Connectivity question

Home Page Forums Network Management Networking Connectivity question

This topic contains 4 replies, has 0 voices, and was last updated by  ssanders 9 years, 5 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #41893

    ssanders
    Member

    I have a virtual Zeroshell router configured with ETH00 and ETH01. ETH00 has a public external IP address and ETH01 has a private internal address. I have three virtual servers on the same internal subnet as the ETH01 internal address. When one of these internal servers initially attempts to use the Zeroshell server as their gateway, they get no response. I attempt to ping the ETH01 interface from the virtual servers and get no response. If I ping FROM the Zeroshell console or web interface to one of the internal servers first, then that internal server can now see and get responses from the Zeroshell ETH01 interface and use it as a gateway.

    Example:
    1) I boot up Zeroshell with ETH00 Public IP of 1.2.3.4 and ETH01 private IP of 192.168.100.254
    2) I boot up virtual server on same subnet with IP of 192.168.100.100
    3) Virtual server unable to get response when it pings 192.168.100.254 or tries to browse the internet.
    4) I ping 192.168.100.100 FROM Zeroshell successfully with no problems.
    5) Now that virtual server is able to get ping responses from the Zeroshell ETH01 interface without problems while the others still don’t get responses from the Zeroshell ETH01 interface.

    I set up a script on the Zeroshell console to ping the virtual servers every 60 seconds to establish and maintain connectivity, but I’d like to figure out what the root problem is instead of using the ping workaround.
    Any ideas?

    #48698

    ppalias
    Member

    This thing is not normal and should not happen. I sense that there is a problem with your firewall, especially the part of the “established” connections. Could you post here the rules you use?
    Also make sure the netmask you use is correct on both ZS and servers.

    #48699

    ssanders
    Member

    I have no firewalls rules established, I’m using the default rules that zeroshell installs with as it is only being used as a router and VPN concentrator. Also, the netmasks are correct for all systems on the internal subnet (255.255.255.0). I have checked both the router and the virtual servers.

    One other thing that might help troubleshoot is that all of these systems are running on host-only networks on VMWare Server 2.0, on Ubuntu 9.04. However all of the virtual servers can ping each other and the host within the host-only internal network without any problems, only the Zeroshell virtual image does not respond until it sends out the first ping. The Zeroshell router is bridged to an external ethernet interface and provides external connectivity (gateway) and VPN access to the host only network.

    Could this be ARP related?

    #48700

    ppalias
    Member

    Try to connect another pc instead of a ZS, preferably with Windows OS. Try to see if the ping problem still exists so we can narrow down the number of possible causes.
    This could be arp related and I feel it has to do with the virtual server.

    #48701

    ssanders
    Member

    Thanks for the response.

    The virtual servers can all ping each other and the host IP on the internal subnet without problems as soon as they boot up, in fact, file shares and SQL connections between them work without a problem. They all seem to exhibit the same inability to access the internet through the virtual zeroshell router or ping the zeroshell router until it pings them first.

    I’m also wondering if this has something to do with my system for duplicating the environments for testing, which is to just copy all of the vmware files, connect them to a new virtual subnet and change the virtual IP addresses on the systems after they boot up to match the new subnet. Could there be a cached ARP table staying resident between boots somehow?

    #48702

    ppalias
    Member

    You can verify if there are invalid arp entries with the “arp -a” command.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.