Re: [vox-tech] 2 Network cards not getting along
Hate to say this, but it sounds like a router. I would turn it on, and see if it works. Then, put together your IP Tables rules to only traffic that you want to go in the direction you desire. On Tue, Dec 15, 2009 at 06:37:04PM -0800, Alex Mandel wrote: > No it is set to 0. Should it be on? This system is not a router, I'm not > really clear on what else would happen if I were to turn it on. > > Thanks, > Alex > > Brian Lavender wrote: > > Do you have forwarding turned on? > > echo "1" > /proc/sys/net/ipv4/ip_forward > > > > On Mon, Dec 14, 2009 at 12:34:27PM -0800, Alex Mandel wrote: > >> This is probably a strange use case, and I'm aware it's not optimum but > >> I need to get it to work while a more long term solution is discussed. > >> > >> I have a server > >> It has 2 network cards > >> card 1 is serving a website to the world and is on subnet 1 > >> card 2 is serving a database, and samba share and is on subnet 2 > >> > >> While card 2 is turned on, people on subnet 2 are unable to see the > >> website, though the rest of the world can. It doesn't matter if they use > >> the domain name, the subnet 1 ip or the subnet 2 ip address, they all > >> timeout. If I turn card 2 off everybody can see the website. > >> > >> So how do I even begin to troubleshoot this issue? > >> > >> In the long run this could all be avoided by relaxing the firewall rules > >> to allow both subnets access to the various ports it needs, but for > >> whatever reason there is a hardware firewall on subnet 1 that I have 0 > >> control over. It's removal has been requested but that might take a few > >> months. Besides that I can't think of a reason why the setup wouldn't work. > >> > >> (Server is Apache 2.2, Ubuntu 8.04) > >> subnet 1 has no domain controller > >> subnet 2 has a windows domain controller (probably Win Server 2008, > >> maybe still 2003) > >> > >> Thanks, > >> Alex > > ___ > vox-tech mailing list > vox-tech@lists.lugod.org > http://lists.lugod.org/mailman/listinfo/vox-tech -- Brian Lavender http://www.brie.com/brian/ ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] 2 Network cards not getting along
No it is set to 0. Should it be on? This system is not a router, I'm not really clear on what else would happen if I were to turn it on. Thanks, Alex Brian Lavender wrote: > Do you have forwarding turned on? > echo "1" > /proc/sys/net/ipv4/ip_forward > > On Mon, Dec 14, 2009 at 12:34:27PM -0800, Alex Mandel wrote: >> This is probably a strange use case, and I'm aware it's not optimum but >> I need to get it to work while a more long term solution is discussed. >> >> I have a server >> It has 2 network cards >> card 1 is serving a website to the world and is on subnet 1 >> card 2 is serving a database, and samba share and is on subnet 2 >> >> While card 2 is turned on, people on subnet 2 are unable to see the >> website, though the rest of the world can. It doesn't matter if they use >> the domain name, the subnet 1 ip or the subnet 2 ip address, they all >> timeout. If I turn card 2 off everybody can see the website. >> >> So how do I even begin to troubleshoot this issue? >> >> In the long run this could all be avoided by relaxing the firewall rules >> to allow both subnets access to the various ports it needs, but for >> whatever reason there is a hardware firewall on subnet 1 that I have 0 >> control over. It's removal has been requested but that might take a few >> months. Besides that I can't think of a reason why the setup wouldn't work. >> >> (Server is Apache 2.2, Ubuntu 8.04) >> subnet 1 has no domain controller >> subnet 2 has a windows domain controller (probably Win Server 2008, >> maybe still 2003) >> >> Thanks, >> Alex ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] 2 Network cards not getting along
Do you have forwarding turned on? echo "1" > /proc/sys/net/ipv4/ip_forward On Mon, Dec 14, 2009 at 12:34:27PM -0800, Alex Mandel wrote: > This is probably a strange use case, and I'm aware it's not optimum but > I need to get it to work while a more long term solution is discussed. > > I have a server > It has 2 network cards > card 1 is serving a website to the world and is on subnet 1 > card 2 is serving a database, and samba share and is on subnet 2 > > While card 2 is turned on, people on subnet 2 are unable to see the > website, though the rest of the world can. It doesn't matter if they use > the domain name, the subnet 1 ip or the subnet 2 ip address, they all > timeout. If I turn card 2 off everybody can see the website. > > So how do I even begin to troubleshoot this issue? > > In the long run this could all be avoided by relaxing the firewall rules > to allow both subnets access to the various ports it needs, but for > whatever reason there is a hardware firewall on subnet 1 that I have 0 > control over. It's removal has been requested but that might take a few > months. Besides that I can't think of a reason why the setup wouldn't work. > > (Server is Apache 2.2, Ubuntu 8.04) > subnet 1 has no domain controller > subnet 2 has a windows domain controller (probably Win Server 2008, > maybe still 2003) > > Thanks, > Alex > ___ > vox-tech mailing list > vox-tech@lists.lugod.org > http://lists.lugod.org/mailman/listinfo/vox-tech -- Brian Lavender http://www.brie.com/brian/ ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] 2 Network cards not getting along
