Multi homed proxy server

Ted Kaczmarek tedkaz at optonline.net
Sun Mar 6 15:27:40 UTC 2005 

On Sun, 2005-03-06 at 17:45 +0300, Kevin Plew wrote:
> Is your firewall dropping the packets?( tcpdump or ethereal to check )
> 
> No packets dropped- iptables -L show no rules
> 
> 
> > Is the DHCP server assigning the correct default gateways, dns info to
> > both subnets?( traceroute and dig )
> Yes
> 
> > Does traceroute from the proxy to a node with a problem go the correct
> > way?
> [root at newengland root]# traceroute -i eth1 10.10.11.50
> traceroute to 10.10.11.50 (10.10.11.50), 30 hops max, 38 byte packets
>  1  192.168.100.20 (192.168.100.20)  2999.097 ms !H  2998.952 ms !H 
> 2999.256 ms !H
> 
> 
> > Does a traceroute from node without a problem to the proxy go the correct
> > way?
> [root at newengland root]# traceroute -i eth0 10.10.11.50
> traceroute to 10.10.11.50 (10.10.11.50), 30 hops max, 38 byte packets
>  1  192.168.1.1 (192.168.1.1)  1.094 ms  0.980 ms  1.012 ms
>  2  10.11.57.1 (10.11.57.1)  5.609 ms  3.661 ms  6.266 ms
>  3  10.10.11.4 (10.10.11.4)  641.193 ms  567.180 ms  818.277 ms
>  4  10.10.11.50 (10.10.11.50)  550.474 ms  599.838 ms  572.665 ms

> 
> 
> > Is the proxy configured to allow access from the ip range in question?
> Proxy attached to eth0 ini file:
> The log files on the eth0 proxy are fine- eth1 shows no connection to
> 10.10.11.50
> Proxy attached to eth0 ini file:
> [shell]
> login=none
> 
> 
> [etcp_parameters]
> server_address=10.10.11.50:9200
> server_address=10.10.11.51:9200
> server_announcement_address=none
> max_receive_data_rate=4000000
> etcp_send_protocol=1
> local_udp_address=192.168.1.20
> external_udp_address=10.11.57.2
> 
> [logging]
> log_level=verbose
> 
> 
> [proxy_excludes]
> exclude=localhost
> 
> Proxy attached to eth1 ini file:
> [shell]
> login=none
> port=2617
> 
> [etcp_parameters]
> server_address=10.10.11.50:9200
> server_address=10.10.11.51:9200
> server_announcement_address=none
> max_receive_data_rate=4000000
> etcp_send_protocol=1
> local_udp_address=192.168.100.20
> external_udp_address=10.11.57.5
> http_listen_address=9302
> socks_listen_address=9303
> autoconfig_listen_address=9301
> 
> [logging]
> log_level=verbose
> 
> [proxy_excludes]
> exclude=localhost
> 
> other files
> [root at newengland tc-recv-AM]# netstat -nr
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window  irtt
> Iface
> 192.168.100.0   0.0.0.0         255.255.255.0   U         0 0          0 eth2
> 192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
> 10.10.11.0      192.168.1.1     255.255.255.0   UG        0 0          0 eth1
> 169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth2
What is 192.168.1.1? 

Below I see eth0 as 192.168.1.20 and above netstat show it as eth1 ?
Same for eth1, below is shows as 192.168.100.20 and above it shows as
eth2?
This is definetly not right, depending on what you have going on I would
suggest starting from scratch, draw yourself a little diagram, and
before you worry about the proxy piece, make sure that ALL the nodes can
ping each other.

Make sure your netsat and ifconfig info are sane, if 192.168.100.0 is
eth2 in netstat, that ifconfig eth2 should be 192.168.100.20.

> 
> [root at newengland tc-recv-AM]# ifconfig eth0
> eth0      Link encap:Ethernet  HWaddr 00:0F:B5:42:8E:1C
>           inet addr:192.168.1.20  Bcast:192.168.1.255  Mask:255.255.255.0
>           inet6 addr: fe80::20f:b5ff:fe42:8e1c/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:102163 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:59859 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:48961730 (46.6 Mb)  TX bytes:45213912 (43.1 Mb)
>           Interrupt:11 Base address:0xf000
> 
> [root at newengland tc-recv-AM]# ifconfig eth1
> eth1      Link encap:Ethernet  HWaddr 00:0F:B5:42:8F:34
>           inet addr:192.168.100.20  Bcast:192.168.100.255  Mask:255.255.255.0
>           inet6 addr: fe80::20f:b5ff:fe42:8f34/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:5848 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:6693 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:1550585 (1.4 Mb)  TX bytes:1494116 (1.4 Mb)
>           Interrupt:10 Base address:0x1000
> 
> 
> Thanks
> 
> Kevin
> 
A little ASCI drawing would be helpful, something like this you can use 
as a starting point.



--192.168.1.1--
      |
      |	
192.168.1.0/24----   ----192.168.100.0/24----
          |                |
          |                |   
     192.168.1.20   192.168.100.20
        eth1--newengland--eth2
this is suspect, as the ifconfig and netstat info for newengland
conflict.

Have no clue what that proxy config is, haven't used anything but squid
for many years now. Also, normally you don't want to pass -i to
traceroute. For this type of troubleshooting you want to see what the
kernel's rib table ( Routing Information Base ) is doing with the
packets, when you pass -i you force the interface which does not help in
troubleshooting any common setups.



>From the 10.10.11.50 do pings and traceroutes to 192.168.1.20 and to
192.168.100.20 and also from nodes sitting on the 192.168.1.0/24 and
192.168.100.0/24 you should be able to traceroute and ping 10.10.11.50. 

This should help you figure out you problem.

Ted

More information about the fedora-list mailing list