Reputation: 12854
strange routing on one of local network servers
I have 2 local networks (2 offices connected with openvpn)
Network 1:
network 192.168.1.0/24
gateway 192.168.1.101
Network 2:
network 192.168.2.0/24
gateway 192.168.2.10
in network 192.168.1.0/24 I have 2 servers - 192.168.1.180 and 192.168.1.183 first run on Debian 6 and second one on Archlinux (yes, I know it is bad choice for servers). I have no firewall on the servers.
everything works fine, clients from 192.168.2.0 can connect to computers in 192.168.1.0 and back. Except one of servers - 192.168.1.180 (Archlinux). I can't connect to it and can't connect from it to any computer in 192.168.2.0. No ping, no traceroute.
output from 192.168.1.180:
route -n
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.101 0.0.0.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
i run tcpdump on the gateway (192.168.1.101) and ping on 192.168.1.180 and get this:
tcpdump src 192.168.1.180
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:23:57.354061 arp who-has 172.19.155.1 tell 192.168.1.180
14:23:58.357354 arp who-has 172.19.155.1 tell 192.168.1.180
...
why it looks for 172.19.155.1? I don't know what this strange IP means. I have no networks like this, no GW, nothing. if I run ping on all other computer (for example ping from 192.168.1.183) I get:
tcpdump icmp
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:29:36.834731 IP 192.168.1.183 > 192.168.2.10: ICMP echo request, id 3216, seq 1, length 64
14:29:36.956211 IP 192.168.2.10 > 192.168.1.183: ICMP echo reply, id 3216, seq 1, length 64
No one looks for this strange IP except 192.168.1.180. I cleaned arp table on 192.168.1.180 but nothing helps.
Upvotes: 2
Views: 461
Answers (3)
Reputation: 12854
I've solved the problem. Not really solved, but at least it works now. The server must work 24/7 but it was my last chance and I rebooted it )) All work was stopped for 30 min but it was worthy of it.
I really don't understand wat happened with it. Some mystic problem.
Upvotes: 0
Reputation: 1236
Things I would do/check:
- Make absolutely sure that I don't have a second interface going somewhere (
ifconfig -ashould do it) - I know, it's unlikely... but any chance a routing protocol is enabled on that server? You would see the routes in your routing table, though... which I understand is not the case.
- Run a grep on /etc and wherever you have config files for 172.19.55.1
Just my 2c.
Upvotes: 0
Reputation: 1146
it looks like you have a default gw configuration exists on your server x.180/24 which points to 172.19.155.1. So, the server assumes all the traffic has to go via 172.19.155.1 and trying to resolve the gw. Look for a default gw configuration in your system, something like this
0.0.0.0 0.0.0.0 172.19.155.1
use ip route xxx
You are able to see the packets in x.101/24 because it is an ARP request, which is broadcast MAC and you will see it on all directly connected devices.
Upvotes: 1
Related Questions
- Strange IP packet analysis?
- Traceroute: Is the path same for all the probe packets sent?
- No route to host within internal network until I ping source machine from destination
- Ping via linux routing table not working [OR] how is this expected?
- Traceroute: Can it trace a path from A to B correctly?
- Why ping receives another ping command packet?
- Route command output
- Destination host unreachable
- source of ping in kernel
- Traceroute : why my packets travel around the world?