Help with subnet routing issue (Centos 8)
by hcook1 from LinuxQuestions.org on (#5BF1K)
I would appreciate help on an issue that has me completely stymied at this point and I know it is something silly that I am missing...
My issue is that I cannot get a newly installed Centos 8 server to forward packets between two subnets. In the diagram immediately below, the object of my efforts and frustration is the server dick. The goal is to allow the nodes in the 10.4.160.0/24 subnet to get "out" to all of the other nodes in the network and ultimately the internet.
Here is the configuration:
Code: <corp net>---<server A>---<server B>---<server dick>---<node rh3>
upstream address: 10.1.3.27 10.4.1.27 10.4.150.57 10.4.160.35
Downstream address: 10.4.1.1 10.4.150.1 10.4.160.1 N/AIn this configuration, the server dick is a new Centos 8 server with two ethernet adapters. Here are the salient details:
Code:[root@dick ~]ip route
default via 10.4.150.1 dev eno1 proto kernel metric 1
10.4.150.0/24 dev eno1 proto kernel src 10.4.150.57 metric 100
10.4.160.0/24 dev eno2 proto kernel scope link src 10.4.160.1 metric 101
[root@dick ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 10.4.150.57/24 brd 10.4.150.255 scope global dynamic noprefixroute eno1
valid_lft 36325sec preferred_lft 36325sec
inet6 fe80::ca1f:66ff:fef8:bd8c/64 scope link
valid_lft forever preferred_lft forever
3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 10.4.160.1/24 brd 10.4.160.255 scope global noprefixroute eno2
valid_lft forever preferred_lft forever
inet6 fe80::ca1f:66ff:fef8:bd8d/64 scope link
valid_lft forever preferred_lft foreverThe first Adapter:
I have enabled Kernel forwarding:
Code:sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1I am on a secure subnet so I have disabled firewalld.
I am using NetworkManager and dnsmasq all of which appears to be working just fine.
With the config files that I provided above, all three of the servers (server A, Server B & dick) can ping all of peer nodes on their respective subnets and all three servers can ping nodes upstream and downstream from their local subnet. All of the nodes on the 10.4.1.0/24 and 10.4.150.0/24 subnets can ping everything EXCEPT nodes on the 10.4.160.0/24 network.
Here is the issue:
rh3 and its peers on the 10.4.160.0/24 network can ping peer nodes in the 10.4.160.0/24 subnet and can ping both interfaces on on dick (10.4.160.1 and 10.4.150.57) BUT cannot ping anything else:
Code:[root@rh3 ~]# ping -c 3 10.4.160.1
PING 10.4.160.1 (10.4.160.1) 56(84) bytes of data.
64 bytes from 10.4.160.1: icmp_seq=1 ttl=64 time=0.118 ms
64 bytes from 10.4.160.1: icmp_seq=2 ttl=64 time=0.116 ms
64 bytes from 10.4.160.1: icmp_seq=3 ttl=64 time=0.118 ms
--- 10.4.160.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2081ms
rtt min/avg/max/mdev = 0.116/0.117/0.118/0.000 ms
[root@rh3 ~]#
[root@rh3 ~]# ping -c 3 10.4.150.57
PING 10.4.150.57 (10.4.150.57) 56(84) bytes of data.
64 bytes from 10.4.150.57: icmp_seq=1 ttl=64 time=0.118 ms
64 bytes from 10.4.150.57: icmp_seq=2 ttl=64 time=0.125 ms
64 bytes from 10.4.150.57: icmp_seq=3 ttl=64 time=0.131 ms
--- 10.4.150.57 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2056ms
rtt min/avg/max/mdev = 0.118/0.124/0.131/0.005 ms
[root@rh3 ~]# ping -c 3 10.4.150.1
PING 10.4.150.1 (10.4.150.1) 56(84) bytes of data.
^C
--- 10.4.150.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2025msOne other data point that may be a clue, when I try to ping rh3 (10.4.160.35) from server B, this is the result that I am getting:
Code:[Root@serverB ~] ping 10.4.160.35
PING 10.4.160.35 (10.4.160.35) 56(84) bytes of data.
