[ale] iptables issues with dual NIC'd hosts?
leam hall
leamhall at gmail.com
Fri Jan 26 14:30:56 EST 2018
The iptables rules were almost the default "wide open" wiht a specific
line for port 3306 as 0.0.0.0. accept.
The two machines are on the same vlan, no routing except the host.
On Fri, Jan 26, 2018 at 2:27 PM, Ed Cashin via Ale <ale at ale.org> wrote:
> By "tracing it through" do you mean looking at the counts for the iptables
> rules, and noticing which rules incremented and which did not?
>
> Tracing with tcpdump is great for debugging, but I don't see how that would
> catch things getting stopped between chains inside the kernel---that's why I
> ask.
>
>
> On Fri, Jan 26, 2018 at 2:12 PM, Jim Kinney via Ale <ale at ale.org> wrote:
>>
>> Sounds like a routing problem. ip route will show the defaults. If BOTH
>> are not pointed at each other, nothing happens. Verify with tcpdump on both
>> ends - look for traffic to/from <host>
>>
>> Host A has nics 1 & 2 (A1 & A2)
>> Host B has nics 1 & 2 (B1 & B2)
>>
>> Assumption is A1 and B1 are on network 192.168.0.0 and A2 and B2 are on
>> 10.1.1.0. Assumption default route is 192.168.0.0.
>>
>> To get those machines to talk on the 10.1.1.0 network, you will need to
>> use explicit IP address and adding a custom name in /etc/hosts is a good
>> idea.
>>
>> Also need to verify that the database is listing on the correct IP - ditto
>> for tomcat.
>>
>> I just spent _days_ trying to trace a multi-homed network FSCKUP through
>> iptables. Data in on port A never appears anywhere else. tracing it through
>> just showed where it vanished - between PREROUTING RAW and PREROUTING NAT. I
>> feel your pain.
>>
>> On Fri, 2018-01-26 at 13:01 -0500, leam hall via Ale wrote:
>>
>> Using RHEL 6, two hosts (A, B) each with two NICs, Each host has one
>> NIC on each of two VLANs. Tomcat on Host_A rying to connect to MySQL
>> on Host_B, port 3306. iptables on Host_B looks open (0.0.0.0) for
>> TCP/3306.
>>
>> Host_A_NIC_0 can connect to Host_B_NIC_0 TCP/3306
>> HOST_A_NIC_1 can NOT connect to HOST_B_NIC_1 TCP/3306.
>>
>> They are 1 IP off and NIC_1 can ping NIC_1, but not connect TCP/3306.
>>
>> Thoughts on how to figure out why when iptables looks open?
>>
>> Leam
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>> --
>>
>> James P. Kinney III
>>
>> Every time you stop a school, you will have to build a jail. What you
>> gain at one end you lose at the other. It's like feeding a dog on his
>> own tail. It won't fatten the dog.
>> - Speech 11/23/1900 Mark Twain
>>
>> http://heretothereideas.blogspot.com/
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>
>
>
> --
> Ed Cashin <ecashin at noserose.net>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
More information about the Ale
mailing list