if the addressing might be screwy ... but since it can ping all the rest of the world OK, then clearly the SonicWall knows to dump traffic destined for (this address) back onto the correct subnet and not forward it down a VPN tunnel.
  • I've shut off iptables and anything that remotely looked like it filtered traffic, to no avail.

Just kind of baffled here, hoping someone has a direction to bump me in get me moving forward again.

TIA,
/perk
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #1 on: February 12, 2010, 06:47:32 PM »

@Nuts, telco @ suggestion: found Ping on the SonicWall, it can see both machines (.203 and .205) just fine. Again, both 203 and 205 can ping the outside world just fine, so clearly they understand where the gateway bread is buttered.

Angry
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #2 on: February 12, 2010, 06:54:21 PM »

OK, just gonna call it a night, we're talking Freddy ex machina.

Let Ping just run from my machine to .205. After about 5 timeouts ... it worked! Glory Be! Ping again. Nope. Ping, wait about 30 timeouts, Baddabing! Ping again, instant response. Ping again, big wait, no dice. Ping again, after about 10, floats through.

Something ARPy I'll betcha, and gotta be something in the switches I'll bet. At least I know that it's not essential plumbing ... tomorrow, when I'm wheels up for Flagstaff it'll suddenly work perfectly  Roll Eyes
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #3 on: February 12, 2010, 10:51:12 PM »

 Angry  Angry  Angry

Waited till late, rebooted SonicWall.

No change.

Can't reboot switches from here (haven't set that up) so it's a trip to the datacenter I'm thinking. FFS

Hope that's it.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #4 on: February 13, 2010, 07:47:10 AM »

I really have no other ideas???

Are you sure you don't have something weird in ip tables. I would think you would since they were behind ipcop.

Interestingly, those are the only 2 linux boxes in the rack...
Is it possible the sonic wall has a setting for what types of machines it will talk to? I really doubt it obviously because I don't even know how that would work, but at this point I'm baffled. If the switch reboot/ flush doesn't do it, then I don't know.

Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #5 on: February 13, 2010, 09:53:45 AM »

Totally baffling. This morning, they no workee at all again.

I'da thunk that the switch (if it needed to do something) would have flushed out by now. What's still really twisted is that both the .205 and .203 machines ping my local box over the VPN perfectly, and I still ping everything around them perfectly. I'm about run out of thoughts.

Hoping perhaps VS might come up with a magic scanner or something that would help me isolate at least where the problem is...
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #6 on: February 13, 2010, 10:52:36 AM »

try 1 more thing.
try changing the IP of 1 of those boxes to something way lower. like in the 10s. just for shits and giggles. I am really pretty damn sure that the SonicWall is pooching you. I wonder... Im gonna go poke around in the wall once you message me the password (cause i forgot it again...)
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #7 on: February 13, 2010, 10:55:40 AM »

Will do on the low address, gonna try that immediately.

Thanks for the poke around, I'm freakin' baffled. Concerned that, in the next couple weeks as more migrate, this problem may not be isolated...
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #8 on: February 13, 2010, 11:00:54 AM »

Flew instantly on dot 7.

I'm wondering if the SonicWall is doing something squirrely above it's DHCP range (100..199) or something ... but I can't find anything nor any subnet markers other than wide open class c.

Gonna test .99, then some 100s now.
« Last Edit: February 13, 2010, 11:05:04 AM by perkiset » Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #9 on: February 13, 2010, 11:05:27 AM »

im pretty sure its a subnetting issue since it worked on .7
i will poke and fix if i find it. The intertard guys might have been a little too "precise" in their methodology.
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #10 on: February 13, 2010, 11:22:20 AM »

.7, .99, .199 all work great. .210 fails like 203 and 205.

I'm looking forward to a different pair of eyes, because all I see is the DHCP range that even addresses anywhere near this.

Wonder if there's a SonicWall shitty in there somewhere? Perhaps, since there's precious few times that DHCP is ever need there at all, we put DHCP up at like 225..250 and see what we get. I see you're in the SW right this minute ... perhaps we try that quickly...
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #11 on: February 13, 2010, 11:22:34 AM »

hmmm it all looks normal. Obviously something outside the realm of normal going on.

I did fix 1 thing. There was no NTP server setup, so i added that. The servers are all a bit out of time sync, and is probably what is triggering some errors on the DC. nothing major, just something that was missed.
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #12 on: February 13, 2010, 11:40:07 AM »

Just reset the DHCP to 225..253, no change however I can't reboot the SW at the moment because of other users.

No more time to play with it, at least we know what does and doesn't work.

It'll get more gray matter next week, thx mate.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #13 on: February 13, 2010, 07:32:30 PM »

The idea you had that there can be no statics above the dyn range is making more and more sense. I bet if you change the dyn range to 220 and up, it will now work at 203. This is dumb but is sounding likely.
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #14 on: February 13, 2010, 07:33:33 PM »

Also, do you realy want your stuff on the same subnet as them? Or is this just temporary?
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
Pages: [1] 2
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!