[ale] Iptables wierdness
Jim Kinney
jim.kinney at gmail.com
Tue Feb 17 17:38:15 EST 2015
This is driving me nuts.
I can ping the gateway but traceroute never completes. I can ping the
working vIP and the traceroute does show connection but continues to poll
"deeper". I can't ping the "missing" vIP and traceroute goes to
neverneverland.
On Mon, Feb 16, 2015 at 8:35 AM, Jim Kinney <jim.kinney at gmail.com> wrote:
> I've got a firewall/router running centos 7. I've disabled firewalld and
> enabled iptables instead while I learn the new firewalld.
>
> The box has a WAN nic with 3 IPs. One for itself and the other 2 for other
> systems. I'm using nat and have pre and post routing rules to do the
> translation.
>
> Now for the weirdness.
>
> One works and the other doesn't.
>
> The rules are identical except for IPs. The rest of the LAN is simply nat
> translated outbound. They all work. One server, the :2 on the nic can't get
> outside at all if one the static translate. The :1 machine is fine.
>
> Doing a tcpdump shows ping to WAN gateway going out and returning to
> outside nic but it then gets lost in the redirect.
>
> There are explicit forward rules for needed ports but I opened it to all
> ports for the troubled machine.
>
> It's a new machine that passed a full memtest+ run.
>
> I'm stumped.
>
--
--
James P. Kinney III
Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
*http://heretothereideas.blogspot.com/
<http://heretothereideas.blogspot.com/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150217/167e7c56/attachment.html>
More information about the Ale
mailing list