Private NIC replies to PING

Not sure if this is the correct forum or not so please accept my
apologies if not and point my to the correct place.
I have a subnet of 5 public IP addresses assigned by my ISP.
24.xxx.xxx.138 - 24.xxx.xxx.142. The first address is assigned to the
public NIC in the BM server. The other 4 are secondary IP addresses on
this BM server and are static NATed to internal hosts. When I ping any
of these 5 addresses from either side of the BM firewall, I get a reply
back from the appropriate public address.
But, if I ping 24.xxx.xxx.143, which is NOT part of my subnet, from
inside the firewall, I get a reply from 192.168.0.2 which is the private
side NIC of the BM server. A ping to 24.xxx.xxx.143 from outside
receives no response. I cannot find the .143 address anywhere in my
configurations.
I don't really have a problem with this but it's a little weird. How do
I correct this?
Thanks!
Todd

Yes on the 255.255.255.248 mask. So this is normal and proper behavior?
Todd
> Todd,
>
> do you have the 255.255.255.248 mask? If that's the case, the .143
> address is the broadcast address of your subnet (in other words, you're
> pinging every single device in that subnet).
> --
> Cat
> NSC Volunteer Sysop

Similar Messages

  • Multiple nics but no ping

    Hello-
    I suck at Linux and networking, especially when someone takes away all the extras....  That said I really like Arch because I'm finally learning what I really need (or am missing) and what it's used for.  I'm currently running Arch64 in a box with 3 nics as a host for VirtualBox.  All of the nics appear to setup with their static IP correctly and even respond to pings from outside.  Unfortunately, when I try to test connectivity with the following command, I just get errors:
    ping 4.2.2.2 -I eth2
    eth1 is my default for the system and I want eth0 and eth2 assigned to the virtual servers using 'internal networking'.  But I can't seem to get anything through eth0 or eth2.  Here's my rc.conf file followed by 'route' output, not sure what else I can provide to help.  Thanks in advance!
    -Jeff
    # /etc/rc.conf - Main Configuration for Arch Linux
    # LOCALIZATION
    # LOCALE: available languages can be listed with the 'locale -a' command
    # HARDWARECLOCK: set to "UTC" or "localtime"
    # USEDIRECTISA: use direct I/O requests instead of /dev/rtc for hwclock
    # TIMEZONE: timezones are found in /usr/share/zoneinfo
    # KEYMAP: keymaps are found in /usr/share/kbd/keymaps
    # CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
    # CONSOLEMAP: found in /usr/share/kbd/consoletrans
    # USECOLOR: use ANSI color sequences in startup messages
    LOCALE="en_US.utf8"
    HARDWARECLOCK="localtime"
    USEDIRECTISA="yes"
    TIMEZONE="Canada/Pacific"
    KEYMAP="us"
    CONSOLEFONT=
    CONSOLEMAP=
    USECOLOR="yes"
    # HARDWARE
    # MOD_AUTOLOAD: Allow autoloading of modules at boot and when needed
    # MOD_BLACKLIST: Prevent udev from loading these modules
    # MODULES: Modules to load at boot-up. Prefix with a ! to blacklist.
    # NOTE: Use of 'MOD_BLACKLIST' is deprecated. Please use ! in the MODULES array.
    MOD_AUTOLOAD="yes"
    #MOD_BLACKLIST=() #deprecated
    MODULES=(3c59x atl1 mii slhc tulip snd-mixer-oss snd-pcm-oss snd-hwdep snd-page-alloc snd-pcm snd-timer snd snd-hda-intel soundcore)
    # Scan for LVM volume groups at startup, required if you use LVM
    USELVM="no"
    # NETWORKING
    # HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
    HOSTNAME="windsor"
    # Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
    # Interfaces to start at boot-up (in this order)
    # Declare each interface then list in INTERFACES
    #   - prefix an entry in INTERFACES with a ! to disable it
    #   - no hyphens in your interface names - Bash doesn't like it
    # DHCP:     Set your interface to "dhcp" (eth0="dhcp")
    # Wireless: See network profiles below
    eth0="eth0 172.20.20.5 netmask 255.255.255.0 broadcast 172.20.20.255"
    eth1="eth1 172.20.20.10 netmask 255.255.255.0 broadcast 172.20.20.255"
    eth2="eth2 172.20.20.15 netmask 255.255.255.0 broadcast 172.20.20.255"
    INTERFACES=(lo eth1 eth0 eth2)
    # Routes to start at boot-up (in this order)
    # Declare each route then list in ROUTES
    #   - prefix an entry in ROUTES with a ! to disable it
    gateway="default gw 172.20.20.1"
    ROUTES=(gateway)
    # Enable these network profiles at boot-up.  These are only useful
    # if you happen to need multiple network configurations (ie, laptop users)
    #   - set to 'menu' to present a menu during boot-up (dialog package required)
    #   - prefix an entry with a ! to disable it
    # Network profiles are found in /etc/network.d
    # This now requires the netcfg package
    #NETWORKS=(main)
    # DAEMONS
    # Daemons to start at boot-up (in this order)
    #   - prefix a daemon with a ! to disable it
    #   - prefix a daemon with a @ to start it up in the background
    DAEMONS=(syslog-ng network netfs sshd crond)
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    172.20.20.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
    172.20.20.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
    172.20.20.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
    0.0.0.0         172.20.20.1     0.0.0.0         UG    0      0        0 eth1

