Hallo Zusammen,
habe ein wirklich fieses Problem auf der Arbeit, welches ich euch gerne erläutern würde, da ich hoffe, das jemand von Euch dazu etwas vielleicht einfällt.
Folgendes Problem: Auf ein echo request (gesendet von Server1) an eine IP eines Server2, erfolgt keine echo reply, obwohl der request im System eintrifft.
Dies Verhalten besteht auch bei geleerten ip-table-chains (shorewall clean).
Ping lokal auf den virtuellen Interfaces auf Server2 funktioniert erwartungsgemäß.
Ein cat /proc/sys/net/ipv*/icmp_echo_ignore_all auf Server2 ergibt 0.
Danke im Voraus für eure Mühe und die besten Grüße
Benjamin Casa
Folgend ein paar Auszüge von Konfigurationsdateien und Logs:
// interfaces server2
root@server2:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address xx.xx.164.82
netmask 255.255.255.240
network xx.xx.164.80
broadcast xx.xx.164.95
gateway xx.xx.164.81
dns-search domain.tld
auto eth0:0
iface eth0:0 inet static
address xx.xx.164.83
netmask 255.255.255.240
network xx.xx.164.80
broadcast xx.xx.164.95
auto eth0:1
iface eth0:1 inet static
address xx.xx.164.84
netmask 255.255.255.240
network xx.xx.164.80
broadcast xx.xx.164.95
#auto eth0:2
iface eth0:2 inet static
address xx.xx.164.85
netmask 255.255.255.240
network xx.xx.164.80
broadcast xx.xx.164.95
#auto eth0:3
iface eth0:3 inet static
address xx.xx.164.86
netmask 255.255.255.240
network xx.xx.164.80
broadcast xx.xx.164.95
#auto eth0:4
iface eth0:4 inet static
address xx.xx.164.87
netmask 255.255.255.240
network xx.xx.164.80
broadcast xx.xx.164.95
#auto eth0:5
iface eth0:5 inet static
address xx.xx.164.88
netmask 255.255.255.240
network xx.xx.164.80
broadcast xx.xx.164.95
#auto eth0:6
iface eth0:6 inet static
address xx.xx.164.89
netmask 255.255.255.240
network xx.xx.164.80
broadcast xx.xx.164.95
#auto eth0:7
iface eth0:7 inet static
address xx.xx.164.90
netmask 255.255.255.240
network xx.xx.164.80
broadcast xx.xx.164.95
auto eth0:8
iface eth0:8 inet static
address xx.xx.164.91
netmask 255.255.255.240
network xx.xx.164.80
broadcast xx.xx.164.95
auto eth0:9
iface eth0:9 inet static
address xx.xx.164.92
netmask 255.255.255.240
network xx.xx.164.80
broadcast xx.xx.164.95
auto eth0:10
iface eth0:10 inet static
address xx.xx.164.93
netmask 255.255.255.240
network xx.xx.164.80
broadcast xx.xx.164.95
auto eth0:11
iface eth0:11 inet static
address xx.xx.164.94
netmask 255.255.255.240
network xx.xx.164.80
broadcast xx.xx.164.95
// ifconfig von server2
root@server2:~# ifconfig
eth0 Protokoll:Ethernet Hardware Adresse 00:xx:xx:xx:xx:00
inet Adresse:xx.xx.164.82 Bcast:xx.xx.164.95 Maske:255.255.255.240
inet6 Adresse: fe80::xxxx:xxxx:xxxx:c00/64 Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:98353257 errors:0 dropped:0 overruns:0 frame:0
TX packets:6732426 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:1000
RX bytes:2816903543 (2.6 GiB) TX bytes:1027636319 (980.0 MiB)
Interrupt:22 Basisadresse:0x4c00
eth0:0 Protokoll:Ethernet Hardware Adresse 00:xx:xx:xx:xx:00
inet Adresse:xx.xx.164.83 Bcast:xx.xx.164.95 Maske:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:22 Basisadresse:0x4c00
eth0:1 Protokoll:Ethernet Hardware Adresse 00:xx:xx:xx:xx:00
inet Adresse:xx.xx.164.84 Bcast:xx.xx.164.95 Maske:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:22 Basisadresse:0x4c00
eth0:8 Protokoll:Ethernet Hardware Adresse 00:xx:xx:xx:xx:00
inet Adresse:xx.xx.164.91 Bcast:xx.xx.164.95 Maske:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:22 Basisadresse:0x4c00
eth0:9 Protokoll:Ethernet Hardware Adresse 00:xx:xx:xx:xx:00
inet Adresse:xx.xx.164.92 Bcast:xx.xx.164.95 Maske:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:22 Basisadresse:0x4c00
eth0:10 Protokoll:Ethernet Hardware Adresse 00:xx:xx:xx:xx:00
inet Adresse:xx.xx.164.93 Bcast:xx.xx.164.95 Maske:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:22 Basisadresse:0x4c00
eth0:11 Protokoll:Ethernet Hardware Adresse 00:xx:xx:xx:xx:00
inet Adresse:xx.xx.164.94 Bcast:xx.xx.164.95 Maske:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:22 Basisadresse:0x4c00
lo Protokoll:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6 Adresse: ::1/128 Gültigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:16415596 errors:0 dropped:0 overruns:0 frame:0
TX packets:16415596 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX bytes:3954625213 (3.6 GiB) TX bytes:3954625213 (3.6 GiB)
// route -n server2
root@server2:/etc/network# route -n
Kernel IP Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
xx.xx.164.80 0.0.0.0 255.255.255.240 U 0 0 0 eth0
0.0.0.0 xx.xx.164.81 0.0.0.0 UG 0 0 0 eth0
// ping von Server1
[root@server1:~]$ for i in 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 ; do ping xx.xx.164.$i -w 1 ; done
PING xx.xx.164.81 (xx.xx.164.81) 56(84) bytes of data.
