I originally posted this on the sonicwall forum but the more I think about this the more I am lead to believe this is a multi-homed issue.
SLES11 SP1. Heres the problem (stay with me, you will see why I posted here):
site to site VPN (sonicwall 192.168.123.x to pix 192.168.143.x). From the 192.168.143.x side, i need to get to 192.168.123.4; cannot ping this ip, cannot access any resources on this 1 ip. All other ip’s on the 192.168.123.x side are reachable and working fine (single NIC configured). Here is what i am seeing on the sonicwall logs when accessing 192.168.123.4 from 192.168.143.x:
Code:
04/27/2012 08:27:07.320 Notice Network Access TCP handshake violation detected; TCP connection dropped 192.168.143.x, 3537, WAN 192.168.123.4, 80, LAN Handshake Timeout
Also, can not reach the 192.168.143.x single address from 192.168.123.x single address:
Code:
04/27/2012 08:43:08.576 Info Network Access ICMP packet from LAN allowed 192.168.124.3, 13927, OPT 192.168.143.x, 8, WAN ICMP Echo, Code: 0
As i look at this log from 192.168.123.x single address, notice he ping comes from 192.168.124 NIC? it appears that it may be making it to the 192.168.143.x single address, the ping is not making it back to the 192.168.123.x single address. This is a multi-NIC server and this ping originates from the OPT side, which also may be a reason the ping is not making it back. Could this be the problem (multi-NIC server)? The 192.168.123 NIC does not have a gateway set: the 192.168.124 NIC does have a default gateway.
Can anyone help me configure the default gateway for the 192.168.123 network?
[QUOTE=carnold6;4272]This is a multi-NIC server and this ping originates from the OPT side, which also may be a reason the ping is not making it back. Could this be the problem (multi-NIC server)? The 192.168.123 NIC does not have a gateway set: the 192.168.124 NIC does have a default gateway.
Can anyone help me configure the default gateway for the 192.168.123 network?[/QUOTE]
I am fairly certain this is a route issue due to multi-homed server. I changed the default gateway to 192.168.123.x’s gateway and stuff on the other side of the VPN started working. But now, email does not work. So, until i find out how to add a second gateway, i changed back to 192.168.124.x’s gateway. IProute2 is installed and i have found this but the ip route add 192.168.124.0/24 dev eth1 src 192.168.124.2 table admin returns RTNETLINK answers: invalid argument
So clearly i do not know the correct command to run to add a second gateway.
[QUOTE=carnold6;4274] i have found this but the ip route add 192.168.124.0/24 dev eth1 src 192.168.124.2 table admin returns RTNETLINK answers: invalid argument
So clearly i do not know the correct command to run to add a second gateway.[/QUOTE]
That is because that was the wrong src :)!!! What can I say, it was late here…
Anyway, after typing in the right ip route command and adding rules, that link solved my problem.
I do not know if there is a way to do this with the YaST/sysconfig
route, but if nothing else you could create a startup script that runs
the commands again… an after.local file or something symlinked from
/etc/init.d/rc3.d or something. None of the network settings, other
than those in YaST or equivalent, will be persistent from one boot to
another.
Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
@carnold6: you can persist settings in several ways.
ifcfg-: you can add a PRE_UP_SCRIPT, POST_UP_SCRIPT etc… entry to the individual ifcfg-files. The scripts invoked here are usually located in /etc/sysconfig/network/scripts
/etc/sysconfig/network/config - for a global configuration, you can use the entries in this file:
GLOBAL_POST_UP_EXEC=“yes” , GLOBAL_PRE_DOWN_EXEC=“yes” which run the scripts in /etc/sysconfig/network/if-up.d and if-down.d
For firewall scripts/settings, check the FW_CUSTOMRULES="" line in /etc/sysconfig/SuSEfirewall2 which is usually /etc/sysconfig/scripts/SuSEfirewall2-custom .
HTH
Yes, this should be possible within YaST’s Network (lan) module, at least in SLES 11 it is. Just head to the Routes TAB and add the needed routes in the section right under the default route. The will be persistent and also become more “portable” as in the sense that the routes will be added in the same place the network configuration is found: /etc/sysconfig/network… I believe in the routes file. When you have configured one servers routes, just copy that file over to another servers /etc/sysconfig/network and restart the network services to make the new route effective (assuming the needed routes, including default route, are the same for the other server).
I dont see where there is a yast network (lan) module. Could you be more specific? I see a routing option in yast network devices and then the eth(x) but nothing else.