    It sounds from Tomks post that it's now confirmed that I don't know what I'm doing...  Putting all the nics on separate subnets would not be an issue, i was just being lazy and trying to use the existing dmz with no modifications.  What's the best way to configure the extra nics?  If I put them all on separate subnets, would I need to specify the other gateways in rc.conf?
    Here's the output previously requested:
    My traceroute  [v0.72]
    windsor (0.0.0.0)                                      Wed Jun  4 14:55:30 2008
    Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                           Packets               Pings
    Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
    1. ???
    2. ge-4-9-ur01.fremont.ca.sfba.comc  0.0%    18    9.4  10.4   7.3  19.4   3.4
    3. pos-0-7-0-0-ar01.sfsutro.ca.sfba  0.0%    18   12.4  14.5  10.8  24.1   3.5
    4. COMCAST-IP.edge1.SanJose1.Level3  0.0%    18   13.5  15.7  13.1  27.7   3.5
    5. xe-10-1-0.edge1.SanJose1.Level3.  5.6%    18   14.8  17.6  12.2  40.6   7.6
    6. vlan79.csw2.SanJose1.Level3.net   0.0%    18   23.3  21.8  13.3  27.9   4.0
    7. ge-11-0.core1.SanJose1.Level3.ne  0.0%    18   14.6  16.2  12.4  30.3   4.7
    8. vnsc-bak.sys.gtei.net             0.0%    18   14.8  17.0  12.2  36.0   5.7

  • How to Ping Hardware via TCP/IP

    I need to ping a device to check connectivity via TCP/IP.  I'm currently using a 3rd party control that has a memory leak.  Is there a way to do this within Labview without using a 3rd Party control?

    [SOLVED]
    Hi
    I need to check several devices by pinging them.
    I don't want to use the windows console method with parsing.
    If I use the ping.llb described under the second link above the labview runtime is crahing latest after 12 hours without any replies. Ping frequency was 400 ms, 1 second would be OK but not nice.
    After all the crashs I decide to use the .net Framework which includes an own Ping class.
    Attached you can find this, at the moment test,  VI which is running in a mini project on my PC.
    For testing purposes I set the delay time constant low, later my wish is something between 400-100ms.
    Problem: If you open the WinXP task manager the used memory of process "labview.exe" is rising rapidly until .net throw an exeption.
    How can I prevent that the memory is rising until a crash occur??? If I reduce the time the memory usage is rising as well, just slow....
    Here is the link to the class description: http://msdn.microsoft.com/en-us/library/system.net.networkinformation.ping.aspx
    Thanks for your help
    Tim
    SOLUTION: I connected the "close reference" on the wrong wire....
    It seems to run even with 0 ms time constant (for testing). I have attached the corrected version.
    Message Edited by computerkammer on 05-17-2008 08:31 AM
    Attachments:
    pingdotnet1.vi ‏17 KB

