--- Joe Steeve <joe_steeve@xxxxxxx> wrote:
ARP cache might be getting corrupted.
I'm facing a weird network issue which is not
directly a Linux kernel
issue., but I'm not sure.
The following is the layout of the network which
causes the issue.
{mailserver}------\
203.129.914.19 |
|---{switch}----{firewall}-\
| |
{proxy server}----/ |
203.129.194.20 |
{cisco
router}
203.129.194.17
|
|
{modem}
|
|
{ISP router}
203.129.194.201
|
|
Internet
- The 'switch1' is a normal Dlink switch
- The 'firewall' is a PIII box running gnu/linux. It
bridges traffic
between eth0 to eth1., and in the process denies
some incoming
connections and unwanted outgoing connections (basic
iptables +
bridging)
- The router is a Cisco router.
The problem: This issue happens randomly. We are not
able to identify a
pattern or reason why this happens. At some random
times.,
203.129.194.201 will not be reachable from the
'mailserver'. The 'cisco
router' would be reachable (via a ping) from the
'mailserver'. A
traceroute from the 'mailserver' to an external site
(like
www.google.com) would end with the 'cisco router'.
But all other
machines ('proxy server') would not have a problem.
A 'ifdown-ifup'
cycle on the 'mailserver' fixes the issue.
I verified the route configuration which is as
follows., and that is not
the one that is responsible for the problem.
Destination Gateway Genmask
Flags Metric Ref Use
Iface
203.129.194.16 0.0.0.0 255.255.255.240 U
0 0 0 eth1
10.0.0.0 0.0.0.0 255.0.0.0 U
0 0 0 eth0
0.0.0.0 203.129.194.17 0.0.0.0 UG
0 0 0 eth1
I suspected the router., but the router's
configuration has not been
touched in years., and it has been running fine for
atleast 3 years now
(to my knowledge). A restart of the router did not
solve the issue.
'ifdown-ifup' cycle on the mailserver solves the
issue., so it does not
seem anything related to the router.
The rules in the firewall either allow traffic out
or dont. If a machine
behind the firewall is able to reach
203.129.194.17., it means it the
firewall has passed it through.
Any clues or pointers would be very helpful.
--
.o. A proud GNU user
..o
ooo [W] http://www.joesteeve.org/
_______________________________________________To unsubscribe, email ilugc-request@xxxxxxxxxxxxx
with
"unsubscribe <password> <address>"
in the subject or body of the message.
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
