Weird routing problem. (I think)

All of lore.kernel.org
 help / color / mirror / Atom feed

* Weird routing problem. (I think)
@ 2003-11-06 14:21 Stephan Viljoen
  2003-11-06 14:34 ` David C. Hart
  2003-11-06 15:52 ` Ramin Dousti
  0 siblings, 2 replies; 5+ messages in thread
From: Stephan Viljoen @ 2003-11-06 14:21 UTC (permalink / raw)
  To: netfilter

Hi There,

I'm sorry if I've mailed this to the wrong mailing list , but I reckon
you guys would know best :)

Some off my clients started complaining that they're having problems
connecting to my mail server. Now all this worked fine up until
yesterday. I'm not blocking any ports nor am I blocking ICMP on the
network.

If I try and ping the mail server from the clients computer I get the
following message.

[root@ceda root]# ping 217.10.176.138
PING 217.10.176.138 (217.10.176.138) 56(84) bytes of data.
From 10.0.5.1: icmp_seq=2 Redirect Host(New nexthop: 217.10.176.138) 
From 10.0.5.1: icmp_seq=3 Redirect Host(New nexthop: 217.10.176.138)

And here comes the weird part, the moment I restart the client's network
all problems disappear for at least an hour or two. I have about 50
customers on my network and only about half off them is experiencing
this problem and it's on both Windows / linux boxes.

I only have this problem accessing the mail server, the rest of the
servers hosted on the 217.10.176.136/29 network works fine. I can also
ping the same clients pc from the mail server without any problems.

[root@mail routers]# ping 10.0.5.2
PING 10.0.5.2 (10.0.5.2) 56(84) bytes of data.
64 bytes from 10.0.5.2: icmp_seq=1 ttl=64 time=0.260 ms
64 bytes from 10.0.5.2: icmp_seq=2 ttl=64 time=0.235 ms

Here's my network layout.

Cisco Router 	 : (217.10.176.149/255.255.255.252)

		-----------------------------

FIREWALL	 : eth0 (217.10.176.150/255.255.255.252)
		 : eth1:client1 (10.0.5.1/255.255.255.252)
		 : eth1:client2 (10.0.4.1/255.255.255.252)
		 : eth1:mail (217.10.176.137/255.255.255.248)

Routing table for the firewall.
10.0.5.0	    0.0.0.0		 255.255.255.252  U  0	 0
0 eth1
10.0.4.0	    0.0.0.0		 255.255.255.252  U  0 0 0 eth1
217.10.176.136  0.0.0.0        255.255.255.248  U  0 0 0 eth1
127.0.0.0       0.0.0.0        255.0.0.0        U  0 0 0 lo
0.0.0.0         217.10.176.149 0.0.0.0          UG 0 0 0 eth0

		-----------------------------

MAIL SERVER	 : eth0 (217.10.176.138/255.255.255.248)
Routing table on the Mail Server
217.10.176.136  0.0.0.0         255.255.255.248 U  0 0 0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U  0 0 0 lo
0.0.0.0         217.10.176.137  0.0.0.0         UG 0 0 0 eth0

		-----------------------------

Client PC 1 	 : eth0 (10.0.5.2/255.255.255.252)

		-----------------------------

Client PC 2 	 : eth0 (10.0.4.2/255.255.255.252)

		-----------------------------

Some input would be greatly appreciated.

Kind Regards
Stephan



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Weird routing problem. (I think)
  2003-11-06 14:21 Weird routing problem. (I think) Stephan Viljoen
@ 2003-11-06 14:34 ` David C. Hart
  2003-11-06 14:43   ` Antony Stone
  2003-11-06 14:44   ` Stephan Viljoen
  2003-11-06 15:52 ` Ramin Dousti
  1 sibling, 2 replies; 5+ messages in thread
From: David C. Hart @ 2003-11-06 14:34 UTC (permalink / raw)
  To: Stephan Viljoen; +Cc: Iptables Mailing List

[-- Attachment #1: Type: text/plain, Size: 637 bytes --]

On Thu, 2003-11-06 at 09:21, Stephan Viljoen wrote:
> Some off my clients started complaining that they're having problems
> connecting to my mail server. Now all this worked fine up until
> yesterday. I'm not blocking any ports nor am I blocking ICMP on the
> network.
> 
Rather slow but  . . . 