From 10.1.3.1: icmp_seq=1 Redirect Host(New nexthop: 10.1.3.27)
From 10.1.3.1 icmp_seq=1 Redirect HostFrom 10.1.3.1: icmp_seq=2 Redirect Host(New nexthop: 10.1.3.27)
From 10.1.3.1 icmp_seq=2 Redirect HostFrom 10.1.3.1: icmp_seq=3 Redirect Host(New nexthop: 10.1.3.27)
From 10.1.3.1 icmp_seq=3 Redirect HostFrom 10.1.3.1: icmp_seq=4 Redirect Host(New nexthop: 10.1.3.27)
From 10.1.3.1 icmp_seq=4 Redirect HostFrom 10.1.3.1: icmp_seq=5 Redirect Host(New nexthop: 10.1.3.27)
From 10.1.3.1 icmp_seq=5 Redirect HostFrom 10.1.3.1: icmp_seq=6 Redirect Host(New nexthop: 10.1.3.27)
From 10.1.3.1 icmp_seq=6 Redirect Host^C
--- 10.4.160.35 ping statistics ---
6 packets transmitted, 0 received, +6 errors, 100% packet loss, time 5000msping from server dick to rh3 is fine:
Code:[root@dick etc]# ping -c 5 rh3
PING rh3 (10.4.160.35) 56(84) bytes of data.
64 bytes from rh3 (10.4.160.35): icmp_seq=1 ttl=64 time=0.125 ms
64 bytes from rh3 (10.4.160.35): icmp_seq=2 ttl=64 time=0.121 ms
64 bytes from rh3 (10.4.160.35): icmp_seq=3 ttl=64 time=0.122 ms
64 bytes from rh3 (10.4.160.35): icmp_seq=4 ttl=64 time=0.120 ms
64 bytes from rh3 (10.4.160.35): icmp_seq=5 ttl=64 time=0.118 ms
--- rh3 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 95ms
rtt min/avg/max/mdev = 0.118/0.121/0.125/0.007 msHelp Please! What am I missing?
--- Harold
My issue is that I cannot get a newly installed Centos 8 server to forward packets between two subnets. In the diagram immediately below, the object of my efforts and frustration is the server dick. The goal is to allow the nodes in the 10.4.160.0/24 subnet to get "out" to all of the other nodes in the network and ultimately the internet.
Here is the configuration:
Code: <corp net>---<server A>---<server B>---<server dick>---<node rh3>
upstream address: 10.1.3.27 10.4.1.27 10.4.150.57 10.4.160.35
Downstream address: 10.4.1.1 10.4.150.1 10.4.160.1 N/AIn this configuration, the server dick is a new Centos 8 server with two ethernet adapters. Here are the salient details:
Code:[root@dick ~]ip route
default via 10.4.150.1 dev eno1 proto kernel metric 1
10.4.150.0/24 dev eno1 proto kernel src 10.4.150.57 metric 100
10.4.160.0/24 dev eno2 proto kernel scope link src 10.4.160.1 metric 101
[root@dick ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 10.4.150.57/24 brd 10.4.150.255 scope global dynamic noprefixroute eno1
valid_lft 36325sec preferred_lft 36325sec
inet6 fe80::ca1f:66ff:fef8:bd8c/64 scope link
valid_lft forever preferred_lft forever
3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 10.4.160.1/24 brd 10.4.160.255 scope global noprefixroute eno2
valid_lft forever preferred_lft forever
inet6 fe80::ca1f:66ff:fef8:bd8d/64 scope link
valid_lft forever preferred_lft foreverThe first Adapter:
I have enabled Kernel forwarding:
Code:sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1I am on a secure subnet so I have disabled firewalld.
I am using NetworkManager and dnsmasq all of which appears to be working just fine.
With the config files that I provided above, all three of the servers (server A, Server B & dick) can ping all of peer nodes on their respective subnets and all three servers can ping nodes upstream and downstream from their local subnet. All of the nodes on the 10.4.1.0/24 and 10.4.150.0/24 subnets can ping everything EXCEPT nodes on the 10.4.160.0/24 network.
