Re: [vox-tech] 2 Network cards not getting along

2009-12-15 Thread Brian Lavender
Hate to say this, but it sounds like a router. I would turn it on,
and see if it works. Then, put together your IP Tables rules to only
traffic that you want to go in the direction you desire.

On Tue, Dec 15, 2009 at 06:37:04PM -0800, Alex Mandel wrote:
> No it is set to 0. Should it be on? This system is not a router, I'm not
> really clear on what else would happen if I were to turn it on.
> 
> Thanks,
> Alex
> 
> Brian Lavender wrote:
> > Do you have forwarding turned on?
> > echo "1" > /proc/sys/net/ipv4/ip_forward
> > 
> > On Mon, Dec 14, 2009 at 12:34:27PM -0800, Alex Mandel wrote:
> >> This is probably a strange use case, and I'm aware it's not optimum but
> >> I need to get it to work while a more long term solution is discussed.
> >>
> >> I have a server
> >> It has 2 network cards
> >> card 1 is serving a website to the world and is on subnet 1
> >> card 2 is serving a database, and samba share and is on subnet 2
> >>
> >> While card 2 is turned on, people on subnet 2 are unable to see the
> >> website, though the rest of the world can. It doesn't matter if they use
> >> the domain name, the subnet 1 ip or the subnet 2 ip address, they all
> >> timeout. If I turn card 2 off everybody can see the website.
> >>
> >> So how do I even begin to troubleshoot this issue?
> >>
> >> In the long run this could all be avoided by relaxing the firewall rules
> >>  to allow both subnets access to the various ports it needs, but for
> >> whatever reason there is a hardware firewall on subnet 1 that I have 0
> >> control over. It's removal has been requested but that might take a few
> >> months. Besides that I can't think of a reason why the setup wouldn't work.
> >>
> >> (Server is Apache 2.2, Ubuntu 8.04)
> >> subnet 1 has no domain controller
> >> subnet 2 has a windows domain controller (probably Win Server 2008,
> >> maybe still 2003)
> >>
> >> Thanks,
> >> Alex
> 
> ___
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

-- 
Brian Lavender
http://www.brie.com/brian/
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] 2 Network cards not getting along

2009-12-15 Thread Alex Mandel
No it is set to 0. Should it be on? This system is not a router, I'm not
really clear on what else would happen if I were to turn it on.

Thanks,
Alex

Brian Lavender wrote:
> Do you have forwarding turned on?
> echo "1" > /proc/sys/net/ipv4/ip_forward
> 
> On Mon, Dec 14, 2009 at 12:34:27PM -0800, Alex Mandel wrote:
>> This is probably a strange use case, and I'm aware it's not optimum but
>> I need to get it to work while a more long term solution is discussed.
>>
>> I have a server
>> It has 2 network cards
>> card 1 is serving a website to the world and is on subnet 1
>> card 2 is serving a database, and samba share and is on subnet 2
>>
>> While card 2 is turned on, people on subnet 2 are unable to see the
>> website, though the rest of the world can. It doesn't matter if they use
>> the domain name, the subnet 1 ip or the subnet 2 ip address, they all
>> timeout. If I turn card 2 off everybody can see the website.
>>
>> So how do I even begin to troubleshoot this issue?
>>
>> In the long run this could all be avoided by relaxing the firewall rules
>>  to allow both subnets access to the various ports it needs, but for
>> whatever reason there is a hardware firewall on subnet 1 that I have 0
>> control over. It's removal has been requested but that might take a few
>> months. Besides that I can't think of a reason why the setup wouldn't work.
>>
>> (Server is Apache 2.2, Ubuntu 8.04)
>> subnet 1 has no domain controller
>> subnet 2 has a windows domain controller (probably Win Server 2008,
>> maybe still 2003)
>>
>> Thanks,
>> Alex

___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] 2 Network cards not getting along

2009-12-15 Thread Brian Lavender
Do you have forwarding turned on?
echo "1" > /proc/sys/net/ipv4/ip_forward

On Mon, Dec 14, 2009 at 12:34:27PM -0800, Alex Mandel wrote:
> This is probably a strange use case, and I'm aware it's not optimum but
> I need to get it to work while a more long term solution is discussed.
> 
> I have a server
> It has 2 network cards
> card 1 is serving a website to the world and is on subnet 1
> card 2 is serving a database, and samba share and is on subnet 2
> 
> While card 2 is turned on, people on subnet 2 are unable to see the
> website, though the rest of the world can. It doesn't matter if they use
> the domain name, the subnet 1 ip or the subnet 2 ip address, they all
> timeout. If I turn card 2 off everybody can see the website.
> 
> So how do I even begin to troubleshoot this issue?
> 
> In the long run this could all be avoided by relaxing the firewall rules
>  to allow both subnets access to the various ports it needs, but for
> whatever reason there is a hardware firewall on subnet 1 that I have 0
> control over. It's removal has been requested but that might take a few
> months. Besides that I can't think of a reason why the setup wouldn't work.
> 
> (Server is Apache 2.2, Ubuntu 8.04)
> subnet 1 has no domain controller
> subnet 2 has a windows domain controller (probably Win Server 2008,
> maybe still 2003)
> 
> Thanks,
> Alex
> ___
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

-- 
Brian Lavender
http://www.brie.com/brian/
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] 2 Network cards not getting along

2009-12-15 Thread Tony Cratz
Alex Mandel wrote:
> Could you clarify a few things about some of the ideas?
> 
> On 3, when you say internal, what where are you referring to?
> Should I have been more clear that subnet 2 connects to the outside
> world on it's own, it's not an "internal network". My 2nd nic is simply
> another machine on an existing network.
> That said I don't understand the DNS issue considering I currently get
> to either nic in testing by IP address and it still behaves the same
> way. Also I don't have control over the real DNS server that points the
> outside world to our webserver.(Not sure if that matters, since I
> clearly only partially understand this stuff)
> 

Well now it does sound like the static route would be the
best solution.

> 4 - this solution means turning off the 2nd nic and essentially bridging
> the networks?

No, that is not what I was thinking about. Maybe we can talk
more about this next Monday night.


Tony
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] 2 Network cards not getting along

2009-12-14 Thread Alex Mandel
Tony Cratz wrote:
> Alex Mandel wrote:
>> This is probably a strange use case, and I'm aware it's not optimum but
>> I need to get it to work while a more long term solution is discussed.
>>
>> I have a server
>> It has 2 network cards
>> card 1 is serving a website to the world and is on subnet 1
>> card 2 is serving a database, and samba share and is on subnet 2
>>
>> While card 2 is turned on, people on subnet 2 are unable to see the
>> website, though the rest of the world can. It doesn't matter if they use
>> the domain name, the subnet 1 ip or the subnet 2 ip address, they all
>> timeout. If I turn card 2 off everybody can see the website.
> 
>   I have not seen any response to this so let me try a couple
>   of suggestions.
> 
>   1) Create a static route on the second network to route the
>   webserver IP to the main server.
> 
>   2) Use a static route to route from the internal network
>   to the second NIC card on the web server.
> 
>   3a) Create an internal DNS server which is master for the
>   web server zone.
> 
>   3b) Have all internal systems use the new name server.
> 
>   4) Have your gateway/router set up to route between the
>   internal network and the web server (works much like a
>   static route but you don't have to set it up on all of the
>   systems).
> 
>   I like options #3 and #4. For myself my gateway/router does
>   this for me. If you use both #3 and #4 you are better off.
> 
>   If you would like to talk about this more please contact
>   me off list.
> 
> 
>   Tony
> 
>   
Could you clarify a few things about some of the ideas?

On 3, when you say internal, what where are you referring to?
Should I have been more clear that subnet 2 connects to the outside
world on it's own, it's not an "internal network". My 2nd nic is simply
another machine on an existing network.
That said I don't understand the DNS issue considering I currently get
to either nic in testing by IP address and it still behaves the same
way. Also I don't have control over the real DNS server that points the
outside world to our webserver.(Not sure if that matters, since I
clearly only partially understand this stuff)

4 - this solution means turning off the 2nd nic and essentially bridging
the networks?

Thanks,
Alex
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] 2 Network cards not getting along

2009-12-14 Thread Tony Cratz
Tony Cratz wrote:
> 
>   1) Create a static route on the second network to route the
>   webserver IP to the main server.
> 
>   2) Use a static route to route from the internal network
>   to the second NIC card on the web server.

Damn, I knew I should have read that before I sent it out as
both of those are the same.


Tony
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] 2 Network cards not getting along

2009-12-14 Thread Tony Cratz
Alex Mandel wrote:
> This is probably a strange use case, and I'm aware it's not optimum but
> I need to get it to work while a more long term solution is discussed.
> 
> I have a server
> It has 2 network cards
> card 1 is serving a website to the world and is on subnet 1
> card 2 is serving a database, and samba share and is on subnet 2
> 
> While card 2 is turned on, people on subnet 2 are unable to see the
> website, though the rest of the world can. It doesn't matter if they use
> the domain name, the subnet 1 ip or the subnet 2 ip address, they all
> timeout. If I turn card 2 off everybody can see the website.

I have not seen any response to this so let me try a couple
of suggestions.

1) Create a static route on the second network to route the
webserver IP to the main server.

2) Use a static route to route from the internal network
to the second NIC card on the web server.

3a) Create an internal DNS server which is master for the
web server zone.

3b) Have all internal systems use the new name server.

4) Have your gateway/router set up to route between the
internal network and the web server (works much like a
static route but you don't have to set it up on all of the
systems).

I like options #3 and #4. For myself my gateway/router does
this for me. If you use both #3 and #4 you are better off.

If you would like to talk about this more please contact
me off list.


Tony


___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech