Linux box acting as gateway (solved)












0














Have an issue with a linux box acting as a gateway.



Net 213.95.35.64/27 is routed to gateway 213.95.92.158



Gateway is a linux box with two virtual ip addresses: 



ens160: flags=67<UP,BROADCAST,RUNNING>  mtu 1500

        inet 213.95.92.158  netmask 255.255.255.248  broadcast 213.95.92.159

        inet6 fe80::20c:29ff:fe18:b27b  prefixlen 64  scopeid 0x20<link>

        ether 00:0c:29:18:b2:7b  txqueuelen 1000  (Ethernet)

        RX packets 5335395  bytes 1762272589 (1.7 GB)

        RX errors 0  dropped 2614  overruns 0  frame 0

        TX packets 3152319  bytes 392664253 (392.6 MB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



ens160:1: flags=67<UP,BROADCAST,RUNNING>  mtu 1500

        inet 213.95.35.65  netmask 255.255.255.224  broadcast 213.95.35.95

        ether 00:0c:29:18:b2:7b  txqueuelen 1000  (Ethernet)


Route table is



# route -n Kernel-IP-Routentabelle Ziel            Router          Genmask         Flags Metric Ref    Use Iface

0.0.0.0         213.95.92.154   0.0.0.0         UG    0      0        0 ens160

213.95.35.64    0.0.0.0         255.255.255.224 U     0      0        0 ens160

213.95.92.152   0.0.0.0         255.255.255.248 U     0      0        0 ens160


/proc/sys/net/ipv4/ip_forward contains 1



iptables -L gets



Chain INPUT (policy ACCEPT) target     prot opt source               destination         



Chain FORWARD (policy ACCEPT) target     prot opt source               destination         



Chain OUTPUT (policy ACCEPT) target     prot opt source               destination


There is a web server at address 213.95.35.67



Default gateway at web server 213.95.35.67 is 213.95.35.65



If I do a mtr 213.95.35.67 from an external PC I get different results. There are PCs where the server 213.95.35.67 is reachable (last hop is ok) and there are PCs where the server in not reachable (trace goes until gateway 213.95.35.65 and the last hop has a package lost rate of 100%.



At server 213.95.35.67: If I do a mtr 8.8.8.8 then I get about 7 to 10 successful route paths and after that I get an encreasing package loss rate up to 100%



I have no idea what is wrong and how to fix it to get a stable connection zo server 213.95.35.67.
Is there anybody ho can give me hints, how to narrow down the problem?



Regards Bernhard



Solution: Linux box acting as a gateway needs 2 different network interfaces. Using two virtual interfaces causes errors in packet routing and makes connections instable. Sometimes it works and sometimes it doesn't.
I installed second NIC and connected external net to one and internal net to the other one. This made the connection stable and reliable.






server iptables routing gateway







share|improve this question




















  • 1




    Please post the solution as a proper answer. You should see an orange button Answer Your Question if you scroll below
    – Sergiy Kolodyazhnyy
    Dec 27 at 8:28
















0














Have an issue with a linux box acting as a gateway.



Net 213.95.35.64/27 is routed to gateway 213.95.92.158



Gateway is a linux box with two virtual ip addresses: 



ens160: flags=67<UP,BROADCAST,RUNNING>  mtu 1500

        inet 213.95.92.158  netmask 255.255.255.248  broadcast 213.95.92.159

        inet6 fe80::20c:29ff:fe18:b27b  prefixlen 64  scopeid 0x20<link>

        ether 00:0c:29:18:b2:7b  txqueuelen 1000  (Ethernet)

        RX packets 5335395  bytes 1762272589 (1.7 GB)

        RX errors 0  dropped 2614  overruns 0  frame 0

        TX packets 3152319  bytes 392664253 (392.6 MB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



ens160:1: flags=67<UP,BROADCAST,RUNNING>  mtu 1500

        inet 213.95.35.65  netmask 255.255.255.224  broadcast 213.95.35.95

        ether 00:0c:29:18:b2:7b  txqueuelen 1000  (Ethernet)


