FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian ISP

 
 
LinkBack Thread Tools
 
Old 04-14-2008, 04:51 AM
Turbo Fredriksson
 
Default Weird routing problem

[I've tried the fedora-xen list by got no answer.]
[Since this is/might be a generic routing issue, I try here to.]


I have two physical hosts (Correo and Alexander), running two XEN
instances on one of them (Ferrari and Amarillo on Correo) and one
on the other (Graham on Alexander)...

Picture at http://bayour.com/misc/VoIP.jpg.


On the firewall/gateway (192.168.1.1) I route 192.168.3.0/24 to Correo
(192.168.1.7) and 192.168.4.0/24 to Alexander (192.168.1.6). This so
that I can access the XEN hosts from the internal network. Very basic...

And all my VoIP phones is on it's (about to be on a) separate network
with the firewall/gateway as default gateway.


On Alexander:
=============
* /etc/xen/graham.cfg
kernel = '/boot/vmlinuz-2.6.18-5-xen-amd64'
ramdisk = '/boot/initrd.img-2.6.18-5-xen-amd64'
memory = '2500'
root = '/dev/sda1 ro'
disk = [ 'file:/home/xen/domains/graham/disk.img,sda1,w', 'file:/home/xen/domains/graham/swap.img,sda2,w' ]
name = 'graham'
vif = [ 'ip=192.168.4.11' ]
on_poweroff = 'destroy'
on_reboot = 'restart'
on_crash = 'restart'

* /etc/xen/xend-config.sxp
(xend-http-server yes)
(xend-unix-server yes)
(xend-tcp-xmlrpc-server no)
(xend-unix-xmlrpc-server yes)
(xend-relocation-server yes)
(xend-unix-path /var/lib/xend/xend-socket)
(xend-port 8000)
(xend-relocation-port 8002)
(xend-address 'alexander')
(xend-relocation-address 'alexander')
(console-limit 1024)
(network-script network-route)
(vif-script vif-route)
(dom0-min-mem 196)
(dom0-cpus 2)
(enable-dump yes)
(vnc-listen '0.0.0.0')

* ifconfig (trimmed - only 'lo' if removed)
eth0 Link encap:Ethernet HWaddr 00:1C:23:C4:28:92
inet addr:192.168.1.6 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::21c:23ff:fec4:2892/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

eth0:0 Link encap:Ethernet HWaddr 00:1C:23:C4:28:92
inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

vif5.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet addr:192.168.1.6 Bcast:192.168.1.255 Mask:255.255.255.255
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

* route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.11 0.0.0.0 255.255.255.255 UH 0 0 0 vif5.0
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

* iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- 192.168.4.11 0.0.0.0/0 PHYSDEV match --physdev-in vif5.0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vif5.0 udp spt:68 dpt:67

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

* iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

On Graham:
==========
* ifconfig (trimmed - only 'lo' if removed)
eth0 Link encap:Ethernet HWaddr 00:16:3E:00:AB:28
inet addr:192.168.4.11 Bcast:192.168.4.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

* route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.4.1 0.0.0.0 UG 0 0 0 eth0

* iptables -L -n
FATAL: Could not load /lib/modules/2.6.18-5-xen-amd64/modules.dep: No such file or directory
iptables v1.3.6: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Correo with the XEN hosts Ferrari and Amarillo basically look identical (only different
networks).

As seen, I do NOT use NAT here. I wanted to use true routed network... And it seems to work.
My primary Asterisk server (the one that do all the routing - the one on Alexander only deals
with the PSTN trafik) runs on Graham and it can be accessed from the outside - with port
forwarding on the firewall/gateway and it can also contact external Asterisk servers (I run
one at home to deal with my private VoIP).


The DNS runs on Correo, but it can not be reached (queried) from Graham!

----- s n i p -----
graham# ping -c 5 correo
ping: unknown host correo

graham# ping -c 5 192.168.1.7
PING 192.168.1.7 (192.168.1.7) 56(84) bytes of data.
64 bytes from 192.168.1.7: icmp_seq=1 ttl=62 time=0.270 ms
64 bytes from 192.168.1.7: icmp_seq=2 ttl=62 time=0.260 ms
64 bytes from 192.168.1.7: icmp_seq=3 ttl=62 time=0.264 ms
64 bytes from 192.168.1.7: icmp_seq=4 ttl=62 time=0.273 ms
64 bytes from 192.168.1.7: icmp_seq=5 ttl=62 time=0.257 ms

--- 192.168.1.7 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4000ms
rtt min/avg/max/mdev = 0.257/0.264/0.273/0.021 ms

graham# traceroute -n 192.168.1.7
traceroute to 192.168.1.7 (192.168.1.7), 30 hops max, 52 byte packets
1 192.168.1.6 0.285 ms 0.091 ms 0.090 ms
2 192.168.1.7 0.323 ms 0.262 ms 0.258 ms

graham# telnet 192.168.1.7 53
Trying 192.168.1.7...
Connected to 192.168.1.7.
Escape character is '^]'.
correo
Connection closed by foreign host.

graham# host graham 192.168.1.7
;; reply from unexpected source: 192.168.1.1#53, expected 192.168.1.7#53
;; reply from unexpected source: 192.168.1.1#53, expected 192.168.1.7#53
;; connection timed out; no servers could be reached
----- s n i p -----

Also, scp or ssh FROM Graham to Correo don't work, but the other way
around works fine...


Looking at the answer that 'host' gave me, I now see that the connection
goes via the firewall/gateway which is not directly obvious - Alexander
(which is Graham's default GW) is on the same network as Correo...


PS. I solved this specific DNS problem with a caching DNS server on
Alexander, but scp/ssh (etc) naturally still don't work because
of this weird problem... I just can't see it! Maybe a set of
(many extra eyes can... Thanx!


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-14-2008, 06:24 AM
NN_il_Confusionario
 
Default Weird routing problem

On Mon, Apr 14, 2008 at 06:51:06AM +0200, Turbo Fredriksson wrote:
> On Alexander:
> inet addr:192.168.1.6 Bcast:192.168.1.255 Mask:255.255.255.0
> inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0
> inet addr:192.168.1.6 Bcast:192.168.1.255 Mask:255.255.255.255

two interfaces with the same ip and different netmasks ?

> On Graham:
> inet addr:192.168.4.11 Bcast:192.168.4.255 Mask:255.255.255.0
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 0.0.0.0 192.168.4.1 0.0.0.0 UG 0 0 0 eth0
> * iptables -L -n
> FATAL: Could not load /lib/modules/2.6.18-5-xen-amd64/modules.dep: No such file or directory

I know absolutely nothing about xen, asterisk, vif.

But I would use iptraf, tcpdump or something on the gateway Alexander
and double check its routing and iptables rules. Also logging every
dropped/rejected packet on every host, and looking at logs might help.

Also, iptables-save is a better way to look at active iptables rules (but
clearly on Graham it will not change the FATAL output).

--
Chi usa software non libero avvelena anche te. Digli di smettere.
Informatica=arsenico: minime dosi in rari casi patologici, altrimenti letale.
Informatica=bomba: intelligente solo per gli stupidi che ci credono.


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 04:36 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org