  • Routing - ping A-B, can't ping B-A

    Hi,
    First time setting up routing on real equipment, and can't seem to get it right. Equipment is:
    1. 5500 (CatOS 4.3, IOS 11.3) (old equipment, not under maintenance, being thrown into the battle due to a new building that has to open, and the Cisco equipment order got hung up in contract negotiations and wont be here in time for the building opening...)
    2. 3620 (IOS 12.1)
    3. Two workstations.
    Connections are:
    ws1 (10.70.5.100) -> 5500, 3/1.
    ws2 (10.70.1.100) -> 5500, 3/2.
    3620, Fa0/1 (10.70.200.2) -> 5500, 3/24.
    On ws2, I can ping 3620.
    Also on ws2, I can telnet to 3620.
    On 3620, in the telnet session from ws2, I can NOT ping ws2. (Can't ping ws2 from 3620 in a terminal session either.)
    On 5500, in terminal session with switch (CatOS), can ping 10.70.1.1, 10.70.1.250, 10.70.5.1, 10.70.200.1 (those 4 are various switch interfaces), and can ping 10.70.200.2 (3620 Fa0/1). Can NOT ping ws1, ws2.
    On 5500, terminal session with MSFC, can ping all switch interfaces. Can NOT ping ws1, ws2.
    On 3620, terminal session, can ping all switch interfaces. Can NOT ping ws2, ws1.
    Ws1 can NOT ping ws2. And ws2 can NOT ping ws1.
    Configs attached. (The 3620 config, and the MSFC config also have "sh ip route" output at the bottom of the files.)
    Could someone tell me what I doing wrong? (BTW - I'm pretty sure I've got the default-routes and gateway of last resort mucked up, but that wouldn't explain the above, since all subnets above are routes in ospf, right?)
    TIA...

    Linnea
    I have a theory about part of your problem and some observations which might help. I suspect that the problem with pinging TO the workstations may be that they are running a private firewall which blocks ping.
    Your message is explicit that ws2 can ping and telnet to the 3620 but does not say whether ws1 can access anything. If ws1 can not access other resources then I would check to see if its default gateway is set.
    I note that the MSFC has configured a static default route and that it does show up in the routing table. That is good. I note that the 3620 has configured a static default route but that it does not show up in the routing table. That is not good. I believe the reason for that is that the default route specifies a next hop of 10.0.70.1 which is out interface FastEthernet0/0. But it looks like FastEthernet is protocol down state - the interface does not show up in the routing table - and so the default route does not work. If you fix the problem with the interface the default route will probably work.
    I also note that the 3620 defines a default-gateway and defines a default route. This is not necessarily bad but I want to be sure that you understand what this is doing. Default route and default gateway are two very different things. Default route is used when the 3620 is acting as a router and is forwarding packets. Default gateway would be used when the 3620 is acting as an IP host (but not as a router). The default gateway here is just the same as default gateway on a PC. There are a couple of circumstances where the 3620 may use the default gateway: if you configure "no ip routing" which would make the 3620 into a bridge, or if the 3620 boots into rxboot mode.
    HTH
    Rick

  • Can't get second NIC to come up on reboot

    On my Solaris 10 x4500 server e1000g0 is for the public network and e1000g1 is for the private network. The public e1000g0 NIC gets configured properly at boot and is usable right away, but the private NIC does not get fully configured at boot and requires an "ifconfig e1000g1 up" to become operational. An "ifconfig e1000g1" before this command shows that the IP address is correctly configured based on the /etc/hostname.e1000g1 and /etc/hosts files. What more do I need to do? Or at least, does this appear to be the correct normal procedure for setting up a new interface in Solaris 10, and therefore the problem is something non-obvious? Here is some relevant diagnostic output.
    */etc/hosts*
    # Internet host table
    127.0.0.1 localhost
    ::1 localhost
    192.168.3.9 thishost
    192.168.3.1 otherhost
    */etc/hostname.e1000g1*
    thishost
    ifconfig e1000g1
    e1000g1: flags=201000843<UP, BROADCAST, RUNNING, MULTICAST, IPv4, CoS> mtu 1500 index 3
    inet 192.168.3.9 netmask ffffff00 broadcast 192.168.3.255
    ether 0:16:4e:30:d3:81
    Edited by: echo.echo on Jun 12, 2009 8:08 AM

