Can ping SLES11 Server

I have a new SLES11 server built at a branch 1.

I can ping anything inside the branch from the server and everything at other branches as well. Can also access internet

I go to another branch, lets say branch 2. I can’t ping this server at branch 1 but can ping everything else at branch 1.

Hi nix34,

[QUOTE=nix34;14882]I have a new SLES11 server built at a branch 1.

I can ping anything inside the branch from the server and everything at other branches as well. Can also access internet

I go to another branch, lets say branch 2. I can’t ping this server at branch 1 but can ping everything else at branch 1.[/QUOTE]

sounds like that new server does not have a proper default route set up.

Regards,
Jens

Hi nix34,

answered too quickly - I mis-read your second line (I somehow read the “others” at branch1 can reach anything else, too).

Can you verify that the new server at branch1 receives the icmp echo requests from branch2? If yes, how/where are the replies sent? You can use “tcpdump -nvv icmp” on server at branch1 to trace the ICMP (echo request/response, AKA “ping”) packets.

Regards,
Jens

nix34 wrote:
[color=blue]

I go to another branch, lets say branch 2. I can’t ping this server
at branch 1 but can ping everything else at branch 1.[/color]

Is your firewall running?

Check /etc/sysconfig/SuSEfirewall2. There you can specify what type of
access is allowed. For example:

[color=blue]

9.)

Which TCP services on the firewall should be accessible from

untrusted networks?

Enter all ports or known portnames below, seperated by a space.

TCP services (e.g. SMTP, WWW) must be set in FW_SERVICES_*_TCP, and

UDP services (e.g. syslog) must be set in FW_SERVICES_*_UDP.

e.g. if a webserver on the firewall should be accessible from the

internet:

FW_SERVICES_EXT_TCP=“www”[/color]

and
[color=blue]

10.)

Which services should be accessible from ‘trusted’ hosts or nets?

Define trusted hosts or networks (doesn’t matter whether they are

internal or

external) and the services (tcp,udp,icmp) they are allowed to use.

This can

be used instead of FW_SERVICES_* for further access restriction.

Please note

that this is no replacement for authentication since IP addresses

can be

spoofed. Also note that trusted hosts/nets are not allowed to ping

the

firewall until you also permit icmp.

Format: space separated list of network[,protocol[,port]]

in case of icmp, port means the icmp type

Example: “172.20.1.1 172.20.0.0/16 1.1.1.1,icmp 2.2.2.2,tcp,22”[/color]


Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

Basically trying to set up VNC so the helpdesk can access server. For example: http:\\server name or IP:5801 When trying this, it failed

When we tried to ping the server, that failed. However, when we were pinging pc’s, laptops, printers, switches, routers at that locaiton, we can ping those devices without any problems. What was missed when installing SLES11?

Now, when we visit the site, we CAN ping the server since we are there locally.

No firewall is on

[QUOTE=KBOYLE;14900]nix34 wrote:
[color=blue]

I go to another branch, lets say branch 2. I can’t ping this server
at branch 1 but can ping everything else at branch 1.[/color]

Is your firewall running?

Check /etc/sysconfig/SuSEfirewall2. There you can specify what type of
access is allowed. For example:

[color=blue]

9.)

Which TCP services on the firewall should be accessible from

untrusted networks?

Enter all ports or known portnames below, seperated by a space.

TCP services (e.g. SMTP, WWW) must be set in FW_SERVICES_*_TCP, and

UDP services (e.g. syslog) must be set in FW_SERVICES_*_UDP.

e.g. if a webserver on the firewall should be accessible from the

internet:

FW_SERVICES_EXT_TCP=“www”[/color]

and
[color=blue]

10.)

Which services should be accessible from ‘trusted’ hosts or nets?

Define trusted hosts or networks (doesn’t matter whether they are

internal or

external) and the services (tcp,udp,icmp) they are allowed to use.

This can

be used instead of FW_SERVICES_* for further access restriction.

Please note

that this is no replacement for authentication since IP addresses

can be

spoofed. Also note that trusted hosts/nets are not allowed to ping

the

firewall until you also permit icmp.

Format: space separated list of network[,protocol[,port]]

in case of icmp, port means the icmp type

Example: “172.20.1.1 172.20.0.0/16 1.1.1.1,icmp 2.2.2.2,tcp,22”[/color]


Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…[/QUOTE]

Hi nix34,

unfortunately, you did not provide information on the ICMP packets, as seen from the new server. Could you please run the tcpdump and report back the results?

If the new server receives the ICMP echo requests (“ping” requests), then please include the interface IP setup and routing table of the new server, per c&p of the according commands.

Regards,
Jens

nix34 wrote:
[color=blue]

No firewall is on
[/color]

How is your network at branch 1 configured?

  1. This new server connects to the Internet via a separate router…

or

  1. This new server is your gateway to the Internet. It has one
    interface connected to the external network (Internet) and another
    interface connected to the internal network.

As Jens already mentioned, the first step is to confirm that the ICMP
echo request (ping) actually reaches the server. The next step is to
determine whether a response is sent and what happens to it. If the
default route is incorrect, the response may never be returned to the
host that issues the ICMP echo request. If you’re using
nat/masquerading and it is misconfigured, the response may very well be
sent but it may appear to be from a different device and not recognised
as a valid reply to the ICMP echo request.


Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

jmozdzen wrote:
[color=blue]

sounds like that new server does not have a proper default route set
up.[/color]

… or has an incorrect network mask set.

HTH.

Simon
SUSE Knowledge Partner

Hi Simon,

[QUOTE=smflood;14915]jmozdzen wrote:
[color=blue]

sounds like that new server does not have a proper default route set
up.[/color]

… or has an incorrect network mask set.

HTH.

Simon
SUSE Knowledge Partner[/QUOTE]

then it’d be astonishing that the new server can ping everything at other branches. OTOH, it may not have been fully tested, that’s why I’m after the c&p of the interface config.

Regards,
Jens