Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 434
  • Last Modified:

Unable to access remote systems from Linux, but able to access from Windows

Hello All,

We have a setup as below.

On the Linux machine, I have added two routes :

net 172.16.0.0/24 gw 192.168.2.18
net 192.168.1.0/24 gw 192.168.2.18

We can ping the remote system from WIndows / Macs but unable to ping from teh linux machine.

Also, if we do a tcpdump on the linux machine and ping from the remote machine, the packets do not reach the linux machine from the router at all.

From the Linux machine, I can ping :

192.168.2.18
172.16.154.117
172.16.154.118

but not beyond.

Any pointers is appreciated.

Thanks in advance.
nw.jpg
0
rr02
Asked:
rr02
  • 4
  • 2
2 Solutions
 
ByteSleuthCommented:
Hello,

please do a tcp dump at the first router from the remote-machine.
Check the dump: can you see your ping packages here? if yes, do the same at the second router. can you see your package there? Did you check'd the acl's on the routers?

HTH

bytesleuth
0
 
rr02Author Commented:
Unfortunately, the routers are 3com MSR 20 routers and dont seem to have a feature to dump packets.

The remote machine is a windows machine and it can ping the local windows machine (same subnet as the linux machine). Only in the case of the linux machines, the packets don't seem to reach the machine from/to the router.

The arp tables are populated correctly and connectivity between the router and linux machine is OK though. We can ping as well as access the router configuration pages via http.

We have checked the router settings. No acls have been set.

Thanks!

0
 
jsd9Commented:
Have you checked to make sure you have a configured default gateway.  Based on your network diagram it looks like your default gateway should be 192.168.2.18.

Here is a link regarding default gateway setup and verification:

http://www.cyberciti.biz/faq/linux-setup-default-gateway-with-route-command/
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
rr02Author Commented:
Tried that too. We have multiple linux systems, one of which is a router and has a different gateway.
Only on this do we have a different default gateway.

On all other systems, the default gateway is 192.168.2.18

traceroute to 192.168.1.30 (192.168.1.30), 30 hops max, 38 byte packets
 1  * * *
 2  172.16.154.118 (172.16.154.118)  4.491 ms  4.432 ms  4.441 ms
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *

Since this shows that it has gone to the router, looks like routing table is set correctly.

Have even tried setting the routing table as below :

192.168.2.18    *                     255.255.255.255 UH    0      0        0 eth1
192.168.1.0     192.168.2.18    255.255.255.0     UG    0      0        0 eth1
172.34.0.0       192.168.2.18    255.255.0.0        UG    0      0        0 eth1
default             192.168.2.18    0.0.0.0               UG    0      0        0 eth1
0
 
jsd9Commented:
Perhaps there are some router access lists or firewalls not depicted on the network diagram?  I am not sure how much visibility you have into the router and the cloud in between the Linux and remote machine.  One thing you could try would be swapping IP addresses between the Linux and one of the local machines that works.  If the issue follows the IP address, than you know that there is something blocking that address.  
0
 
rr02Author Commented:
We checked the router acls. Could not find anything unusual. The config is as above. The only thing we dont have visibility into is the cloud.

We also tried with different IPs. Same result.

We even connected the linux machine directly to the router and tried traceroute. Same result. THe packets reach the WAN interface of the router but not beyond. Suspect some ISP issue.

There could be some settings with the ISP that is blocking these packets for some reason. We have also asked them to check.

If there was a way to do a tcpdump or equivalent on the 3com MSR 20 router, we should have some clues. Anyone has an idea about this router?
0
 
rr02Author Commented:
It was an ISP problem after all. It looks like they were blocking IP addresses below .20. And, all our linux machines were below .20 and windows machines above that ip.

We discovered it when we assigned an IP below .20 to a windows system.

Thanks everyone!
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now