    Yes.
    Beginning with Solaris 8, the network config files took some slight changes in how they were interpreted. Things like IPMP needed a bit more control over the startup.
    Now, if the file contains only a single line, the traditional behavior occurs with the interface being turned "up", and netmask/broadcast set. If multiple lines are detected, each line is passed to ifconfig, but it is not implicitly set "up" as well.
    Unfortunately, there's no smarts in there to determine if there's only one "populated" line. It's just counting newlines.
    Darren

  • Scale out file server client access point using public nic

    Thoughts on this one.
    I have a Scale Out File Server cluster with a Client Access Point. Whenever i talk to the Client Access Point it uses the public nics.
    If i talk to the Scale Out File Server directly it uses the private like i want it to. How can i get the Client Access Point using the private nics?

    Hi JustusIV,
    Could you tell us why you want to modify the CAP use the “private” network, the CAP is used for client access, your clients may can’t access your cluster if modify your CAP
    use private network, if you want know how to modify the CAP of a cluster you can refer the following KB:
    Modify Network Settings for a Failover Cluster
    http://technet.microsoft.com/en-us/library/cc725775.aspx
    More information:
    Understanding Access Points (Names and IP Addresses) in a Failover Cluster
    http://technet.microsoft.com/en-us/library/cc732536.aspx
    Windows Server 2008 Failover Clusters: Networking (Part 4)
    http://blogs.technet.com/b/askcore/archive/2010/04/15/windows-server-2008-failover-clusters-networking-part-4.aspx
    Hope this helps.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Web-server not serve web pages from 2nd NIC

    My Scenario:
    Ethernet 0 is my internal NIC
    Ethernet 1 is my external NIC (Internet)
    Firewall is off right now for testing purposes.
    I can web serve all day long on the internal NIC
    I can not serve anything on the External NIC
    I can ping the External NIC
    I can setup a Windows Box with IIS with the same IP settings and I can serve all day long with the windows box.
    When I look at the access log it shows that there was a request and it tried to serve but the clients don't receive anything.
    I see nothing under the error logs.
    Thanks for any insight you can give me.

    If you want to wade into static routes and multi-NIC IP configurations and such, here's some related reading material of varying vintages: [messageID=6639826|http://discussions.apple.com/thread.jspa?messageID=6639826], [messageID=5642919|http://discussions.apple.com/thread.jspa?messageID=5642919], [threadID=1461434|http://discussions.apple.com/thread.jspa?threadID=1461434].
    With an out-board firewall, you can do what you want. (I happen to like this particular configuration for other reasons, too.)

  • Ping and ssh don't work after waking from sleep

    Hi!
    I have been running Arch on my 2010 Macbook since May and there's always been this one annoyance which I can't figure out: after it is woken from sleep, the wireless (using netctl) happily reconnects and I can browse, check email, run pacman, do dns lookups---everything, it seems, apart from ssh or ping.  Both ping and ssh seem to hang.  If I reboot or restart [email protected], then they both work.
    Running :
    $ ssh XXX.XXX.XXX.XXX
    connect(3, {sa_family=AF_INET, sin_port=htons(22), sin_addr=inet_addr("XXX.XXX.XXX.XXX")}, 16
    where XXX.XXX.XXX.XXX is my work computer. (Full strace: http://pastie.org/private/xhmee0oltrnx3qmblnzq)
    Running strace ping google.com (as root) gives the repeated lines:
    $ strace ping google.com
    sendmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("173.194.34.102")}, msg_iov(1)=[{"\10\0\270\345b\325\0\2\336\36QR\0\0\0\0\353\376\2\0\0\0\0\0\20\21\22\23\24\25\26\27"..., 64}], msg_controllen=0, msg_flags=0}, 0) = 64
    recvmsg(3, 0x7fff2f6d6f90, 0) = -1 EAGAIN (Resource temporarily unavailable)
    (Full strace: http://pastie.org/private/bfygaqtccz0ms2w8hqea4g)
    I can, however, sucessfully ping my router and other devices connected to it.  I have not been able to find out anything relevant that might fix this. I've checked the MTU settings match those on the router and my other laptop running Arch does not have this problem.
    Any suggestions on how to debug this further?
    Thanks!

    I have several mid-2009 8-core Mac Pro's, all running Snow Leopard, and all have been having this problem as well.
    I will not guarantee this is going to work for anyone else....but we have found a (slightly inelegant) workaround for it that has been working for several weeks now without fail.
    Prior to putting your MacPro to sleep, run the volume all the way up and leave it there. Afterwards, put it to sleep as usual. We use the keyboard to do this, but I would imagine any method should have the same affect. However, I've not experimented.
    Anyway...this has worked 100% of the time for us. The only downside of it is that you have to remember to run it up before....and then back down after waking (else that first alert sound or music file you play will really wake YOU up!)
    If this works for anyone else, let me know.
    Apple should never have let this one out the door with this bug. Especially, as Apple Support is....wanting, at best.
    ...sT

  • System still sends ping after set outbound traffic to block

    hi friends
    i win 2008 R2 , i found that when i set firewall state outbound traffic status to block (in All 3 profiles including domain, public, private), still system can ping other systems (although even there is no ICMPv4 echo request Allow rule).
    where from this setting is applied? where from can we change this exception so that also ping (outbound ICMPv4 echo request) be blocked.
    thanks in advanced

    Hi,
    According to your description, my understanding is that you want to block outbound ping packet.
    I suggest you to new an outbound rule to block ping packet. Steps reference below:
    In the Windows Firewall with Advanced Security console tree, select and then right-click
    Outbound Rules, click New Rule.
    On the Rule Type page, click
    Custom, and then click Next.
    On the Program page, click
    All program, and the click Next.
    On the Protocol and Ports page, in the
    Protocol list, select ICMPv4 and then click
    Next. (By default this will block all types of ICMP, or you can click
    Customize to specify the type)
    On the Scope page, choose the IP address which this rule reply to, and the click
    Next.
    On the Action page, click
    Block the connection, and the click Next.
    Select the profile and define a name for this rule, and click
    Finish to save the rule.
    After creating this rule, try to ping, check to see if this rule works.
    Best Regards,           
    Eve Wang
    Hi Eve
    please read my question again more carefully.
    i have not asked how to create an outbound rule to deny ping ! definitely i know that. my question is something else

  • CLUSTER_INTERCONNECS, IPMP, and Multiple Databases

    We are looking to build a 2-node 10g RAC cluster on Solaris 10. We will have two databases in this cluster, in addition to the ASM instance. We want to provide HA for this setup using IPMP.
    My understanding is that with Solaris/IPMP, CRS will not be able to validate the health of the secondary private network interface that is identified by the “STANDBY” identifier in ifconfig. This will result in CRS failing to start the Clusterware.
    The solution, according to Metalink note 368464.1 is to delete the private network configuration from the OCR via the use of the oifcfg command and then using the CLUSTER_INTERCONNECTS initialization parameter within the database to point to the physical IP used for the interconnect IPMP group.
    According to the Oracle docs, if you use the CLUSTER_INTERCONNECTS parameter, then only one database in the cluster can use the IP identified by this parameter; that is, I cannot use the same private IP for the CLUSTER_INTERCONNECTS for all databases.
    So if true, with two databases, we are in a bit of a pickle (actually 3, including the ASM instance which will also need to use the interconnect).
    Can anyone validate if this is all true, or do I have something wrong?

    Thanks for the replies and clarification of the CLUSTER_INTERCONNECTS parameter.
    However, I still see that (in that other thread) there seems to be some confusion as per the Metalink note and that JJ's question has not been truly answered.
    My understanding, is that with IPMP, you have have 3 IPs per NIC pair (or IPMP group): a physical IP for the IPMP group, and a test IP for each NIC in the pair.
    When installing Clusterware, you cannot specify the physical IP for the IPMP group, you can only specify the NIC interfaces, and is it their test IPs that will show up in OIFCFG GETIF.
    One of the NICs in the IPMP group will be in standby mode, so when CRS starts up, it cannot validate the health of the standby NIC and will fail. In short, CRS does not KNOW about the physical IP, it only knows the two test IPs. So you don't have HA for the private interconnect using IPMP ( just yet.)
    To get around this, you use OIFCFG to remove both private NICs from OCR, and then use the CLUSTER_INTERCONNECTS parameter to store the physical IP of the IPMP group.
    That way you will still have HA, as the physical IP will failover to one or the other test IP.
    So the question JJ proposed did not get answered: if you remove the private NICs using OIFCFG, how does CRS come up without a private interface in the OCR?
    (Or did I get all of this correct?)