[root@mail2 root]# telnet 217.10.176.138 25
Trying 217.10.176.138...
Connected to 217.10.176.138.
Escape character is '^]'.
EHLO *****
220 gabswave.net ESMTP Exim 4.24 Thu, 06 Nov 2003 16:28:14 +0200
501 Syntactically invalid EHLO argument(s)
quit
221 gabswave.net closing connection
Connection closed by foreign host.


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Weird routing problem. (I think)
  2003-11-06 14:34 ` David C. Hart
@ 2003-11-06 14:43   ` Antony Stone
  2003-11-06 14:44   ` Stephan Viljoen
  1 sibling, 0 replies; 5+ messages in thread
From: Antony Stone @ 2003-11-06 14:43 UTC (permalink / raw)
  To: IPTables Mailing List

On Thursday 06 November 2003 2:34 pm, David C. Hart wrote:

> On Thu, 2003-11-06 at 09:21, Stephan Viljoen wrote:
> > Some off my clients started complaining that they're having problems
> > connecting to my mail server. Now all this worked fine up until
> > yesterday. I'm not blocking any ports nor am I blocking ICMP on the
> > network.
>
> Rather slow but  . . .
>
> [root@mail2 root]# telnet 217.10.176.138 25
> Trying 217.10.176.138...
> Connected to 217.10.176.138.

Sure, the mail server is responding, but that doesn't explain the internal 
network response to the pings.   I don't think you can trace this problem 
from the outside.

My question to Stephan is:

Why do you have multiple network ranges all plugged in to eth1 on the 
Firewall?   Looks like a bad idea to me (I'm not saying it won't work, but I 
really don't like it).

Regards,

Antony.

-- 

The only problem with the Universe as a platform, though, is that it is 
currently running someone else's program.

 - Ken Karakotsios, author of SimLife
                                                     Please reply to the list;
                                                           please don't CC me.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* RE: Weird routing problem. (I think)
  2003-11-06 14:34 ` David C. Hart
  2003-11-06 14:43   ` Antony Stone
@ 2003-11-06 14:44   ` Stephan Viljoen
  1 sibling, 0 replies; 5+ messages in thread
From: Stephan Viljoen @ 2003-11-06 14:44 UTC (permalink / raw)
  To: 'IPTables Mailing List'

It works 100% fine from outside of the network. I'm getting the problem
from some off my users on a private subnet. The thing that baffles me is
that they can connect to any other server on the same IP subnet as the
mail server with no problems.




-----Original Message-----
From: David C. Hart [mailto:DCH@TQMcube.com] 
Sent: Thursday, November 06, 2003 4:34 PM
To: Stephan Viljoen
Cc: Iptables Mailing List
Subject: Re: Weird routing problem. (I think)

On Thu, 2003-11-06 at 09:21, Stephan Viljoen wrote:
> Some off my clients started complaining that they're having problems
> connecting to my mail server. Now all this worked fine up until
> yesterday. I'm not blocking any ports nor am I blocking ICMP on the
> network.
> 
Rather slow but  . . . 

[root@mail2 root]# telnet 217.10.176.138 25
Trying 217.10.176.138...
Connected to 217.10.176.138.
Escape character is '^]'.
EHLO *****
220 gabswave.net ESMTP Exim 4.24 Thu, 06 Nov 2003 16:28:14 +0200
501 Syntactically invalid EHLO argument(s)
quit
221 gabswave.net closing connection
Connection closed by foreign host.




^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Weird routing problem. (I think)
  2003-11-06 14:21 Weird routing problem. (I think) Stephan Viljoen
  2003-11-06 14:34 ` David C. Hart
@ 2003-11-06 15:52 ` Ramin Dousti
  1 sibling, 0 replies; 5+ messages in thread
From: Ramin Dousti @ 2003-11-06 15:52 UTC (permalink / raw)
  To: Stephan Viljoen; +Cc: netfilter

It's most probably ICMP redirect from your firewall to the clients since
the firewall receives the packets and send them out of the same interface.

