On Sun, 2005-03-06 at 17:45 +0300, Kevin Plew wrote:
> Is your firewall dropping the packets?( tcpdump or ethereal to check )
>
> No packets dropped- iptables -L show no rules
>
>
> > Is the DHCP server assigning the correct default gateways, dns info to
> > both subnets?( traceroute and dig )
> Yes
>
> > Does traceroute from the proxy to a node with a problem go the correct
> > way?
> [root@newengland root]# traceroute -i eth1 10.10.11.50
> traceroute to 10.10.11.50 (10.10.11.50), 30 hops max, 38 byte packets
> 1 192.168.100.20 (192.168.100.20) 2999.097 ms !H 2998.952 ms !H
> 2999.256 ms !H
>
>
> > Does a traceroute from node without a problem to the proxy go the correct
> > way?
> [root@newengland root]# traceroute -i eth0 10.10.11.50
> traceroute to 10.10.11.50 (10.10.11.50), 30 hops max, 38 byte packets
> 1 192.168.1.1 (192.168.1.1) 1.094 ms 0.980 ms 1.012 ms
> 2 10.11.57.1 (10.11.57.1) 5.609 ms 3.661 ms 6.266 ms
> 3 10.10.11.4 (10.10.11.4) 641.193 ms 567.180 ms 818.277 ms
> 4 10.10.11.50 (10.10.11.50) 550.474 ms 599.838 ms 572.665 ms
>
>
> > Is the proxy configured to allow access from the ip range in question?
> Proxy attached to eth0 ini file:
> The log files on the eth0 proxy are fine- eth1 shows no connection to
> 10.10.11.50
> Proxy attached to eth0 ini file:
> [shell]
> login=none
>
>
> [etcp_parameters]
> server_address=10.10.11.50:9200
> server_address=10.10.11.51:9200
> server_announcement_address=none
> max_receive_data_rate=4000000
> etcp_send_protocol=1
> local_udp_address=192.168.1.20
> external_udp_address=10.11.57.2
>
> [logging]
> log_level=verbose
>
>
> [proxy_excludes]
> exclude=localhost
>
> Proxy attached to eth1 ini file:
> [shell]
> login=none
> port=2617
>
> [etcp_parameters]
> server_address=10.10.11.50:9200
> server_address=10.10.11.51:9200
> server_announcement_address=none
> max_receive_data_rate=4000000
> etcp_send_protocol=1
> local_udp_address=192.168.100.20
> external_udp_address=10.11.57.5
> http_listen_address=9302
> socks_listen_address=9303
> autoconfig_listen_address=9301
>
> [logging]
> log_level=verbose
>
> [proxy_excludes]
> exclude=localhost
>
> other files
> [root@newengland tc-recv-AM]# netstat -nr
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt
> Iface
> 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> 10.10.11.0 192.168.1.1 255.255.255.0 UG 0 0 0 eth1
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
What is 192.168.1.1?
Below I see eth0 as 192.168.1.20 and above netstat show it as eth1 ?
Same for eth1, below is shows as 192.168.100.20 and above it shows as
eth2?
This is definetly not right, depending on what you have going on I would
suggest starting from scratch, draw yourself a little diagram, and
before you worry about the proxy piece, make sure that ALL the nodes can
ping each other.
Make sure your netsat and ifconfig info are sane, if 192.168.100.0 is
eth2 in netstat, that ifconfig eth2 should be 192.168.100.20.
>
> [root@newengland tc-recv-AM]# ifconfig eth0
> eth0 Link encap:Ethernet HWaddr 00:0F:B5:42:8E:1C
> inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0
> inet6 addr: fe80::20f:b5ff:fe42:8e1c/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:102163 errors:0 dropped:0 overruns:0 frame:0
> TX packets:59859 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:48961730 (46.6 Mb) TX bytes:45213912 (43.1 Mb)
> Interrupt:11 Base address:0xf000
>
> [root@newengland tc-recv-AM]# ifconfig eth1
> eth1 Link encap:Ethernet HWaddr 00:0F:B5:42:8F:34
> inet addr:192.168.100.20 Bcast:192.168.100.255 Mask:255.255.255.0
> inet6 addr: fe80::20f:b5ff:fe42:8f34/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:5848 errors:0 dropped:0 overruns:0 frame:0
> TX packets:6693 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:1550585 (1.4 Mb) TX bytes:1494116 (1.4 Mb)
> Interrupt:10 Base address:0x1000
>
>
> Thanks
>
> Kevin
>
A little ASCI drawing would be helpful, something like this you can use
as a starting point.
--192.168.1.1--
|
|
192.168.1.0/24---- ----192.168.100.0/24----
| |
| |
192.168.1.20 192.168.100.20
eth1--newengland--eth2
this is suspect, as the ifconfig and netstat info for newengland
conflict.
Have no clue what that proxy config is, haven't used anything but squid
for many years now. Also, normally you don't want to pass -i to
traceroute. For this type of troubleshooting you want to see what the
kernel's rib table ( Routing Information Base ) is doing with the
packets, when you pass -i you force the interface which does not help in
troubleshooting any common setups.
>From the 10.10.11.50 do pings and traceroutes to 192.168.1.20 and to
192.168.100.20 and also from nodes sitting on the 192.168.1.0/24 and
192.168.100.0/24 you should be able to traceroute and ping 10.10.11.50.
This should help you figure out you problem.
Ted
