Hello,
I have an issue with the following network? Is anyone able to help
diagnose the problem? If so, your help is appreciated.
NETWORK BACKGROUND:
Network structure is (or so I have been told):
192.168.0.8 ----|
|--- microwave (bridge) ---- 192.168.0.5
192.168.0.7 ----|
|
192.168.0.2 ----|
192.168.0.7 and 192.168.0.8 are connected via ethernet
(192.168.0.0/24), and there is also a microwave (bridge) on this
ethernet. The two machines on the left are Linux machines, I have no
access to the network on this right. The microwave bridge is dumb, and
I have been told been told it doesn't filter any packets.
The only relevant routes on both 192.168.0.7 and 192.168.0.8 are:
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.8
and:
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.7
All tcpdumps are with the options "host 192.168.0.5 -en". Not only
does this display Ethernet addresses, but also eliminates delays due
to DNS lookups. I have experimented with more relaxed rules, but
haven't yet found any evidence that the "host 192.168.0.5" is
eliminating anything but unrelated packets.
192.168.0.2 is an obsolete CISCO router that forwards everything to
192.168.0.5. I doubt it significant in anyway to the following tests.
WHAT WORKS:
I can ping 192.168.0.7 to 192.168.0.8 and vice versa.
From 192.168.0.8 I can ping 168.160.0.5. I can see both request and
response packets on both computers via tcpdump (which would imply a
hub is used, not a switch):
13:48:24.136037 0:50:73:68:a4:22 0:40:5:a3:65:5b 0800 98: 192.168.0.5 >
192.168.0.8: icmp: echo reply (DF) 13:48:25.132962 0:40:5:a3:65:5b
0:50:73:68:a4:22 0800 98: 192.168.0.8 > 192.168.0.5: icmp: echo request
(DF)
(please ignore the cut© error - the request did come before the
reply).
0:50:73:68:a4:22 is 192.168.0.5
0:40:5:a3:65:5b is 192.168.0.8
0:40:f4:2b:71:c6 is 192.168.0.7
If I delete the arp address of 192.168.0.5 on 192.168.0.8, it will
request it again and obtain the new value:
06:19:09.916894 0:40:5:a3:65:5b ff:ff:ff:ff:ff:ff 0806 60: arp who-has
192.168.0.5 tell 192.168.0.8 06:19:09.920115 0:50:73:68:a4:22
0:40:5:a3:65:5b 0806 60: arp reply 192.168.0.5 is-at 0:50:73:68:a4:22
06:19:09.920195 0:40:5:a3:65:5b 0:50:73:68:a4:22 0800 98: 192.168.0.8 >
192.168.0.5: icmp: echo request (DF) 06:19:09.922964 0:50:73:68:a4:22
0:40:5:a3:65:5b 0800 98: 192.168.0.5 > 192.168.0.8: icmp: echo reply (DF)
WHAT DOES NOT WORK:
If I try to ping 192.168.0.5 from 192.168.0.7, all I get is arp
requests (visible to both computers), but not any responses.
05:13:28.096711 0:40:f4:2b:71:c6 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
192.168.0.5 tell 192.168.0.7 05:13:29.091531 0:40:f4:2b:71:c6
ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.0.5 tell 192.168.0.7
05:13:30.091451 0:40:f4:2b:71:c6 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
192.168.0.5 tell 192.168.0.7 05:13:31.091510 0:40:f4:2b:71:c6
ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.0.5 tell 192.168.0.7
05:13:32.091303 0:40:f4:2b:71:c6 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
192.168.0.5 tell 192.168.0.7 05:13:33.091227 0:40:f4:2b:71:c6
ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.0.5 tell 192.168.0.7
If I change the IP address of 192.168.0.7 to 192.168.0.10, it still
doesn't work (similar to above but with different IP address).
If I route packets from 192.168.0.7 via 192.168.0.8, it doesn't work
05:24:25.789560 0:40:f4:2b:71:c6 0:40:5:a3:65:5b 0800 98: 192.168.0.7 >
192.168.0.5: icmp: echo request (DF) 05:24:25.789779 0:40:5:a3:65:5b
0:50:73:68:a4:22 0800 98: 192.168.0.7 > 192.168.0.5: icmp: echo request
(DF) 05:24:26.781299 0:40:f4:2b:71:c6 0:40:5:a3:65:5b 0800 98:
192.168.0.7 > 192.168.0.5: icmp: echo request (DF) 05:24:26.781457
0:40:5:a3:65:5b 0:50:73:68:a4:22 0800 98: 192.168.0.7 > 192.168.0.5:
icmp: echo request (DF)
WORKAROUND:
If, however, I do *both* of the above, i.e. use 192.168.0.10 *and* route
packets via 192.168.0.8, it *does* work:
05:46:59.236156 0:40:f4:2b:71:c6 0:40:5:a3:65:5b 0800 98: 192.168.0.10 >
192.168.0.5: icmp: echo request (DF) 05:46:59.236376 0:40:5:a3:65:5b
0:50:73:68:a4:22 0800 98: 192.168.0.10 > 192.168.0.5: icmp: echo request
(DF) 05:46:59.238722 0:50:73:68:a4:22 0:40:5:a3:65:5b 0800 98:
192.168.0.5 > 192.168.0.10: icmp: echo reply (DF) 05:46:59.238903
0:40:5:a3:65:5b 0:40:f4:2b:71:c6 0800 98: 192.168.0.5 > 192.168.0.10:
icmp: echo reply (DF)
OTHER FACTORS:
Other factors which might be important but could be misleading:
* "It was working yesterday".
* From other sysadmin: "All I did was delete some (not-related) routes
to obsolete CISCO router that isn't used anymore (192.168.0.2) and
then when things stopped working I added the same routes back
again."
* 192.168.0.8:
Linux mailman 2.4.14-tunnel #1 Wed Apr 11 13:12:08 EST 2007 i686 unknown
* 192.168.0.7:
Linux cableguy 2.4.10-lsm #1 SMP Mon Oct 8 01:12:23 CEST 2001 i686 unknown
These are old, but I don't think it is related.
* Other Windows machines on the networked stopped working in a similar
way to 192.168.0.7.
HELP:
Any ideas what is wrong? I seem to have totally ruled out all options
I can think of. eg. faulty hub, faulty microwave connection, bad
Ethernet adapter, Ethernet adaptors won't talk to each other,
duplicate Ethernet addresses being used (it can happen), etc.
Please CC responses to me, I am not subscribed.
Thanks
--
Brian May <bam@snoopy.apana.org.au>
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org