  • Cannot access Virtual Machine via RDP

    Hi all,
    I created a Virtual Machine 2012 Data center gallery last night, and I now cannot rdp into it.  It is using port 3389 for both public and private.  When I ping my VM, I get a request time out.  Any ideas what might be happening?  Thanks.
    Eric

    Hi,
    Good to hear that and thanks for your feedback.
    Just to add, if you delete the VM and keep its disks, then use the disk to recreate a new VM, the data on the temporary driver(D:) would be lost on the old VM.
    Best regards,
    Susie
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Strange static NAT Issue

    I am having a strange problem with static NAT. We have BM3.8 SP2 installed on NW Small Business 6.5. The public interface is configured to do both static and dynamic NAT. I have added two secondary IP addresses that are bound to the public interface, and setup the NAT table, using inetcfg, for two different cooresponding private IPs. I setup filters and am able to successfully use these NAT translations through BM as intended. In other words, they work fine. Now the problem. I need to add another static NAT entry. I add the secondary IP and it pings fine from the outside (thanks to a temporary filter for ICMP to/from anywhere). Then I add a new entry in the static NAT table to translate this address to a third unique private side IP. At this point the new secondary IP will no longer ping as before and it is not translating to the private side as the others do. I have exhausted my brain in trying different configurations to get this to work. For example, I have tried with filters down, I have tried adding this third one before the other two, I have tried re-doing all of it, I have tried different secondary IP addresses (public interface is behind a PIX firewall) and even different private side IPs. All still the same non-working result. On the public side I can still ping the other two and their NAT translations work fine. I know for sure that everything is in the correct subnet. If I dump the arp table on a machine sitting on the public side of BM after pinging each of the three secondary IPs they ALL show that they resolve to the ethernet address of the public interface on the BM server. Its like the packets are getting to BM and it is responding, but for some reason it is deciding not to translate it. Finally, as added information, I can ping the third IP using nwping on the server and I can ping it from a private side machine. Is it somehow bound to the wrong side interface? How could this be if BM public is reporting for ARP requests? I have not yet attempted a tcpip debug since the machine is a production machine.
    Any ideas? Oh by the way, the translations are for three different VNC servers on the private side of the BM network. Two work fine, but the third will not work! (and yes I tried putting the third secondary IP address translation to one of the two known working private side VNC server machines. No difference). I thought it might be a corrupt TCPIP.CFG file, but I tried on another identical server and it yields the exact same result.

    First, your post is unclear to me. What do you mean by the "private device"? I assume you mean the private NIC on the BM server? ... If this is what you mean then I cannot fathom why that would have anything to do with the problem especially since two translations are already working. Hopefully I am missing something here.
    Second, Yes - I did do REINITIALIZE SYSTEM. After I making any static NAT table entries and after any filters that I did.
    thanks for the reply
    >>> D. SKye Hodges<[email protected]> 12/1/2004 2:17:44 PM >>>
    check the default gateway on the private device, make sure it is the private ip of the BM server. If so, then reboot the BM server (I assume that you already tried REINITIALIZE SYSTEM). Let us know...
    >>> Clayton<[email protected]> 01-Dec-04 10:14:02 >>>
    I am having a strange problem with static NAT. We have BM3.8 SP2 installed on NW Small Business 6.5. The public interface is configured to do both static and dynamic NAT. I have added two secondary IP addresses that are bound to the public interface, and setup the NAT table, using inetcfg, for two different cooresponding private IPs. I setup filters and am able to successfully use these NAT translations through BM as intended. In other words, they work fine. Now the problem. I need to add another static NAT entry. I add the secondary IP and it pings fine from the outside (thanks to a temporary filter for ICMP to/from anywhere). Then I add a new entry in the static NAT table to translate this address to a third unique private side IP. At this point the new secondary IP will no longer ping as before and it is not translating to the private side as the others do. I have exhausted my brain in trying different configurations to get this to work. For example, I have tried with filters down, I have tried adding this third one before the other two, I have tried re-doing all of it, I have tried different secondary IP addresses (public interface is behind a PIX firewall) and even different private side IPs. All still the same non-working result. On the public side I can still ping the other two and their NAT translations work fine. I know for sure that everything is in the correct subnet. If I dump the arp table on a machine sitting on the public side of BM after pinging each of the three secondary IPs they ALL show that they resolve to the ethernet address of the public interface on the BM server. Its like the packets are getting to BM and it is responding, but for some reason it is deciding not to translate it. Finally, as added information, I can ping the third IP using nwping on the server and I can ping it from a private side machine. Is it somehow bound to the wrong side interface? How could this be if BM public is reporting for ARP requests? I have not yet attempted a tcpip debug since the machine is a production machine.
    Any ideas? Oh by the way, the translations are for three different VNC servers on the private side of the BM network. Two work fine, but the third will not work! (and yes I tried putting the third secondary IP address translation to one of the two known working private side VNC server machines. No difference). I thought it might be a corrupt TCPIP.CFG file, but I tried on another identical server and it yields the exact same result.

