Really strange forwarding problem
From: Philip Washington (phwashington_at_comcast.net)
Date: 03/29/04
- Next message: Philip Washington: "Re: Really strange forwarding problem"
- Previous message: ES: "Re: Networking Problem"
- Next in thread: Philip Washington: "Re: Really strange forwarding problem"
- Reply: Philip Washington: "Re: Really strange forwarding problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 29 Mar 2004 01:56:58 GMT
I have 2 networks connected via VPN. Until 3 days ago it worked fine.
One of the VPN/firewalls locked up and had to be rebooted (F1). After
reboot everything seemed to be working fine except only one of the
computers couldn't connect with one of the other computers on the second
network.
Computers A1,B1,C1,D1 are on network 1 with F1 being the VPN gateway
and firewall.
Computers A2,B2,C2,D2 are on network 2 with F2 being the VPN gateway and
firewall.
A1 can ping and ssh to all computers on network 2 except computer A2.
B1,C1,D1 can connect to all computers on network 2 including computer A2.
So computers A1 and A2 appear to be the only computers affected.
When I examine packet traffic on F1 when A1 pings A2 I see the packets
go in eth1 and then go out eth0 instead of out ipsec0.
When I examine packet traffic on F1 when B1 pings A2 I see the packets
go in eth1 and then go out ipsec0 and see the reply from A2 coming back
from ipsec0 to eth1.
So whenever a packet is going from computer A1 to A2 the packet ends up
going from eth1 to eth0 instead of from eth1 to ipsec0 on computer F1.
When I ping in the reverse direction from A2 to A1 the replies are
dropped in the same manner from A1 back to A2.
I have looked in iptables and used route trying to figure how this one
computer could be affected.
I rebooted(hard and soft) F1 and the problem still occurred.
I also rebooted A1 and the problem was still there. I keep thinking the
problem is on F1, but I can't figure out how a packet addressed from A1
to A2 could be treated differently than a packet from B1 to A2. Because
there are no communication problems when I attempt to connect B1 to A2.
I also changed the IP Address of computer A2 (from 192.168.2.171 to
192.168.2.172) temporarily and this fixed the problem. I had to return
it to its original IP address though. I also changed the IP address of
A1 and this fixed the problem which may end up being my long term
solution, but I definitly would like to figure out what is causing this
problem.
I'm kind of at a loss now where else to look on F1 to find out what is
causing this problem.
The only other pertinent relationship I can think of between these 2
computers is that there was a manual NFS connection prior to rebooting
F1 3 days ago.
Anybody else seen anything like this? I keep thinking there is a cache
or something on the computer F1 that is causing this weird behavior.
-------------------------------------------------------
- Next message: Philip Washington: "Re: Really strange forwarding problem"
- Previous message: ES: "Re: Networking Problem"
- Next in thread: Philip Washington: "Re: Really strange forwarding problem"
- Reply: Philip Washington: "Re: Really strange forwarding problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
