This didn't seem to violate any rules, but if it does, please remove or yell at me.
So, I have a new host (problem host, 10.10.10.250/16 [yes, I know, not my doing]) in network A, and I am trying to communicate with a host (monitoring host, 10.5.1.235) in network B (separated by 2 routers, the router nearest to Problem has 10.10.10.14/16). Problem can reach (bidirectional) everything in it's own network including the router and the internet. Monitoring can reach everything, except Problem, in Problem's network. The only devices between Problem's router and Problem are switches without configuration (dumb).
The router on the Problem side see's Problem's traffic get to Monitoring, and Monitoring's replies to the point of forwarding the responses on to the local network segment of Problem. The responses are never received at Problem.
From Problem:
17:26:36.454187 IP (tos 0x0, ttl 64, id 51811, offset 0, flags [DF], proto ICMP (1), length 84) 10.10.10.250 > 10.5.1.235: ICMP echo request, id 2243, seq 780, length 64 17:26:37.478137 IP (tos 0x0, ttl 64, id 51988, offset 0, flags [DF], proto ICMP (1), length 84) 10.10.10.250 > 10.5.1.235: ICMP echo request, id 2243, seq 781, length 64 17:26:38.502160 IP (tos 0x0, ttl 64, id 52098, offset 0, flags [DF], proto ICMP (1), length 84) 10.10.10.250 > 10.5.1.235: ICMP echo request, id 2243, seq 782, length 64
From router on the problem side:
12:24:16.154660 IP (tos 0x0, ttl 64, id 33227, offset 0, flags [DF], proto ICMP (1), length 84) 10.10.10.250 > 10.5.1.235: ICMP echo request, id 2243, seq 643, length 64 12:24:16.246142 IP (tos 0x0, ttl 62, id 16943, offset 0, flags [none], proto ICMP (1), length 84) 10.5.1.235 > 10.10.10.250: ICMP echo reply, id 2243, seq 643, length 64
Monitoring:
12:24:27.438394 IP (tos 0x0, ttl 62, id 34490, offset 0, flags [DF], proto ICMP (1), length 84) 10.10.10.250 > 10.5.1.235: ICMP echo request, id 2243, seq 654, length 64 12:24:27.438444 IP (tos 0x0, ttl 64, id 18549, offset 0, flags [none], proto ICMP (1), length 84) 10.5.1.235 > 10.10.10.250: ICMP echo reply, id 2243, seq 654, length 64
Problem is a fresh Ubuntu 18.04 install, no iptables rules and default to accept. As I'm doubting my sanity, I've enabled logging of dropped packets on the router on Problem's side, and there are no relevant entries. This device is the last hop that performs any routing/filtering on Problem's side.
The only thing I can think of that I'd like to try but haven't, is moving Problem to a different switch/switchport/cable/NIC. However, considering that Problem can reach the hosts on it's own network and internet without problem, it seems that switch/switchport/cable/NIC should be OK.
I have changed Problem's IP 3 times now with the same result for each. I feel like I'm taking crazy pills...
Do you brilliant folks have any ideas? My only thoughts going forward are to change switch/switchport/cable/NIC and then reinstall, despite the fact that these seem unlikely to resolve this problem. I am out of ideas.
No comments:
Post a Comment