Route table is



# route -n Kernel-IP-Routentabelle Ziel            Router          Genmask         Flags Metric Ref    Use Iface

0.0.0.0         213.95.92.154   0.0.0.0         UG    0      0        0 ens160

213.95.35.64    0.0.0.0         255.255.255.224 U     0      0        0 ens160

213.95.92.152   0.0.0.0         255.255.255.248 U     0      0        0 ens160


/proc/sys/net/ipv4/ip_forward contains 1



iptables -L gets



Chain INPUT (policy ACCEPT) target     prot opt source               destination         



Chain FORWARD (policy ACCEPT) target     prot opt source               destination         



Chain OUTPUT (policy ACCEPT) target     prot opt source               destination


There is a web server at address 213.95.35.67



Default gateway at web server 213.95.35.67 is 213.95.35.65



If I do a mtr 213.95.35.67 from an external PC I get different results. There are PCs where the server 213.95.35.67 is reachable (last hop is ok) and there are PCs where the server in not reachable (trace goes until gateway 213.95.35.65 and the last hop has a package lost rate of 100%.



At server 213.95.35.67: If I do a mtr 8.8.8.8 then I get about 7 to 10 successful route paths and after that I get an encreasing package loss rate up to 100%



I have no idea what is wrong and how to fix it to get a stable connection zo server 213.95.35.67.
Is there anybody ho can give me hints, how to narrow down the problem?



Regards Bernhard



Solution: Linux box acting as a gateway needs 2 different network interfaces. Using two virtual interfaces causes errors in packet routing and makes connections instable. Sometimes it works and sometimes it doesn't.
I installed second NIC and connected external net to one and internal net to the other one. This made the connection stable and reliable.






server iptables routing gateway







share|improve this question




















  • 1




    Please post the solution as a proper answer. You should see an orange button Answer Your Question if you scroll below
    – Sergiy Kolodyazhnyy
    Dec 27 at 8:28














0












0








0







Have an issue with a linux box acting as a gateway.



Net 213.95.35.64/27 is routed to gateway 213.95.92.158



Gateway is a linux box with two virtual ip addresses: 



ens160: flags=67<UP,BROADCAST,RUNNING>  mtu 1500

        inet 213.95.92.158  netmask 255.255.255.248  broadcast 213.95.92.159

        inet6 fe80::20c:29ff:fe18:b27b  prefixlen 64  scopeid 0x20<link>

        ether 00:0c:29:18:b2:7b  txqueuelen 1000  (Ethernet)

        RX packets 5335395  bytes 1762272589 (1.7 GB)

        RX errors 0  dropped 2614  overruns 0  frame 0

        TX packets 3152319  bytes 392664253 (392.6 MB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



ens160:1: flags=67<UP,BROADCAST,RUNNING>  mtu 1500

        inet 213.95.35.65  netmask 255.255.255.224  broadcast 213.95.35.95

        ether 00:0c:29:18:b2:7b  txqueuelen 1000  (Ethernet)


Route table is



# route -n Kernel-IP-Routentabelle Ziel            Router          Genmask         Flags Metric Ref    Use Iface

0.0.0.0         213.95.92.154   0.0.0.0         UG    0      0        0 ens160

213.95.35.64    0.0.0.0         255.255.255.224 U     0      0        0 ens160

213.95.92.152   0.0.0.0         255.255.255.248 U     0      0        0 ens160


/proc/sys/net/ipv4/ip_forward contains 1



iptables -L gets



Chain INPUT (policy ACCEPT) target     prot opt source               destination         



Chain FORWARD (policy ACCEPT) target     prot opt source               destination         



Chain OUTPUT (policy ACCEPT) target     prot opt source               destination


There is a web server at address 213.95.35.67



Default gateway at web server 213.95.35.67 is 213.95.35.65



If I do a mtr 213.95.35.67 from an external PC I get different results. There are PCs where the server 213.95.35.67 is reachable (last hop is ok) and there are PCs where the server in not reachable (trace goes until gateway 213.95.35.65 and the last hop has a package lost rate of 100%.