64 bytes from xx.xx.164.81: icmp_seq=1 ttl=252 time=10.0 ms
--- xx.xx.164.81 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 10.038/10.038/10.038/0.000 ms
PING xx.xx.164.82 (xx.xx.164.82) 56(84) bytes of data.
64 bytes from xx.xx.164.82: icmp_seq=1 ttl=60 time=9.77 ms
--- xx.xx.164.82 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 9.773/9.773/9.773/0.000 ms
PING xx.xx.164.83 (xx.xx.164.83) 56(84) bytes of data.
64 bytes from xx.xx.164.83: icmp_seq=1 ttl=60 time=9.72 ms
--- xx.xx.164.83 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 9.729/9.729/9.729/0.000 ms
PING xx.xx.164.84 (xx.xx.164.84) 56(84) bytes of data.
--- xx.xx.164.84 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
PING xx.xx.164.85 (xx.xx.164.85) 56(84) bytes of data.
--- xx.xx.164.85 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
PING xx.xx.164.86 (xx.xx.164.86) 56(84) bytes of data.
--- xx.xx.164.86 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
PING xx.xx.164.87 (xx.xx.164.87) 56(84) bytes of data.
--- xx.xx.164.87 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
PING xx.xx.164.88 (xx.xx.164.88) 56(84) bytes of data.
--- xx.xx.164.88 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
PING xx.xx.164.89 (xx.xx.164.89) 56(84) bytes of data.
--- xx.xx.164.89 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
PING xx.xx.164.90 (xx.xx.164.90) 56(84) bytes of data.
--- xx.xx.164.90 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
PING xx.xx.164.91 (xx.xx.164.91) 56(84) bytes of data.
--- xx.xx.164.91 ping statistics --- [11:54]
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
PING xx.xx.164.92 (xx.xx.164.92) 56(84) bytes of data.
--- xx.xx.164.92 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
PING xx.xx.164.93 (xx.xx.164.93) 56(84) bytes of data.
--- xx.xx.164.93 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
PING xx.xx.164.94 (xx.xx.164.94) 56(84) bytes of data.
--- xx.xx.164.94 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
PING xx.xx.164.95 (xx.xx.164.95) 56(84) bytes of data.
--- xx.xx.164.95 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
// tcpdump von Server2
root@server2:~# tcpdump -n -i eth0 | grep xx.xx.52.73
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:53:47.446792 IP xx.xx.52.73 > xx.xx.164.82: icmp 64: echo request seq 1
11:53:47.446826 IP xx.xx.164.82 > xx.xx.52.73: icmp 64: echo reply seq 1
11:53:48.450626 IP xx.xx.52.73 > xx.xx.164.83: icmp 64: echo request seq 1
11:53:48.450657 IP xx.xx.164.83 > xx.xx.52.73: icmp 64: echo reply seq 1
11:53:49.454626 IP xx.xx.52.73 > xx.xx.164.84: icmp 64: echo request seq 1
11:53:56.506412 IP xx.xx.52.73 > xx.xx.164.91: icmp 64: echo request seq 1
11:53:57.507129 IP xx.xx.52.73 > xx.xx.164.91: icmp 64: echo request seq 2
11:53:57.514440 IP xx.xx.52.73 > xx.xx.164.92: icmp 64: echo request seq 1
11:53:58.515070 IP xx.xx.52.73 > xx.xx.164.92: icmp 64: echo request seq 2
11:53:58.522185 IP xx.xx.52.73 > xx.xx.164.93: icmp 64: echo request seq 1
11:53:59.523003 IP xx.xx.52.73 > xx.xx.164.93: icmp 64: echo request seq 2
11:53:59.530211 IP xx.xx.52.73 > xx.xx.164.94: icmp 64: echo request seq 1
11:54:00.530997 IP xx.xx.52.73 > xx.xx.164.94: icmp 64: echo request seq 2