Hi,
I upgraded from 9.04 to 9.10 and am down to one remaining problem, and its really, really weird.
I have 2 NICs in my server and have multiple IPs on both NICs. All are on the same vlan.
According to wireshark & tcpdump, there's absolutely no IP traffic on NIC1, all is on NIC0, even to IPs plumbed on NIC1!!
QUESTION: Is this because ALL outbound traffic is on eth0, so arp assigns the MAC of eth0 for ALL IPs on this server?
Another symptom: I pointed NS server entry in Registry.Com for one of my domains to the ns1 IP and it never responds to DNS requests -- external to VLAN. I changed registry.com to point to another IP, on the same NIC, and it works properly!
Here's my /etc/network/interfaces file:
Code:
auto lo
iface lo inet loopback
iface eth0 inet static
address 74.1.46.162
netmask 255.255.255.240
broadcast 74.1.46.175
network 74.1.46.160
gateway 74.1.46.161
iface eth0:1 inet static
address 74.1.46.163
netmask 255.255.255.240
broadcast 74.1.46.175
network 74.1.46.160
iface eth0:2 inet static
address 74.1.46.164
netmask 255.255.255.240
broadcast 74.1.46.175
network 74.1.46.160
iface eth0:3 inet static
address 74.1.46.165
netmask 255.255.255.240
broadcast 74.1.46.175
network 74.1.46.160
iface eth1 inet static
address 74.1.46.166
netmask 255.255.255.240
broadcast 74.1.46.175
network 74.1.46.160
iface eth1:1 inet static
address 74.1.46.167
netmask 255.255.255.240
broadcast 74.1.46.175
network 74.1.46.160
iface eth1:2 inet static
address 74.1.46.168
netmask 255.255.255.240
broadcast 74.1.46.175
network 74.1.46.160
iface eth1:3 inet static
address 74.1.46.169
netmask 255.255.255.240
broadcast 74.1.46.175
network 74.1.46.160
iface eth1:4 inet static
address 74.1.46.174
netmask 255.255.255.240
broadcast 74.1.46.175
network 74.1.46.160
auto eth0
auto eth0:1
auto eth0:2
auto eth0:3
auto eth1
auto eth1:1
auto eth1:2
auto eth1:3
auto eth1:4
Here's ifconfig -a:
Code:
eth0 Link encap:Ethernet HWaddr 00:e0:81:72:ed:a4
inet addr:74.1.46.162 Bcast:74.1.46.175 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:266332 errors:0 dropped:0 overruns:0 frame:0
TX packets:244044 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:21288994 (21.2 MB) TX bytes:47334848 (47.3 MB)
Interrupt:30 Base address:0xe000
eth0:1 Link encap:Ethernet HWaddr 00:e0:81:72:ed:a4
inet addr:74.1.46.163 Bcast:74.1.46.175 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:30 Base address:0xe000
eth0:2 Link encap:Ethernet HWaddr 00:e0:81:72:ed:a4
inet addr:74.1.46.164 Bcast:74.1.46.175 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:30 Base address:0xe000
eth0:3 Link encap:Ethernet HWaddr 00:e0:81:72:ed:a4
inet addr:74.1.46.165 Bcast:74.1.46.175 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:30 Base address:0xe000
eth1 Link encap:Ethernet HWaddr 00:e0:81:72:ed:a5
inet addr:74.1.46.166 Bcast:74.1.46.175 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9205 errors:0 dropped:0 overruns:0 frame:0
TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1900882 (1.9 MB) TX bytes:6798 (6.7 KB)
Interrupt:31
eth1:1 Link encap:Ethernet HWaddr 00:e0:81:72:ed:a5
inet addr:74.1.46.167 Bcast:74.1.46.175 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:31
eth1:2 Link encap:Ethernet HWaddr 00:e0:81:72:ed:a5
inet addr:74.1.46.168 Bcast:74.1.46.175 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:31
eth1:3 Link encap:Ethernet HWaddr 00:e0:81:72:ed:a5
inet addr:74.1.46.169 Bcast:74.1.46.175 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:31
eth1:4 Link encap:Ethernet HWaddr 00:e0:81:72:ed:a5
inet addr:74.1.46.174 Bcast:74.1.46.175 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:31
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:32692 errors:0 dropped:0 overruns:0 frame:0
TX packets:32692 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8216190 (8.2 MB) TX bytes:8216190 (8.2 MB)
Here's netstat -tap
Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 inferno.cocoanet.u:7634 *:* LISTEN 3573/hddtemp
tcp 0 0 *:ftp *:* LISTEN 3769/pure-ftpd (SER
tcp 0 0 h-74-1-46-174.sf:domain *:* LISTEN 3593/mydns
tcp 0 0 h-74-1-46-169.sf:domain *:* LISTEN 3593/mydns
tcp 0 0 h-74-1-46-168.sf:domain *:* LISTEN 3593/mydns
tcp 0 0 h-74-1-46-167.sf:domain *:* LISTEN 3593/mydns
tcp 0 0 h-74-1-46-166.sf:domain *:* LISTEN 3593/mydns
tcp 0 0 h-74-1-46-165.sf:domain *:* LISTEN 3593/mydns
tcp 0 0 h-74-1-46-164.sf:domain *:* LISTEN 3593/mydns
tcp 0 0 www.cocoanet.us:domain *:* LISTEN 3593/mydns
tcp 0 0 inferno.cocoanet:domain *:* LISTEN 3593/mydns
tcp 0 0 inferno.cocoanet:domain *:* LISTEN 3593/mydns
tcp 0 0 *:ssh *:* LISTEN 2323/sshd
tcp 0 0 *:ipp *:* LISTEN 3994/cupsd
tcp 0 0 *:smtp *:* LISTEN 3730/master
tcp 0 0 inferno.cocoanet.u:5433 *:* LISTEN 2779/postgres
tcp 0 0 inferno.cocoanet.u:6010 *:* LISTEN 19060/0
tcp 0 0 *:8443 *:* LISTEN 4230/apache2
tcp 0 0 *:https *:* LISTEN 4230/apache2
tcp 0 0 *:microsoft-ds *:* LISTEN 3817/smbd
tcp 0 0 h-74-1-46-:microsoft-ds 109.122.192.21:3448 SYN_RECV -
tcp 0 0 *:imaps *:* LISTEN 3342/couriertcpd
tcp 0 0 *:pop3s *:* LISTEN 3390/couriertcpd
tcp 0 0 inferno.cocoanet.:10024 *:* LISTEN 2470/amavisd (maste
tcp 0 0 inferno.cocoanet.:10025 *:* LISTEN 3730/master
tcp 0 0 *:mysql *:* LISTEN 2663/mysqld
tcp 0 0 *:netbios-ssn *:* LISTEN 3817/smbd
tcp 0 0 *:pop3 *:* LISTEN 3363/couriertcpd
tcp 0 0 *:imap2 *:* LISTEN 3315/couriertcpd
tcp 0 0 inferno.cocoanet.:spamd *:* LISTEN 2877/spamd.pid
tcp 0 0 *:www *:* LISTEN 4230/apache2
tcp 0 0 *:5552 *:* LISTEN 2364/tprintdaemon
tcp 0 0 www.cocoanet.us:imaps h-74-1-46-173.sfl:48456 ESTABLISHED 4956/couriertls
tcp 0 0 www.cocoanet.us:www 207.46.55.29:42596 FIN_WAIT2 -
tcp 0 0 www.cocoanet.us:imaps h-74-1-46-173.sfl:41280 ESTABLISHED 18880/couriertls
tcp 0 0 inferno.cocoanet.:43918 inferno.cocoanet.:mysql ESTABLISHED 18652/amavisd (ch3-
tcp 0 0 h-74-1-46-166.sfl:imaps h-74-1-46-173.sfl:52528 ESTABLISHED 4998/couriertls
tcp 0 0 www.cocoanet.us:imaps h-74-1-46-173.sfl:48469 ESTABLISHED 4997/couriertls
tcp 0 0 h-74-1-46-166.sfl:imaps h-74-1-46-173.sfl:60167 ESTABLISHED 18213/couriertls
tcp 0 0 www.cocoanet.us:imaps h-74-1-46-173.sfl:50734 ESTABLISHED 18515/couriertls
tcp 1 11264 www.cocoanet.us:www proxy.palmers.ac.:56663 CLOSE_WAIT 4275/apache2
tcp 0 0 www.cocoanet.us:imaps h-74-1-46-173.sfl:48466 ESTABLISHED 4994/couriertls
tcp 0 0 inferno.cocoanet.:mysql inferno.cocoanet.:43906 ESTABLISHED 2663/mysqld
tcp 0 0 inferno.cocoanet.u:6010 inferno.cocoanet.:60201 TIME_WAIT -
tcp 0 0 h-74-1-46-166.sfl:imaps h-74-1-46-173.sfl:52525 ESTABLISHED 4995/couriertls
tcp 0 0 www.cocoanet.us:imaps h-74-1-46-173.sfl:44616 ESTABLISHED 18084/couriertls
tcp 0 0 www.cocoanet.us:imaps h-74-1-46-173.sfl:48465 ESTABLISHED 4993/couriertls
tcp 0 0 h-74-1-46-166.sfl:imaps h-74-1-46-173.sfl:52526 ESTABLISHED 4996/couriertls
tcp 0 0 www.cocoanet.us:imaps h-74-1-46-173.sfl:54620 ESTABLISHED 18383/couriertls
tcp 0 0 inferno.cocoanet.:43906 inferno.cocoanet.:mysql ESTABLISHED 18398/amavisd (ch3-
tcp 0 0 inferno.cocoanet.:mysql inferno.cocoanet.:43918 ESTABLISHED 2663/mysqld
tcp 0 0 h-74-1-46-166.sfl:imaps h-74-1-46-173.sfl:52530 ESTABLISHED 5003/couriertls
tcp 0 0 www.cocoanet.us:imaps h-74-1-46-173.sfl:40321 ESTABLISHED 18717/couriertls
tcp 0 0 www.cocoanet.us:imaps h-74-1-46-173.sfl:48471 ESTABLISHED 5000/couriertls
Here's netstat -rn
Code:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
74.1.46.160 0.0.0.0 255.255.255.240 U 0 0 0 eth0
74.1.46.160 0.0.0.0 255.255.255.240 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 74.1.46.161 0.0.0.0 UG 0 0 0 eth0
Here's iptables -L
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
This was working as expected on 9.04.
NOTE: I had to disable ipv6 in kernel to keep mydns from puking, but had this problem regardless.
Bookmarks