Hi list, I'm asking here because it is last resource. I already tried a lot of configurations and I really don't know how to solve this problem. I installed a Linux box (Debian 3.0, kernel 2.4.19) with 4 network interfaces: eth0 with 192.168/24 address (intranet); eth1 with 10/24 address (DMZ); eth2 with 200/24 address (link 1 - default); eth3 with 200/24 address too (link 2 - ADSL - just for non specific traffic). Everything was working properly, including source routing rules and SNAT/DNAT translations. So I started the 2d phase, migrating servers from link eth2 to DMZ on link eth1. No problems during some days, but now I seeing a lot of weird behaviors. Interface eth2 has 4/5 address for while. Some of them are reachable, some not, i.e., I just can ping some address while some others not. Using tcpdump, I can see icmp packets arriving, but no response from the server. Resetting switch works for some time, allowing all IP to be reachable, but after a time (minutes, hours or, even, days) some IPs just stops. I already tried to get firewall down, but it didn't solve the problem, so I'm believing the problem is with layer 2 and internal routing. My iproute rules follows below: ip route add default via 200.1.7.1 table dmznet ip rule add from 192.168.0.0/24 table dmznet ip route add 192.168.0.0/24 via 192.168.0.254 table dmznet ip rule add from 200.1.7.0/26 table dmznet ip addr add 200.2.8.3/26 dev eth2 ip addr add 200.2.8.4/26 dev eth2 ip addr add 200.2.8.5/26 dev eth2 ip addr add 200.2.8.15/26 dev eth2 ip rule add from 192.168.0.0/24 to 200.2.8.0/26 table dmznet ip route add 200.2.8.0/26 via 200.2.8.20 table dmznet ip route add 10.0.0.0/24 via 10.0.0.254 table dmznet ip rule add from 10.0.0.11/32 table dmznet Looking with tcpdump, I can see this: cramulhao:~# tcpdump -i any not port 22 and host 200.2.2.68 -n tcpdump: listening on any 17:18:51.305577 200.2.2.68 > 200.2.8.20: icmp: echo request (DF) 17:18:51.305735 200.2.8.20 > 200.2.2.68: icmp: echo reply 17:18:56.933199 200.2.2.68 > 200.2.8.3: icmp: echo request (DF) 17:19:08.595382 200.2.2.68 > 200.2.8.4: icmp: echo request (DF) 17:19:23.298808 200.2.2.68 > 200.2.8.5: icmp: echo request (DF) 17:19:23.298954 200.2.8.5 > 200.2.2.68: icmp: echo reply As anyone can see, IPs ending with 3 and 4 are not responding. Have anyone a clue about what is happening? Thanks and BR's -- Hélio Alexandre Lopes Loureiro [helio.loureiro@edb.ericsson.se] Regional Software Supply & Integration South America Tel.: + 55 11 6224-1795 Public Key ID: FB5972D1@http://search.keyserver.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
