[ale] iptables issues with dual NIC'd hosts?
Jim Kinney
jim.kinney at gmail.com
Fri Jan 26 14:12:00 EST 2018
Sounds like a routing problem. ip route will show the defaults. If BOTH
are not pointed at each other, nothing happens. Verify with tcpdump on
both ends - look for traffic to/from <host>
Host A has nics 1 & 2 (A1 & A2)Host B has nics 1 & 2 (B1 & B2)
Assumption is A1 and B1 are on network 192.168.0.0 and A2 and B2 are on
10.1.1.0. Assumption default route is 192.168.0.0.
To get those machines to talk on the 10.1.1.0 network, you will need to
use explicit IP address and adding a custom name in /etc/hosts is a
good idea.
Also need to verify that the database is listing on the correct IP -
ditto for tomcat.
I just spent _days_ trying to trace a multi-homed network FSCKUP
through iptables. Data in on port A never appears anywhere else.
tracing it through just showed where it vanished - between PREROUTING
RAW and PREROUTING NAT. I feel your pain.
On Fri, 2018-01-26 at 13:01 -0500, leam hall via Ale wrote:
> Using RHEL 6, two hosts (A, B) each with two NICs, Each host has one
> NIC on each of two VLANs. Tomcat on Host_A rying to connect to MySQL
> on Host_B, port 3306. iptables on Host_B looks open (0.0.0.0) for
> TCP/3306.
>
> Host_A_NIC_0 can connect to Host_B_NIC_0 TCP/3306
> HOST_A_NIC_1 can NOT connect to HOST_B_NIC_1 TCP/3306.
>
> They are 1 IP off and NIC_1 can ping NIC_1, but not connect TCP/3306.
>
> Thoughts on how to figure out why when iptables looks open?
>
> Leam
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
--
James P. Kinney III
Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
http://heretothereideas.blogspot.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20180126/7a75db15/attachment.html>
More information about the Ale
mailing list