Here is the issue:
rh3 and its peers on the 10.4.160.0/24 network can ping peer nodes in the 10.4.160.0/24 subnet and can ping both interfaces on on dick (10.4.160.1 and 10.4.150.57) BUT cannot ping anything else:
Code:[root@rh3 ~]# ping -c 3 10.4.160.1
PING 10.4.160.1 (10.4.160.1) 56(84) bytes of data.
64 bytes from 10.4.160.1: icmp_seq=1 ttl=64 time=0.118 ms
64 bytes from 10.4.160.1: icmp_seq=2 ttl=64 time=0.116 ms
64 bytes from 10.4.160.1: icmp_seq=3 ttl=64 time=0.118 ms
--- 10.4.160.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2081ms
rtt min/avg/max/mdev = 0.116/0.117/0.118/0.000 ms
[root@rh3 ~]#
[root@rh3 ~]# ping -c 3 10.4.150.57
PING 10.4.150.57 (10.4.150.57) 56(84) bytes of data.
64 bytes from 10.4.150.57: icmp_seq=1 ttl=64 time=0.118 ms
64 bytes from 10.4.150.57: icmp_seq=2 ttl=64 time=0.125 ms
64 bytes from 10.4.150.57: icmp_seq=3 ttl=64 time=0.131 ms
--- 10.4.150.57 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2056ms
rtt min/avg/max/mdev = 0.118/0.124/0.131/0.005 ms
[root@rh3 ~]# ping -c 3 10.4.150.1
PING 10.4.150.1 (10.4.150.1) 56(84) bytes of data.
^C
--- 10.4.150.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2025msOne other data point that may be a clue, when I try to ping rh3 (10.4.160.35) from server B, this is the result that I am getting:
Code:[Root@serverB ~] ping 10.4.160.35
PING 10.4.160.35 (10.4.160.35) 56(84) bytes of data.
From 10.1.3.1: icmp_seq=1 Redirect Host(New nexthop: 10.1.3.27)
From 10.1.3.1 icmp_seq=1 Redirect HostFrom 10.1.3.1: icmp_seq=2 Redirect Host(New nexthop: 10.1.3.27)
From 10.1.3.1 icmp_seq=2 Redirect HostFrom 10.1.3.1: icmp_seq=3 Redirect Host(New nexthop: 10.1.3.27)
From 10.1.3.1 icmp_seq=3 Redirect HostFrom 10.1.3.1: icmp_seq=4 Redirect Host(New nexthop: 10.1.3.27)
From 10.1.3.1 icmp_seq=4 Redirect HostFrom 10.1.3.1: icmp_seq=5 Redirect Host(New nexthop: 10.1.3.27)
From 10.1.3.1 icmp_seq=5 Redirect HostFrom 10.1.3.1: icmp_seq=6 Redirect Host(New nexthop: 10.1.3.27)
From 10.1.3.1 icmp_seq=6 Redirect Host^C
--- 10.4.160.35 ping statistics ---
6 packets transmitted, 0 received, +6 errors, 100% packet loss, time 5000msping from server dick to rh3 is fine:
Code:[root@dick etc]# ping -c 5 rh3
PING rh3 (10.4.160.35) 56(84) bytes of data.
64 bytes from rh3 (10.4.160.35): icmp_seq=1 ttl=64 time=0.125 ms
64 bytes from rh3 (10.4.160.35): icmp_seq=2 ttl=64 time=0.121 ms
64 bytes from rh3 (10.4.160.35): icmp_seq=3 ttl=64 time=0.122 ms
64 bytes from rh3 (10.4.160.35): icmp_seq=4 ttl=64 time=0.120 ms
64 bytes from rh3 (10.4.160.35): icmp_seq=5 ttl=64 time=0.118 ms
--- rh3 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 95ms
rtt min/avg/max/mdev = 0.118/0.121/0.125/0.007 msHelp Please! What am I missing?
--- Harold