At server 213.95.35.67: If I do a mtr 8.8.8.8 then I get about 7 to 10 successful route paths and after that I get an encreasing package loss rate up to 100%



I have no idea what is wrong and how to fix it to get a stable connection zo server 213.95.35.67.
Is there anybody ho can give me hints, how to narrow down the problem?



Regards Bernhard



Solution: Linux box acting as a gateway needs 2 different network interfaces. Using two virtual interfaces causes errors in packet routing and makes connections instable. Sometimes it works and sometimes it doesn't.
I installed second NIC and connected external net to one and internal net to the other one. This made the connection stable and reliable.






server iptables routing gateway







share|improve this question















Have an issue with a linux box acting as a gateway.



Net 213.95.35.64/27 is routed to gateway 213.95.92.158



Gateway is a linux box with two virtual ip addresses: 



ens160: flags=67<UP,BROADCAST,RUNNING>  mtu 1500

        inet 213.95.92.158  netmask 255.255.255.248  broadcast 213.95.92.159

        inet6 fe80::20c:29ff:fe18:b27b  prefixlen 64  scopeid 0x20<link>

        ether 00:0c:29:18:b2:7b  txqueuelen 1000  (Ethernet)

        RX packets 5335395  bytes 1762272589 (1.7 GB)

        RX errors 0  dropped 2614  overruns 0  frame 0

        TX packets 3152319  bytes 392664253 (392.6 MB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



ens160:1: flags=67<UP,BROADCAST,RUNNING>  mtu 1500

        inet 213.95.35.65  netmask 255.255.255.224  broadcast 213.95.35.95

        ether 00:0c:29:18:b2:7b  txqueuelen 1000  (Ethernet)


Route table is



# route -n Kernel-IP-Routentabelle Ziel            Router          Genmask         Flags Metric Ref    Use Iface

0.0.0.0         213.95.92.154   0.0.0.0         UG    0      0        0 ens160

213.95.35.64    0.0.0.0         255.255.255.224 U     0      0        0 ens160

213.95.92.152   0.0.0.0         255.255.255.248 U     0      0        0 ens160


/proc/sys/net/ipv4/ip_forward contains 1



iptables -L gets



Chain INPUT (policy ACCEPT) target     prot opt source               destination         



Chain FORWARD (policy ACCEPT) target     prot opt source               destination         



Chain OUTPUT (policy ACCEPT) target     prot opt source               destination


There is a web server at address 213.95.35.67



Default gateway at web server 213.95.35.67 is 213.95.35.65



If I do a mtr 213.95.35.67 from an external PC I get different results. There are PCs where the server 213.95.35.67 is reachable (last hop is ok) and there are PCs where the server in not reachable (trace goes until gateway 213.95.35.65 and the last hop has a package lost rate of 100%.



At server 213.95.35.67: If I do a mtr 8.8.8.8 then I get about 7 to 10 successful route paths and after that I get an encreasing package loss rate up to 100%



I have no idea what is wrong and how to fix it to get a stable connection zo server 213.95.35.67.
Is there anybody ho can give me hints, how to narrow down the problem?



Regards Bernhard



Solution: Linux box acting as a gateway needs 2 different network interfaces. Using two virtual interfaces causes errors in packet routing and makes connections instable. Sometimes it works and sometimes it doesn't.
I installed second NIC and connected external net to one and internal net to the other one. This made the connection stable and reliable.






server iptables routing gateway




server iptables routing gateway






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 27 at 8:06

























asked Dec 25 at 23:46









Bernhard

292




292








  • 1




    Please post the solution as a proper answer. You should see an orange button Answer Your Question if you scroll below
    – Sergiy Kolodyazhnyy
    Dec 27 at 8:28














  • 1




    Please post the solution as a proper answer. You should see an orange button Answer Your Question if you scroll below
    – Sergiy Kolodyazhnyy
    Dec 27 at 8:28








1




1




Please post the solution as a proper answer. You should see an orange button Answer Your Question if you scroll below
– Sergiy Kolodyazhnyy
Dec 27 at 8:28




Please post the solution as a proper answer. You should see an orange button Answer Your Question if you scroll below
– Sergiy Kolodyazhnyy
Dec 27 at 8:28















active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1104534%2flinux-box-acting-as-gateway-solved%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1104534%2flinux-box-acting-as-gateway-solved%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Category:香港粉麵

更多信息,请参阅 香港粉麵 。 此分類包括香港常見的麵條類食品,粉麵類型請放於Category:面条分類 This page is only for reference, If you need detailed information, please check here
Read more

List *all* the tuples!

Image
27 4 $begingroup$ Write a program, given an input n , will generate all possible n-tuples using natural numbers. n=1 (1),(2),(3),(4),(5),(6)... n=2 (1,1),(1,2),(2,1),(2,2),(1,3),(3,1),(2,3),(3,2),(3,3)... n=6 (1,1,1,1,1,1) (1,1,1,1,2,1) (1,1,1,2,1,1)... The output may be in any order that does not break any other rules. The program must be written to run forever and list all applicable tuples exactly once, in theory. In reality, your program will reach your integer type's limit and crash. This is acceptable as long the program would run infinitely long if only your integer type was unlimited. Each valid tuple must be listed within finite time, if only the program were allowed to run that long. The output may, at your option, include zeroes in addition to the natural numbers. You may choos...
Read more

Channel [V]

Image
  本文介紹的是國際性音樂電視頻道Channel [V]的主條目。關於在臺灣地區前稱Channel [V]的子電視頻道,請見「 FOX (台灣頻道) 」。 body.skin-minerva .mw-parser-output table.infobox caption{text-align:center} Channel [V] Channel [V] 所有者 星空傳媒 福斯傳媒集團 星空華文傳媒(中国大陆频道) 开播日期 1991年9月15日 口号 全球最強華語音樂頻道;亞洲第一音樂頻道 播出地区 亞洲各地 旧称 衛視音樂台 取代者 [V] by FOX (東南亞和中東國家版本) 姊妹频道 星空衛視 收看方法 有线电视   澳門澳門有線電視 [V]國際頻道:73頻道 [V]中國頻道:74頻道   中国深圳天威视讯 [V]中國頻道:尚未定頻   中国南京数字电视 [V]中國頻道:91頻道   中国中国大陸数字电视 [V]中國頻道:随地区而变 宽带电视   香港now寬頻電視 [V]國際頻道:534頻道 臺灣中華電信MOD [V]國際娛樂頻道HD:151頻道   新加坡Mio TV [V]國際娛樂頻道HD:352頻道 [V]中國頻道:547頻道 Channel [V] 是一個國際性的音樂電視頻道,隸屬於星空傳媒,在東亞、東南亞、南亞、中東地區等地多個國家播放。該頻道主要播放英文主流音樂和一些區域性語言的歌曲,其中在台灣與中國大陸主要播放華語流行音樂。2010年8月星空傳媒把中国大陆頻道控股權易手予上海市人民政府牽頭成立的華人文化產業投資基金 [1] 。 目录 1 V的含義 2 Channel [V]國際頻道 3 Channel [V]臺灣頻道 4 Channel [V]中國頻道 5 其它的Channel [V]頻道 6 参见 7 參考資料 8 外部链接 V的含義 官方並無提供字母 V 的確切含義,以下是流傳的說法: 最廣泛的說法是V代表胜利(victory)...
Read more