I have a 13.04 server with 2 interfaces.
servers eth0
eth0 (wan) 172.20.1.17/24 - This interface is connected to a router that will be used as our internet gateway. The router has an interface that the server is connected to with address 172.20.1.1/24(routers ip).
Example of the routers routing table...
0.0.0.0/0 -> gateway = it's public gateway(works not a part of this question)
172.20.1.0/24 -> gateway = Lan Interface that our server is connected to. (all other hosts on this network are working fine and the server has internet access)
10.17.17.0/25 -> gateway = 172.20.1.17 (pointed at the ip of our server)
This all works fine... lets move on.
servers eth1
eth1 (Lan) 10.17.17.1/25
I have a couple computers connected to a switch on the servers LAN interface. The computers have static ip's on the 10.17.17.0/25 network.
The servers routing table...
default 172.20.1.1 0.0.0.0 UG 0 0 0 eth0
10.17.17.0 * 255.255.255.128 U 0 0 0 eth1
link-local * 255.255.0.0 U 1000 0 0 eth1
172.20.1.0 * 255.255.255.0 U 0 0 0 eth0
ifconfig output from the server.
eth0 Link encap:Ethernet HWaddr 00:25:90:d4:43:3f
inet addr:172.20.1.17 Bcast:172.20.1.255 Mask:255.255.255.0
inet6 addr: fe80::225:90ff:fed4:433f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:74034 errors:0 dropped:23 overruns:0 frame:0
TX packets:110451 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:13584832 (13.5 MB) TX bytes:10578014 (10.5 MB)
Memory:ee400000-ee480000
eth1 Link encap:Ethernet HWaddr 00:25:90:d4:43:3e
inet addr:10.17.17.1 Bcast:10.17.17.127 Mask:255.255.255.128
inet6 addr: fe80::225:90ff:fed4:433e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7758 errors:0 dropped:0 overruns:0 frame:0
TX packets:4057 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:655301 (655.3 KB) TX bytes:324797 (324.7 KB)
Interrupt:20 Memory:ee800000-ee820000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:19832 errors:0 dropped:0 overruns:0 frame:0
TX packets:19832 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2015396 (2.0 MB) TX bytes:2015396 (2.0 MB)
I set the server to allow forwarding.
cat /proc/sys/net/ipv4/ip_forward
1
a look at the network interface config...
cat /etc/network/interfaces
auto lo
iface lo inet loopback
pre-up iptables-restore < /etc/iptables/iptables.conf
auto eth0
iface eth0 inet static
network 172.20.1.0
address 172.20.1.17
netmask 255.255.255.0
broadcast 172.20.1.255
gateway 172.20.1.1
dns-nameservers 8.8.8.8 8.8.4.4
auto eth1
iface eth1 inet static
network 10.17.17.0
address 10.17.17.1
netmask 255.255.255.128
broadcast 10.17.17.127
I disabled my firewall for now...
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ping tests from server
ping 172.20.1.1
PING 172.20.1.1 (172.20.1.1) 56(84) bytes of data.
64 bytes from 172.20.1.1: icmp_req=1 ttl=64 time=0.263 ms
64 bytes from 172.20.1.1: icmp_req=2 ttl=64 time=0.245 ms
^C
ping 10.17.17.3
PING 10.17.17.3 (10.17.17.3) 56(84) bytes of data.
64 bytes from 10.17.17.3: icmp_req=1 ttl=64 time=0.272 ms
64 bytes from 10.17.17.3: icmp_req=2 ttl=64 time=0.256 ms
^C
Pings from any host on 172.20.1.0/24 to any host on 10.17.17.0/25 or vice versa fails.
So to sum up the situation the Ubuntu server has two interfaces a wan and a LAN. The LAN computers are statically assigned so no need for any dhcp services on the lan. The server is statically assigned on its wan so no need for a dhcp client. The upstream router has a route for the servers lan and will be handling nat translation at its wan interface so no need for NAT in iptables on the server. For the ease of troubleshooting I have set iptables to accept all (input, forward and output) firewall chains. The server can see both networks and can ping hosts on both networks.
The problem is that hosts on both networks can not forward(ping) traffic though the Ubuntu server. Trace routes from any host on ether network trying to communicate with the opposite network will hit the first hop successfully(ubuntu server) and timeout never reaching the second hop which should be the host on the other network(host on the other side of the server).
I have rebooted multiple times.
Thanks for your help in advance.
Any idea what is wrong or what I can do to troubleshoot further?
Let me know if any additional information is needed.
Thanks Pete
Bookmarks