[lug] IPChains issue (I think)

Jason Vallery jason at vallery.net
Thu Apr 13 11:39:05 MDT 2006 

Ifconfig -a shows:

eth0      Link encap:Ethernet  HWaddr 00:02:B3:E9:CF:07
          inet addr:209.97.225.208  Bcast:209.97.225.255  Mask:255.255.255.0
          inet6 addr: fe80::202:b3ff:fee9:cf07/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:596 errors:0 dropped:0 overruns:0 frame:0
          TX packets:141 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:57964 (56.6 KiB)  TX bytes:19097 (18.6 KiB)

eth1      Link encap:Ethernet  HWaddr 00:02:B3:E9:CF:06
          inet addr:209.97.225.209  Bcast:209.97.225.255  Mask:255.255.255.0
          inet6 addr: fe80::202:b3ff:fee9:cf06/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:439 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:36360 (35.5 KiB)  TX bytes:750 (750.0 b)
          Base address:0xbc00 Memory:fc4e0000-fc500000


On 4/13/06, Chip Atkinson <chip at pupman.com> wrote:
>
> What does ifconfig -a show?  Do you have addresses for both interfaces?
> I don't know about the high availability aspects of the dual nics, but in
> "normal" operation, you need to have a separate IP for each interface.
> Traffic is then sent to the interface with the corresponding IP.
>
> Chip
> On Thu, 13 Apr 2006, Jason Vallery wrote:
>
> > Hey all,
> >
> > Wow, it's been years since I've posted to this list.  I've just recently
> > sort of rediscovered you all and have been actively lurking (versus
> passive
> > where the mail was just queueing up in a folder I never read).
> >
> > Recently I just got some new hardware for one of the boxes I run.  The
> new
> > box (a 1U rack mount) has integrated dual nics and is running CentOS 4.3(
> > 2.6.9-34.106.unsupportedsmp).  I decided I wanted to take advantage of
> the
> > redundancy dual nics offers me however I'm not really clear on how
> things
> > should be setup.  This box only does WWW and DNS serving so these along
> with
> > SSH are the only services I run.   I've got IPChains setup to reject all
> > traffic except these core 3 services.  My dual nics are configured with
> > static IP addresses.  For some reason however, only traffic pointed at
> eth0
> > ever accesses the services on this box.  The traffic on eth1 never
> > connects.  The symptoms indicate an IPChains issue, however looking at
> the
> > rules I don't see anything that would cause this problem.
> >
> > Here is the output of "iptables -L"
> >
> >
> > Chain INPUT (policy ACCEPT)
> > target     prot opt source               destination
> > LOG        all  --  anywhere             anywhere            LOG level
> debug
> > prefix `BANDWIDTH_IN:'
> > LOG        all  --  anywhere             anywhere            LOG level
> debug
> > prefix `BANDWIDTH_IN:'
> > RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> >
> > Chain FORWARD (policy ACCEPT)
> > target     prot opt source               destination
> > LOG        all  --  anywhere             anywhere            LOG level
> debug
> > prefix `BANDWIDTH_OUT:'
> > LOG        all  --  anywhere             anywhere            LOG level
> debug
> > prefix `BANDWIDTH_IN:'
> > LOG        all  --  anywhere             anywhere            LOG level
> debug
> > prefix `BANDWIDTH_OUT:'
> > LOG        all  --  anywhere             anywhere            LOG level
> debug
> > prefix `BANDWIDTH_IN:'
> > RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> >
> > Chain OUTPUT (policy ACCEPT)
> > target     prot opt source               destination
> > LOG        all  --  anywhere             anywhere            LOG level
> debug
> > prefix `BANDWIDTH_OUT:'
> > LOG        all  --  anywhere             anywhere            LOG level
> debug
> > prefix `BANDWIDTH_OUT:'
> >
> > Chain RH-Firewall-1-INPUT (2 references)
> > target     prot opt source               destination
> > ACCEPT     all  --  anywhere             anywhere
> > ACCEPT     all  --  anywhere             anywhere
> > ACCEPT     icmp --  anywhere             anywhere            icmp any
> > ACCEPT     ipv6-crypt--  anywhere             anywhere
> > ACCEPT     ipv6-auth--  anywhere             anywhere
> > ACCEPT     udp  --  anywhere             224.0.0.251         udp
> dpt:5353
> > ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
> > ACCEPT     udp  --  anywhere             anywhere            udp
> dpt:domain
> > ACCEPT     all  --  anywhere             anywhere            state
> > RELATED,ESTABLISHED
> > ACCEPT     tcp  --  anywhere             anywhere            state NEW
> tcp
> > dpt:webcache
> > ACCEPT     tcp  --  anywhere             anywhere            state NEW
> tcp
> > dpt:https
> > ACCEPT     tcp  --  anywhere             anywhere            state NEW
> tcp
> > dpt:ssh
> > ACCEPT     tcp  --  anywhere             anywhere            tcp
> dpt:http
> > state NEW
> > REJECT     all  --  anywhere             anywhere            reject-with
> > icmp-host-prohibited
> >
> > Any thoughts?  Is there a HOW-TO out there somewhere for setting up a
> box
> > with dual nics?
> >
> > Thanks
> > -Jason
> >
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20060413/8eb743f6/attachment.html>

More information about the LUG mailing list