  • Trouble setting up NAT with ipfilter

    Hello All :
    I'm trying to setup a Sunfire V120 as a NAT box but am running into some odd behavior that I can't seem to resolve, I'm hoping someone here can shed some light on the problem.
    My V120 has two NICs eri0 and eri1 and is running Solaris 10, Release 08/07. I have configured eri0 as my public interface and eri1 as my private interface.
    I turned on packet forwarding :
    routeadm -u -e ipv4-forwardingI also added the following to /etc/ipf/ipnat.conf:
    map eri0 192.168.0.0/24 -> 0/32 proxy port ftp ftp/tcp
    map eri0 192.168.0.0/24 -> 0/32 portmap tcp/udp auto
    map eri0 192.168.0.0/24 -> 0/32ipfilter is running:
    online         10:26:33 svc:/network/ipfilter:default From another system inside my private network, I can ping machines on the private network and on the public network. However, I cannot ssh to other external addresses, ftp, and DNS does not resolve, but I am able to ping the addresses of the public DNS servers just as I am able to ping any other public and private address.
    Thanks in advance for any help one can provide.

    I also added the following to /etc/ipf/ipnat.conf:
    map eri0 192.168.0.0/24 -> 0/32 proxy port ftp ftp/tcp
    map eri0 192.168.0.0/24 -> 0/32 portmap tcp/udp auto
    map eri0 192.168.0.0/24 -> 0/32Maybe it should be 192.168.0.0/16 or just "map eri0 0/0 .. "? Otherwise OK
    Thanks in advance for any help one can provide.Check:
    # /usr/sbin/ipfstat
    # /usr/sbin/ipfstat -nih
    # /usr/sbin/ipfstat -noh
    Should list status and your inbound and outbound rule sets respectively.
    # /usr/sbin/ipnat -l
    Should list your NAT rules and active dynamic entries
    # less +F /var/adm/messages
    (or where you send local0 syslog (if you log))
    # /usr/sbin/snoop -rd eri0
    # /usr/sbin/snoop -rd eri1
    Should show briefely what's on the wire-side of ipf. Run both in two windows and compare and look for leaks of internal addresses on the outside and missed packets.
    P�l

