Problem with 2 NICs - only ping works
From: Robert B. (rpbyc_at_NOSPAM.op.pl)
Date: 02/27/04
- Next message: Francine: "Re: Watch the internet pack"
- Previous message: Per Christian B. Viken: "Re: Can't use "www" url to webserver on LAN?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 27 Feb 2004 13:46:18 +0100
Hello,
I have the following problem:
There is a network consisting of 4 computers running Fedora Core 1,
kernel 2.4.22-2115.nptl.smp. Each computer has 2 ethernet cards,
one 1Gb for the "internal" network 192.168.1.0 and 1 100Mb for the
"external"
network, say 212.111.111.0
So, the "fast" interfaces have IPs 192.168.1.1 to 4 and the "slow":
212.111.111.229 to 232
No computer is router here, because only the "slow" interfaces should have
access to the internet.
Each machine is running an sshd.
At the beginning there were frequent problems with logging in by an ssh
from
both the internal and the external networks.
I've noticed that the MACs sometimes were duplicated in the arp tables in
the
hosts. So the first thing I've done was creating statically the arp tables
at the systems startup.
It caused, that ssh started working very well in the internal network, but
when
I tried to ssh, say from 212.111.111.229 to 212.111.111.230 it was
impossible
(connection timed out).
Logging by ssh from other machines (besides the four) in the 212.111.111.0
network was possible,
but sometimes there were also connection timeouts.
So, what have I thinked out was to introduce 2 VLANs (because all the NICs
are connected
by one AT-9410 Gigabit switch). One VLAN has connected the four 100Mb NICs
and the link
to the external network, the other VLAN has only connected the four 1Gb
NICs.
Now I don't statically create the arp tables. It look that they are OK.
Connecting by ssh in the 192.168.1.0 network works fine, connection from,
say 212.111.111.229 to 212.111.111.230 is still impossible (time out),
but the real problem is, that connection from the other machines in the
external
network (and the world) to 212.111.111.XXX is impossible (time out).
I have to say, that the pings were and still are OK. I can ping from my
another
computer to each machine in 212.111.111.0, but I can't log into it by ssh.
It can't be a firewall issue, because before introducing the two VLANs it
worked,
only sometimes appeared time outs.
Not only ssh doesn't work well, the same situation is with netperf
package, which
also works on a client-server basis. There only works
# netperf -H 192.168.1.2 from any host 192.168.1.X,
# netperf -H 212.111.111.XXX doesn't work (time out).
Sorry for such a chaotic description, but I've already tried to mend it by
so many ways that all of it is well mixed in my head...
I don't know, maybe someone has tried to have 2 networks on one switch
and one set of computers and it works?
-- Regards, Robert B. rpbyc@op.pl
- Next message: Francine: "Re: Watch the internet pack"
- Previous message: Per Christian B. Viken: "Re: Can't use "www" url to webserver on LAN?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
