Michael Weber wrote:
Hi, all. I'm feeling REALLY dense right now. I hope this is not a
"Duh!" kind of thing.
I have a Compaq desktop, D500, with 2 GHz P4, 512 Mb, etc. and an
onboard Intel NIC. What I want to do is turn it inot a backup/test
firewall system. So, I bought an Intel 100 Pro server NIC and installed
it. When I install Fedora from the CD's all seems fine. It finds the
NICs, assigns IP addresses, routes, etc. and everything is happy.
Until you try to use eth1.
I can ping the address just fine, but I cannot ping anything out of
that interface. The other interface is fully operational. If I ping
the interface from a known functional system, I get no returns. Not
even an ARP response.
>
Here's what I've tried:
I tried three other NIC's, both Intel and 3Com. I tried moving
interrupts around. I swapped cables, switches, IP numbers, brands of
coffee. (Hey, I was desperate!)
I tried a different machine, even tried a Dell GX115.
I tried a different driver, updated kernel, turning off everything in
the BIOS that a firewall wouldn't need (LPT, COMs, USB, etc.)
Nothing worked. It acts like the NIC doesn't interrupt the processor.
Here are some sample outputs in hopes someone has seen this before. I
tried Googling the symptoms and didn't see anything relevant. Let me
know if you need to see anything else.
TIA!
-Michael
[root@fw-4 root]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Ok, no iptables.
[root@fw-4 root]# ping 172.16.30.32
PING 172.16.30.32 (172.16.30.32) 56(84) bytes of data.
From 172.16.30.25 icmp_seq=0 Destination Host Unreachable
From 172.16.30.25 icmp_seq=1 Destination Host Unreachable
From 172.16.30.25 icmp_seq=2 Destination Host Unreachable
--- 172.16.30.32 ping statistics ---
6 packets transmitted, 0 received, +3 errors, 100% packet loss, time
5026ms
Usually indicative of a bad route.
, pipe 4
[root@fw-4 root]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:02:B3:E7:65:F9
inet addr:66.136.128.237 Bcast:66.136.128.239
Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:27293 errors:0 dropped:0 overruns:0 frame:0
TX packets:20857 errors:0 dropped:0 overruns:0 carrier:0
collisions:443 txqueuelen:1000
RX bytes:3436779 (3.2 Mb) TX bytes:1470496 (1.4 Mb)
Interrupt:5 Base address:0x1000 Memory:fc420000-fc420038
eth1 Link encap:Ethernet HWaddr 00:08:02:A8:5A:83
inet addr:172.16.30.25 Bcast:172.16.255.255
Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12361 errors:0 dropped:0 overruns:0 frame:0
TX packets:704 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:989444 (966.2 Kb) TX bytes:29568 (28.8 Kb)
Interrupt:10 Base address:0x1040 Memory:fc421000-fc421038
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2532 errors:0 dropped:0 overruns:0 frame:0
TX packets:2532 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1523935 (1.4 Mb) TX bytes:1523935 (1.4 Mb)
Ok, so eth1 is on the same subnet as the ping target.
[root@fw-4 root]# more /proc/interrupts
CPU0
0: 629623 XT-PIC timer
1: 2730 XT-PIC keyboard
2: 0 XT-PIC cascade
5: 46836 XT-PIC eth0
8: 3 XT-PIC rtc
10: 13173 XT-PIC eth1
12: 63222 XT-PIC PS/2 Mouse
14: 57111 XT-PIC ide0
15: 49560 XT-PIC ide1
NMI: 0
ERR: 0
dmesg output:
Linux version 2.4.22-1.2115.nptl (bhcompile@xxxxxxxxxxxxxxxxxxxxx) (gcc
version
3.2.3 20030422 (Red Hat Linux 3.2.3-6)) #1 Wed Oct 29 15:42:51 EST
2003
<snip>
Intel(R) PRO/100 Network Driver - version 2.3.18-k1
Copyright (c) 2003 Intel Corporation
PCI: Found IRQ 5 for device 02:04.0
divert: allocating divert_blk for eth0
e100: selftest OK.
e100: eth0: Intel(R) PRO/100 Network Connection
Hardware receive checksums enabled
cpu cycle saver enabled
PCI: Found IRQ 10 for device 02:08.0
divert: allocating divert_blk for eth1
e100: selftest OK.
e100: eth1: Intel(R) PRO/100 Network Connection
Hardware receive checksums enabled
divert: freeing divert_blk for eth0
divert: freeing divert_blk for eth1
ip_tables: (C) 2000-2002 Netfilter core team
ip_conntrack version 2.1 (4095 buckets, 32760 max) - 292 bytes per
conntrack
Intel(R) PRO/100 Network Driver - version 2.3.18-k1
Copyright (c) 2003 Intel Corporation
PCI: Found IRQ 5 for device 02:04.0
divert: allocating divert_blk for eth0
e100: selftest OK.
e100: eth0: Intel(R) PRO/100 Network Connection
Hardware receive checksums enabled
cpu cycle saver enabled
PCI: Found IRQ 10 for device 02:08.0
divert: allocating divert_blk for eth1
e100: selftest OK.
e100: eth1: Intel(R) PRO/100 Network Connection
Hardware receive checksums enabled
e100: eth0 NIC Link is Up 10 Mbps Half duplex
e100: eth1 NIC Link is Up 10 Mbps Half duplex
Nothing there.
I'd recommend "traceroute 172.16.30.32" and verify that the ping is
indeed going out eth1. Also, give us the output of "netstat -rn"
(your routing tables).
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens@xxxxxxxxxxxxxxx -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- All generalizations are false. -
----------------------------------------------------------------------