Alex Mandel wrote: > Could you clarify a few things about some of the ideas? > > On 3, when you say internal, what where are you referring to? > Should I have been more clear that subnet 2 connects to the outside > world on it's own, it's not an "internal network". My 2nd nic is simply > another machine on an existing network. > That said I don't understand the DNS issue considering I currently get > to either nic in testing by IP address and it still behaves the same > way. Also I don't have control over the real DNS server that points the > outside world to our webserver.(Not sure if that matters, since I > clearly only partially understand this stuff) > Well now it does sound like the static route would be the best solution. > 4 - this solution means turning off the 2nd nic and essentially bridging > the networks? No, that is not what I was thinking about. Maybe we can talk more about this next Monday night. Tony ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] 2 Network cards not getting along
Tony Cratz wrote: > Alex Mandel wrote: >> This is probably a strange use case, and I'm aware it's not optimum but >> I need to get it to work while a more long term solution is discussed. >> >> I have a server >> It has 2 network cards >> card 1 is serving a website to the world and is on subnet 1 >> card 2 is serving a database, and samba share and is on subnet 2 >> >> While card 2 is turned on, people on subnet 2 are unable to see the >> website, though the rest of the world can. It doesn't matter if they use >> the domain name, the subnet 1 ip or the subnet 2 ip address, they all >> timeout. If I turn card 2 off everybody can see the website. > > I have not seen any response to this so let me try a couple > of suggestions. > > 1) Create a static route on the second network to route the > webserver IP to the main server. > > 2) Use a static route to route from the internal network > to the second NIC card on the web server. > > 3a) Create an internal DNS server which is master for the > web server zone. > > 3b) Have all internal systems use the new name server. > > 4) Have your gateway/router set up to route between the > internal network and the web server (works much like a > static route but you don't have to set it up on all of the > systems). > > I like options #3 and #4. For myself my gateway/router does > this for me. If you use both #3 and #4 you are better off. > > If you would like to talk about this more please contact > me off list. > > > Tony > > Could you clarify a few things about some of the ideas? On 3, when you say internal, what where are you referring to? Should I have been more clear that subnet 2 connects to the outside world on it's own, it's not an "internal network". My 2nd nic is simply another machine on an existing network. That said I don't understand the DNS issue considering I currently get to either nic in testing by IP address and it still behaves the same way. Also I don't have control over the real DNS server that points the outside world to our webserver.(Not sure if that matters, since I clearly only partially understand this stuff) 4 - this solution means turning off the 2nd nic and essentially bridging the networks? Thanks, Alex ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] 2 Network cards not getting along
Tony Cratz wrote: > > 1) Create a static route on the second network to route the > webserver IP to the main server. > > 2) Use a static route to route from the internal network > to the second NIC card on the web server. Damn, I knew I should have read that before I sent it out as both of those are the same. Tony ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] 2 Network cards not getting along
Alex Mandel wrote: > This is probably a strange use case, and I'm aware it's not optimum but > I need to get it to work while a more long term solution is discussed. > > I have a server > It has 2 network cards > card 1 is serving a website to the world and is on subnet 1 > card 2 is serving a database, and samba share and is on subnet 2 > > While card 2 is turned on, people on subnet 2 are unable to see the > website, though the rest of the world can. It doesn't matter if they use > the domain name, the subnet 1 ip or the subnet 2 ip address, they all > timeout. If I turn card 2 off everybody can see the website. I have not seen any response to this so let me try a couple of suggestions. 1) Create a static route on the second network to route the webserver IP to the main server. 2) Use a static route to route from the internal network to the second NIC card on the web server. 3a) Create an internal DNS server which is master for the web server zone. 3b) Have all internal systems use the new name server. 4) Have your gateway/router set up to route between the internal network and the web server (works much like a static route but you don't have to set it up on all of the systems). I like options #3 and #4. For myself my gateway/router does this for me. If you use both #3 and #4 you are better off. If you would like to talk about this more please contact me off list. Tony ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech