strange routing on one of local network servers - linux

I have 2 local networks (2 offices connected with openvpn)
Network 1:
network 192.168.1.0/24
gateway 192.168.1.101
Network 2:
network 192.168.2.0/24
gateway 192.168.2.10
in network 192.168.1.0/24 I have 2 servers - 192.168.1.180 and 192.168.1.183
first run on Debian 6 and second one on Archlinux (yes, I know it is bad choice for servers). I have no firewall on the servers.
everything works fine, clients from 192.168.2.0 can connect to computers in 192.168.1.0 and back. Except one of servers - 192.168.1.180 (Archlinux). I can't connect to it and can't connect from it to any computer in 192.168.2.0. No ping, no traceroute.
output from 192.168.1.180:
route -n
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.101 0.0.0.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
i run tcpdump on the gateway (192.168.1.101) and ping on 192.168.1.180 and get this:
tcpdump src 192.168.1.180
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:23:57.354061 arp who-has 172.19.155.1 tell 192.168.1.180
14:23:58.357354 arp who-has 172.19.155.1 tell 192.168.1.180
...
why it looks for 172.19.155.1? I don't know what this strange IP means. I have no networks like this, no GW, nothing.
if I run ping on all other computer (for example ping from 192.168.1.183) I get:
tcpdump icmp
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:29:36.834731 IP 192.168.1.183 > 192.168.2.10: ICMP echo request, id 3216, seq 1, length 64
14:29:36.956211 IP 192.168.2.10 > 192.168.1.183: ICMP echo reply, id 3216, seq 1, length 64
No one looks for this strange IP except 192.168.1.180. I cleaned arp table on 192.168.1.180 but nothing helps.

it looks like you have a default gw configuration exists on your server x.180/24 which points to 172.19.155.1. So, the server assumes all the traffic has to go via 172.19.155.1 and trying to resolve the gw. Look for a default gw configuration in your system, something like this
0.0.0.0 0.0.0.0 172.19.155.1
use ip route xxx
You are able to see the packets in x.101/24 because it is an ARP request, which is broadcast MAC and you will see it on all directly connected devices.

Things I would do/check:
Make absolutely sure that I don't have a second interface going somewhere (ifconfig -a should do it)
I know, it's unlikely... but any chance a routing protocol is enabled on that server? You would see the routes in your routing table, though... which I understand is not the case.
Run a grep on /etc and wherever you have config files for 172.19.55.1
Just my 2c.

I've solved the problem. Not really solved, but at least it works now. The server must work 24/7 but it was my last chance and I rebooted it )) All work was stopped for 30 min but it was worthy of it.
I really don't understand wat happened with it. Some mystic problem.

Related

dnsmasq forwards queries to 2 servers instead of 1

I'm having a small issue with dnsmsasq on debian-jessie, it seems to forward incoming DNS queries to 2 ports instead of 1.
Background:
Runs on a machine whose LAN IP is 192.168.0.10. Sits behind a home router. The home router is configured to forward DNS traffic to 192.168.0.10. That part works, I do see incoming traffic from the LAN onto this machine.
dnsmasq configuration:
>cat /etc/dnsmasq.conf | grep -v ^# | grep -v ^\s*$
domain-needed
bogus-priv
server=127.0.0.1#5053
cache-size=10000
My resolv.conf tells local processes to send DNS queries to dnsmasq
>cat /etc/resolv.conf
# Generated by resolvconf
nameserver 127.0.0.1
And dnsmasq, if it can't answer from its cache, then forwards incoming DNS traffic to another service running locally and listening on port 5053 via the server=127.0.0.1#5053 config. That service is something I build myself and it does not forward DNS queries to 8.8.8.8
This works but not the way I intended. DNS queries get answered properly. As expected, port 5053 shows traffic and even provides answers (though slower than GoogleDNS)
>tcpdump -l -n -i any '(port 5053) and (port 53)'
13:57:53.817522 IP 127.0.0.1.47207 > 127.0.0.1.53: 7494+ [1au] A? www.example.com. (44) # dnsmasq receives a query from `dig www.example.com` running locally
13:57:53.818609 IP 127.0.0.1.5258 > 127.0.0.1.5053: UDP, length 44 # dnsmasq forwards to local DNS Server listening on 5053
13:57:53.818970 IP 192.168.0.10.5258 > 8.8.8.8.53: 50849+ [1au] A? www.example.com. (44) # dnsmasq forwards to 8.8.8.8 on port 53 (Google DNS)
13:57:53.862170 IP 8.8.8.8.53 > 192.168.0.10.5258: 50849$ 1/0/1 A 93.184.216.34 (60) # dnsmasq receives answer from 8.8.8.8
13:57:53.862559 IP 127.0.0.1.53 > 127.0.0.1.47207: 7494 1/0/1 A 93.184.216.34 (60) # dnsmasq forwards answer to dig running locally
13:57:53.980238 IP 127.0.0.1.5053 > 127.0.0.1.5258: UDP, length 49 # dnsmasq receives answer from local DNS Server
So it appears dnsmasq tee's DNS queries to both
127.0.0.1 on port 5053, and almost immediately after also forwards to
8.8.8.8 on port 53
Why, what's wrong with my dnsmasq configuration, I expected traffic only on port 5053?
And where is that 8.8.8.8 coming from. Yes I know that's Google DNS, but where is dnsmasq or linux getting that IP from and which config file can I edit to change that?
>grep -r 8\.8\.8\.8 /etc/*.conf
returns nothing.

