Sorry about dredging this up again. A move got in the way and ...
well, anyway. The upshot is, the hostnames have changed, and the
subnet has changed, but the configuration and problem are effectively
identical.
The pings from the outside don't error out, they just never return.
the outside machine:
[EMAIL PROTECTED]:~$ ping 65.103.82.90
PING 65.103.82.90 (65.103.82.90): 56 data bytes
^C
--- 65.103.82.90 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
[EMAIL PROTECTED]:~$
tcpdump on the carp master:
carp-md# tcpdump -e -n -i xennet1 host miskatonic.uberh4x0r.org
tcpdump: WARNING: xennet1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on xennet1, link-type EN10MB (Ethernet), capture size 96 bytes
19:14:17.758467 00:16:3e:56:2d:c7 > 00:00:5e:00:01:41, ethertype IPv4
(0x0800), length 98: IP 70.90.241.185 > 65.103.82.90: icmp 64: echo
request seq 0
19:14:18.754646 00:16:3e:56:2d:c7 > 00:00:5e:00:01:41, ethertype IPv4
(0x0800), length 98: IP 70.90.241.185 > 65.103.82.90: icmp 64: echo
request seq 1
19:14:19.760833 00:16:3e:56:2d:c7 > 00:00:5e:00:01:41, ethertype IPv4
(0x0800), length 98: IP 70.90.241.185 > 65.103.82.90: icmp 64: echo
request seq 2
19:14:20.757493 00:16:3e:56:2d:c7 > 00:00:5e:00:01:41, ethertype IPv4
(0x0800), length 98: IP 70.90.241.185 > 65.103.82.90: icmp 64: echo
request seq 3
but it turns out i can't get to the internet from the master, either.
carp-md# route -n get default
route to: default
destination: default
mask: default
gateway: 65.103.82.94
local addr: 65.103.82.90
interface: carp65
flags: <UP,GATEWAY,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 0 0
carp-md# ping 65.103.82.94
PING modem-meus.dsrw.org (65.103.82.94): 56 data bytes
64 bytes from 65.103.82.94: icmp_seq=0 ttl=64 time=2.473 ms
64 bytes from 65.103.82.94: icmp_seq=1 ttl=64 time=0.868 ms
64 bytes from 65.103.82.94: icmp_seq=2 ttl=64 time=0.846 ms
^C
----modem-meus.dsrw.org PING Statistics----
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.846/1.396/2.473/0.933 ms
carp-md# ping -c1 miskatonic.uberh4x0r.org
PING miskatonic.uberh4x0r.org (70.90.241.185): 56 data bytes
ping: sendto: No route to host
^C
----miskatonic.uberh4x0r.org PING Statistics----
1 packets transmitted, 0 packets received, 100.0% packet loss
carp-md#
.94 is the DSL modem, which is the default route for my "real" router.
This machine can, of course, get to the internet.
router-meus# route -n get default
route to: default
destination: default
mask: default
gateway: 65.103.82.94
local addr: 65.103.82.81
interface: xennet1
flags: <UP,GATEWAY,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 0 0
router-meus# ping -c1 65.103.82.94
PING modem-meus.dsrw.org (65.103.82.94): 56 data bytes
64 bytes from 65.103.82.94: icmp_seq=0 ttl=64 time=0.889 ms
----modem-meus.dsrw.org PING Statistics----
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.889/0.889/0.889/0.000 ms
router-meus# ping -c1 miskatonic.uberh4x0r.org
PING miskatonic.uberh4x0r.org (70.90.241.185): 56 data bytes
64 bytes from 70.90.241.185: icmp_seq=0 ttl=51 time=92.139 ms
----miskatonic.uberh4x0r.org PING Statistics----
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 92.139/92.139/92.139/0.000 ms
router-meus#
On 16 Apr 2007, Markus Wernig wrote:
> Hi
>
> I'm not sure about carp supporting addresses in other subnets than the
> physical one. But to debug this further:
> - what does tcpdump -e -n -i xennet1 show on the routers when you ping
> the virtual interface from outside the lan?
> - is the route for the egress path the same as for the ingress path
> (i.e. does the route back to the accessing device point out over the
> same interface (xennet1) that the packets come in on)?
> - maybe your next hop router does not receive the virtual mac address.
> check the arp table on the next hop router.
> - what is the error message when pinging from the outside and who
> generates it?
>
> krgds /markus
>
> david l goodrich wrote:
> > I'm sorry to bring this up again, since it didn't get any responses the
> > first time.
> >
> > But I haven't had any luck on my own, and was hoping someone might have an
> > idea.
> >
> >
> > On 4/9/07, david l goodrich <dlgoodrich> wrote:
> >> I have two hosts in a CARP group.
> >>
> >> on router-meus-cd1, i have the following network configuration:
> >>
> >> router-meus-cd1# ifconfig xennet1
> >> xennet1:
> >> flags=8963<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu
> >> 1500
> >> capabilities=2800<TCP4CSUM_Tx,UDP4CSUM_Tx>
> >> enabled=0
> >> address: 00:16:3e:71:ef:6f
> >> inet 10.10.10.2 netmask 0xffffff00 broadcast 10.10.10.255
> >> inet6 fe80::216:3eff:fe71:ef6f%xennet1 prefixlen 64 scopeid 0x4
> >> router-meus-cd1# ifconfig carp216
> >> carp216: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >> carp: MASTER carpdev xennet1 vhid 216 advbase 1 advskew 0
> >> address: 00:00:5e:00:01:d8
> >> inet 216.51.247.30 netmask 0xfffffff8 broadcast 216.51.247.31
> >> router-meus-cd1#
> >>
> >> on router-meus-cn1, i have a similar configuration:
> >>
> >> router-meus-cn1# ifconfig xennet1
> >> xennet1:
> >> flags=8963<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu
> >> 1500
> >> capabilities=2800<TCP4CSUM_Tx,UDP4CSUM_Tx>
> >> enabled=0
> >> address: 00:16:3e:04:d3:e0
> >> inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
> >> inet6 fe80::216:3eff:fe04:d3e0%xennet1 prefixlen 64 scopeid 0x4
> >> router-meus-cn1# ifconfig carp216
> >> carp216: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >> carp: BACKUP carpdev xennet1 vhid 216 advbase 1 advskew 0216.51.247.30
> >>
> >> address: 00:00:5e:00:01:d8
> >> inet 216.51.247.30 netmask 0xfffffff8 broadcast 216.51.247.31
> >> router-meus-cn1#
> >>
> >>
> >> The default route, nameservers, etc are all set correctly.
> >>
> >> CARP works great on the 216.51.247.24/29 subnet, from any machine on that
> >> subnet I can ping 216.51.247.30.
> >>
> >> When I get outside the subnet, I can't ping the address or ssh to it.
> >>
> >> Does anyone have some insight into why this is happening?
> >>
> >> Thanks
> >> --david