  • Hyper-V 2012 VMs freeze on large file transfers

    I have a small non-clustered Hyper-V Server setup as follows:
    HP ML350p Gen8 Server, 6 core E5-2620 CPU and 32GB Memory running Server 2012 (full GUI) with the Hyper-V role enabled.
    The Server has 8 disks, 1 pair of RAID1 15k disks for the Server 2012/Hyper-V OS, and 3 pairs of RAID1 10K disks for 3 VMs (ie each VM has its own pair of RAID 1 disks). The NICs in the Server are 4 x gigabit ports on an internal
     331i card and 4 x gigabit on an external 331T card. The Hyper-V Server is  not running anything other than the Hyper-V role, the LogMeIn client and Symantec SEP SBE 2013 (with recommended Hyper-V exclusions in place) and
    the VMs are a Domain Controller, a SQL Server and a File Server. Currently all VMs have their own single 1GB NIC connection on the 331T card, all VMs have a single IP address and are on the same subnet, no VLANs are used.
    I have applied what hot fixes I can from a TechNet article that recommended how to setup Hyper-V.
    Initially I had a problem with NIC latency during pings, which we traced to being due to the ML350 Gen8 Server's NICs not liking VMQ enabled. When disabled all looked fine, but we had not yet tried to use the Server in production.
    Recently (getting ready to go in to Production use) we have noticed when transferring a 3.5GB ISO of SQL media to a file share on one of the VMs from a desktop PC that this causes the VM to lock up. The file copy will still complete but the screen freezes
    when accessed via Hyper-V manager or remotely via LogMeIn and sometimes the LogMeIn remote session is dropped too. If you cancel the file copy the console is immediately responsive again.
    Since we built the server a while back, HP had subsequently released an updated NIC driver which we installed and it seems to have fixed the VMQ issue, but with or without VMQ enabled we seem to experience the lockups as soon as we transfer medium to large
    size files. The issues were there before and after we upgraded the NIC driver, we were hoping it would address the issue, but it didn't. These servers are very lightly loaded and the problem occurs even on the SQL Server VM with the SQL service disabled
    (ie the server has hardly anything running at all and the console freezes with a single user performing a single file copy).
    We have 3 VMs on the Server, 2 are running Server 2012 and seem to be more affected, the VM running Server 2008 R2 seems less affected. VM to VM transfers seem to be working better (ie slows down slightly but no lock ups), it is only during external network
    transfers. Also the faster the transfer speed is, the worse the issue becomes. If the file is copied to a share on the Hyper-V Host the issue does not occur, only transfers to the VMs.
    Does anyone have any idea what might be the issue here? I saw a hotfix for 2008 for a similar issue but can't seem to find anything for Server 2012.

    I think we have tried almost every combination of disabling Large Send Offload, TCP offload, IP SEC Offloading, VMQ and Receive Side Scaling possible - in the various places there are - although I will be quite honest - as there are 3 places to do this
    for each Server (the related physical and virtual NICs on the HV Server, and also the NIC in the VM) it is possible we may have missed an iteration...
    During our testing we have noticed that the symptoms of the problem gets worse the higher the transfer speed is. For example if you transfer to the VM from a desktop with a 100Mbs NIC, there will be subtle lag and a transfer speed of say 10 or so KBs ,
    if you use a device with a 1Gbs NIC, you on average achieve 50-70 KBs transfer speeds and the higher the number, the worse the GUI / Server locks up (although the transfer completes just fine).
    We also tried throttling the bandwidth via the 2012 GUI - to see if that helped, but none of the changes we made seemed to work, and we did not have time to try the powershell way of doing this.
    We did replace one of the VM's NIC with a legacy one as part of our testing today, and now data transfers to the VM from a PC with a 1Gbs NIC run slower at around 30-35 KBs and the are no noticeable GUI freezes, although during the large transfer
    it looks like 1 in every 30-40 packets is dropped in a continual ping that runs during the transfer period.
    We have done a lot of cable replacing today (out of diligence) but there seems to be no noticeable issue. We also tried and older NC380T dual port NIC we had available and used the standard driver Windows offered instead of an HP one, but the problem
    was identical no matter which NIC we used.

  • How do I get DNS searchs to span multiple network interaces?

    Each of our developer machines have two network cards. One is attached to the corporate network the other to a private network. There is a DNS server running on both networks. On our windows boxes we have no trouble doing something like
         ping <device-name-on-corporate-network>
         ping <device-name-on-private-network>
    On our newly purchased Mac Minis running Mavericks 10.9.2 it doesn't work the same way.
    If the service order has the corporate network above the private network then the ping of the corporate device name works but the ping of the private device name doesn't.
    If I swtich the service order so the private network is above the corporate network then the ping of the private device name works but not the coporate one.
    From what I am seeing I believe that on the Macs when a DNS lookup request failure is returned by the DNS server associated with highest active network in the service order list the DNS server associated with next highest active network in the service order is not being sent a DNS lookup request. Is this correct or am I missing a setting someplace?

    I found another the solution was already posted in response to the following question in the discussions group.
    https://discussions.apple.com/message/15095747#15095747
    "Network Service Order Causing Conflict with Private DNS on Local Network"
    KJB_

Maybe you are looking for