Why linux route config failed with two NIC in redundancy (Primary/secondary)?

I've two nic (eth0/eth1) sending data to a router.
Only one is sending data at a time. I also need a static conf that doesn't change regarding if the NIC are up/down.
If I down eth0, I expect eth1 to make the job.
But destroying eth0 destroy also my default route to the router. So I'm done.
Adding 2 default route seem to work by hand, but I don't want this solution.
So I've tried to add "full" route for eth0 and eth1?
By hand it work but I failed to add them in route-eth0 and route-eth1.
$cat route-eth0
178.12.34.240 via 10.0.10.1 dev eth0
$cat route-eth1
178.12.34.240 via 10.0.10.1 dev eth1
$service network restart
...
Bringing up interface eth1:
Determining IP information for eth1... done.
RTNETLINK answers: File exists
...
$route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
178.12.34.240 10.00.10.1 255.255.255.255 UGH 0 0 0 eth0
...
As you can see route for eth1 failed to be applied. For sure because of the File exist error.
Question:
What is the conf to set to always have correct route whatever the NIC are up or down.
Or another best practice ? What about VIP?
Yes, Ron metric is the answer. But I did it on a static route.
It seems having several default route should be banned.
$cat route-eth0
178.12.34.240 via 10.0.10.1 metric 1 dev eth0
$cat route-eth1
178.12.34.240 via 10.0.10.1 metric 2 dev eth1

Linux port blocked - This site can't be reached, refused to connect

I set my linux as an access point, and then run simple web-server that print "hello world" at port 3000.
and connect it with my smart phone successfully.
in linux terminal, http://localhost:3000 works well.
But in smart phone,
If I access to http://172.24.1.105:3000, can't connect to it. (172.24... is ap's ip)
the chrome's error message is
This site can't be reached. 172.24.1.105 refused to connect
I searched Google (https://serverfault.com/questions/725262/what-causes-the-connection-refused-message) and I suspicious linux's firewall.
pi#raspberrypi:~/prj/ap_server $ sudo tcpdump -n icmp
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
... when I access to port 3000,
15:07:13.102750 IP 192.168.0.3 > 168.126.63.2: ICMP 192.168.0.3 udp port 42531 unreachable, length 386
the log is above. so I couldn't reach ap's webserver.
so I wonder two things...
1. How can I disable to its port block?
2. in tcpdump log, I access to port 3000 actually, why the log print port 42531?
Plus)
even I type sudo service iptables stop, the problem is not solved
sudo netstat -ntlp | grep 3000 logs:
**tcp6 0 0 :::3000 :::* LISTEN 1999/nodejs**
+I followed this tutorial-> https://frillip.com/using-your-raspberry-pi-3-as-a-wifi-access-point-with-hostapd/ .
and there is ipv4 setting.
If you want to run it on your mobile it will work on Live IP (externel) address
if it is working fine on local address (localhost) and not on live IP then
enable routing from your router
and allow that specific port it will work fine.
I found the issue.
my dhcp set was
interface=wlan0 # Use interface wlan0
listen-address=172.24.1.1 # Explicitly specify the address to listen on
bind-interfaces # Bind to the interface to make sure we aren't sending things elsewhere
server=8.8.8.8 # Forward DNS requests to Google DNS
domain-needed # Don't forward short names
bogus-priv # Never forward addresses in the non-routed address spaces.
dhcp-range=172.24.1.50,172.24.1.150,12h # Assign IP addresses between 172.24.1.50 and 172.24.1.150 with a 12 hour lease time
like above.
I tried to connect the external ip(172.24.1.105) that I can see on mobile continuously but got failed. but when I tried with 172.24.1.1, then success.
I don't know why. maybe there is accurate ip address and something in mobile is temporal.
See similar topic at Node JS not listening to port 1337 on server
Your web server is not listening remote address.

Debian guest on VirtualBox with bridged adapter has no internet access

I have setup a Debian guest and I am messing around with it to learn more about VirtualBox, Debian, and later after that is done I'll be messing around with a NodeJS server on it.
After a while I noticed I couldn't do some things with it when I had a Bridged adapter setup for the VM. NPM would not install packages because it timed out. I tried running "w3m google.com" and even looked up google.com's ip to check for a DNS issue.
No matter what, I cannot connect to any form of internet. But I can ping anything just fine. I can ping google, npmjs.org, etc.
Thanks for the assistance.
Update: I have been working on this more today, Newer router, asus, I read that people were having issues with belkin routers with bridged adapters so I switched, the asus is new anyways.
The host is connected via ethernet wire.
The VM shows up on the router just fine, And I connect to that device with the IP given by the router just fine. but I still cannot connect to google.com or anything.
This is too long to explain in a comment. Below is how the bridged adapter works.
Yet, if you can ping from the guest debian that means some form of DHCP happened and you must have and IP (which is a different IP from the host machine). I'd check router configuration to see if you're not allowing/disallowing specific MACs and/or IPs from the usage of TCP/UDP protocols (that is a measure some people use on their routers).
Bridged adapter
A bridged adapter on VirtualBox simulates as if there was a bridge (well it is easier to think of this as a hub) on the cable connection to your (host) actual machine. Even if the connection is over wireless the simulation is similar.
For (almost) all purposes the guest (debian) and the router the host machine is connected to are connected directly. Have separate MAC, separate IP, they even give separate ARP requests.
router <---> host machine running VirtualBox
^
|
+-----> guest machine running Debian
This is done by sending packets with a different hardware address (you can configure the hardware address in the adapter).
You need to configure the guest system (Debian) to connect to the network as if it was a separate machine. For example, if you use a WPA connection from the host machine you need to configure WPA (including the username and password) in the guest machine.
I am not an expert, but after some research I could solve a similar problem. I have a Mac hosting a Debian server. I used Bridged Adapter on interface en0 in my Mac.
1) My Mac is running on 192.168.10.101. I know that because I run the command:
ifconfig -a
and the interface en0 shows that IP
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 6c:40:08:98:72:4c
inet6 fe80::6e40:8ff:fe98:724c%en0 prefixlen 64 scopeid 0x4
inet 192.168.10.101 netmask 0xffffff00 broadcast 192.168.10.255
2) Running netstat command at my Mac:
netstat -nr
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.10.1 UGSc 296 142 en0
I see that the Mac Gateway is on 192.168.10.1
3) Mac and Debian must be in the same segment as the Gateway, I mean 192.168.10.xxx. So I decided that my Debian must run on the static IP 192.168.10.115.
I edited /etc/network/interfaces file at my Debian server to look this way:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 192.168.10.115
netmask 255.255.255.0
gateway 192.168.10.1
dns-nameservers 8.8.8.8 192.168.10.1
Then I did ping from my Mac and ping from my Debian and they answered Ok. I also have access to internet from Debian, because I have the same Default Gateway as my Mac.
root#debian64:/home/myuser# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default TEW-711BR 0.0.0.0 UG 0 0 0 eth0
link-local * 255.255.0.0 U 1000 0 0 eth0
I hope it helps and if anybody have better explanations I would like to learn.

Cannot ping default gateway linux in vmware

I have a virtual network which is vmnet2 using the 10.0.2.0/24 network, I want my Linux server to be able to ping the default gateway.
I have set the Linux eth1 values to be
IPADDR="10.0.2.50"
NETMASK="255.255.255.0"
BOOTPROTO="none"
ONBOOT="yes"
In the etc/sysconfig/network
GATEWAY="10.0.2.1"
However, when I attempt to ping 10.0.2.1 the destination host is unreachable. I've restarted the network with service network restart but to no avail.
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.2.0 255.255.255.0 U 1 0 0 eth1
default 10.0.2.1 0.0.0.0 UG 0 0 eth1
The first row is the ipaddress and the second is the default gateway
Please make sure below,
Bridge the connection from your desktop .
You should be able to ping your Virtual machine IP from the parent machine where you have hosted the same.
Make sure you should not have any iptables rules configured that are constraing your connectivity.
This seems to enough , i have made similar setup recently.
Thanks,
Jain
You should add DEFROUTE=no in your eth1 configuration.

Resources