On 6/13/2011 3:01 PM, m.roth@xxxxxxxxx wrote:
> Les Mikesell wrote:
>> On 6/13/2011 1:02 PM, m.roth@xxxxxxxxx wrote:
>>> We just went to replace the bridge/firewall services one one server with
>>> the same on another. It's pretty simple, and I literally cloned (w/
>>> rsync) a third server that does this onto the one that will be the new
>>> one.Then
>>> copied the /etc/sysconfig/iptables from the one being replaced, and
>>> brought it up this morning.
>>>
>>> Nope. We had to put everything back the way it was.
>>>
>>> The new one sees the two or three servers behind the firewall, and we
>>> can ping them, from the new box. On one, we see IPP broadcasts; in fact,
>>> we
>>> see lots of broadcast packets using tcpdump. From outside, though, you
>>> can't see the servers. Trying to ping them, they see nothing. It seems
>>> to be the case that tcp and icmp packets are blocked, and we can't figure
>>> out why.
> <snip>
>> Are the HWADDR= entries fixed up to match the actual hardware after the
>> copy? And does ifconfig show that your config actually set up what you
>> expected? CentOS isn't very predictable in terms of which NIC gets
>> which interface name.
>
> Yes. And I made sure of that, before we started this excersize. (And my
> manager asked the same question - he's one of us, you see, *not* a PHB)
I missed that 'from outside' part before. If that means on the other
side of a router, note that routers generally have a 20 minute arp cache
so when you move the IP to a different MAC address you either have to
wait a long time or log into the router and 'clear arp' before things
will work again. There's probably a way to make the interface send a
gratuitous arp that the router will catch, but I don't know it off the
top of my head.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