Try turning that off on the firewall.

echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects

Ramin

On Thu, Nov 06, 2003 at 04:21:18PM +0200, Stephan Viljoen wrote:

> Hi There,
> 
> I'm sorry if I've mailed this to the wrong mailing list , but I reckon
> you guys would know best :)
> 
> Some off my clients started complaining that they're having problems
> connecting to my mail server. Now all this worked fine up until
> yesterday. I'm not blocking any ports nor am I blocking ICMP on the
> network.
> 
> If I try and ping the mail server from the clients computer I get the
> following message.
> 
> [root@ceda root]# ping 217.10.176.138
> PING 217.10.176.138 (217.10.176.138) 56(84) bytes of data.
> >From 10.0.5.1: icmp_seq=2 Redirect Host(New nexthop: 217.10.176.138) 
> >From 10.0.5.1: icmp_seq=3 Redirect Host(New nexthop: 217.10.176.138)
> 
> And here comes the weird part, the moment I restart the client's network
> all problems disappear for at least an hour or two. I have about 50
> customers on my network and only about half off them is experiencing
> this problem and it's on both Windows / linux boxes.
> 
> I only have this problem accessing the mail server, the rest of the
> servers hosted on the 217.10.176.136/29 network works fine. I can also
> ping the same clients pc from the mail server without any problems.
> 
> [root@mail routers]# ping 10.0.5.2
> PING 10.0.5.2 (10.0.5.2) 56(84) bytes of data.
> 64 bytes from 10.0.5.2: icmp_seq=1 ttl=64 time=0.260 ms
> 64 bytes from 10.0.5.2: icmp_seq=2 ttl=64 time=0.235 ms
> 
> Here's my network layout.
> 
> Cisco Router 	 : (217.10.176.149/255.255.255.252)
> 
> 		-----------------------------
> 
> FIREWALL	 : eth0 (217.10.176.150/255.255.255.252)
> 		 : eth1:client1 (10.0.5.1/255.255.255.252)
> 		 : eth1:client2 (10.0.4.1/255.255.255.252)
> 		 : eth1:mail (217.10.176.137/255.255.255.248)
> 
> Routing table for the firewall.
> 10.0.5.0	    0.0.0.0		 255.255.255.252  U  0	 0
> 0 eth1
> 10.0.4.0	    0.0.0.0		 255.255.255.252  U  0 0 0 eth1
> 217.10.176.136  0.0.0.0        255.255.255.248  U  0 0 0 eth1
> 127.0.0.0       0.0.0.0        255.0.0.0        U  0 0 0 lo
> 0.0.0.0         217.10.176.149 0.0.0.0          UG 0 0 0 eth0
> 
> 		-----------------------------
> 
> MAIL SERVER	 : eth0 (217.10.176.138/255.255.255.248)
> Routing table on the Mail Server
> 217.10.176.136  0.0.0.0         255.255.255.248 U  0 0 0 eth0
> 127.0.0.0       0.0.0.0         255.0.0.0       U  0 0 0 lo
> 0.0.0.0         217.10.176.137  0.0.0.0         UG 0 0 0 eth0
> 
> 		-----------------------------
> 
> Client PC 1 	 : eth0 (10.0.5.2/255.255.255.252)
> 
> 		-----------------------------
> 
> Client PC 2 	 : eth0 (10.0.4.2/255.255.255.252)
> 
> 		-----------------------------
> 
> Some input would be greatly appreciated.
> 
> Kind Regards
> Stephan
> 


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2003-11-06 15:52 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-11-06 14:21 Weird routing problem. (I think) Stephan Viljoen
2003-11-06 14:34 ` David C. Hart
2003-11-06 14:43   ` Antony Stone
2003-11-06 14:44   ` Stephan Viljoen
2003-11-06 15:52 ` Ramin Dousti

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.