[lug] IPChains issue (I think)
Chip Atkinson
chip at pupman.com
Thu Apr 13 11:24:07 MDT 2006
What does ifconfig -a show? Do you have addresses for both interfaces?
I don't know about the high availability aspects of the dual nics, but in
"normal" operation, you need to have a separate IP for each interface.
Traffic is then sent to the interface with the corresponding IP.
Chip
On Thu, 13 Apr 2006, Jason Vallery wrote:
> Hey all,
>
> Wow, it's been years since I've posted to this list. I've just recently
> sort of rediscovered you all and have been actively lurking (versus passive
> where the mail was just queueing up in a folder I never read).
>
> Recently I just got some new hardware for one of the boxes I run. The new
> box (a 1U rack mount) has integrated dual nics and is running CentOS 4.3 (
> 2.6.9-34.106.unsupportedsmp). I decided I wanted to take advantage of the
> redundancy dual nics offers me however I'm not really clear on how things
> should be setup. This box only does WWW and DNS serving so these along with
> SSH are the only services I run. I've got IPChains setup to reject all
> traffic except these core 3 services. My dual nics are configured with
> static IP addresses. For some reason however, only traffic pointed at eth0
> ever accesses the services on this box. The traffic on eth1 never
> connects. The symptoms indicate an IPChains issue, however looking at the
> rules I don't see anything that would cause this problem.
>
> Here is the output of "iptables -L"
>
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> LOG all -- anywhere anywhere LOG level debug
> prefix `BANDWIDTH_IN:'
> LOG all -- anywhere anywhere LOG level debug
> prefix `BANDWIDTH_IN:'
> RH-Firewall-1-INPUT all -- anywhere anywhere
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> LOG all -- anywhere anywhere LOG level debug
> prefix `BANDWIDTH_OUT:'
> LOG all -- anywhere anywhere LOG level debug
> prefix `BANDWIDTH_IN:'
> LOG all -- anywhere anywhere LOG level debug
> prefix `BANDWIDTH_OUT:'
> LOG all -- anywhere anywhere LOG level debug
> prefix `BANDWIDTH_IN:'
> RH-Firewall-1-INPUT all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> LOG all -- anywhere anywhere LOG level debug
> prefix `BANDWIDTH_OUT:'
> LOG all -- anywhere anywhere LOG level debug
> prefix `BANDWIDTH_OUT:'
>
> Chain RH-Firewall-1-INPUT (2 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT icmp -- anywhere anywhere icmp any
> ACCEPT ipv6-crypt-- anywhere anywhere
> ACCEPT ipv6-auth-- anywhere anywhere
> ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
> ACCEPT udp -- anywhere anywhere udp dpt:ipp
> ACCEPT udp -- anywhere anywhere udp dpt:domain
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT tcp -- anywhere anywhere state NEW tcp
> dpt:webcache
> ACCEPT tcp -- anywhere anywhere state NEW tcp
> dpt:https
> ACCEPT tcp -- anywhere anywhere state NEW tcp
> dpt:ssh
> ACCEPT tcp -- anywhere anywhere tcp dpt:http
> state NEW
> REJECT all -- anywhere anywhere reject-with
> icmp-host-prohibited
>
> Any thoughts? Is there a HOW-TO out there somewhere for setting up a box
> with dual nics?
>
> Thanks
> -Jason
>
More information about the LUG
mailing list