Why is my network not networking?

[wildbill001]

So here is my current network setup:

I redid the whole thing the other day when I got some larger disks for the datastores. Decided to "simplify" the original setup and do away with separate systems for router and DHCP server. SO I built a RH 5.4 system to route between the 10.0.0.0 & 172.16.239.0 networks. And I have been fighting with this for 2 days now and just can't seem to get it to work.

Vrouter (the RH 5.4 vm) has two NICS (vmxnet3 if that makes any difference). eth0 is configured as:

GATEWAY=10.0.0.1
TYPE=Ethernet
DEVICE=eth0
HWADDR=00:0c:29:89:93:6c
BOOTPROTO=none
NETMASK=255.255.255.0
IPADDR=10.0.0.9
NETWORK=10.0.0.0
ONBOOT=yes
USERCTL=no
IPV6INIT=no
PEERDNS=yes
​

and eth1 is configured as:

TYPE=Ethernet
DEVICE=eth1
HWADDR=00:0c:29:89:93:76
BOOTPROTO=none
NETMASK=255.255.255.0
IPADDR=172.16.239.1
NETWORK=172.16.239.0
ONBOOT=yes
USERCTL=no
IPV6INIT=no
PEERDNS=yes
​

/etc/sysconfig/network looks like:

NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=vrouter.wcwlab.com
GATEWAY=10.0.0.9
​

Now, on vrouter, I can ping:

• My WAN router, 10.0.0.1
• 172.16.239.1
• 10.0.0.20 (another PC on my "home" network"
• and 172.16.239.5 (which is a VM on the "internal network"

I can also resolve any FQDN from the internet, such as google.com, redhat.com, etc., just fine on vrouter.

When I go to the 172.16.239.5 system, that's where the problems start. I can ping:

• 172.16.239.1
• 10.0.0.9
• 10.0.0.20

But cannot ping 10.0.0.1 or any internet address. NOR can I resolve any internet address. (nameserver is set to 10.0.0.1 & 8.8.8.8)

Ah, yes, I have TURNED OFF iptables and disabled selinux on the vrouter system and I HAVE enabled packet-forwarding.

Almost forgot: I CAN ping 172.16.239.5 from within my "home net (10.0.0.0)" just fine as well as resolve any FQDN.

I am at a loss as to what I may have overlooked. I'm sure it is going to turn out to be an ID10T error and/or a "can't see the forest for the trees" kind of thing.

Help me Obi-wan, you are our only hope!

TIA
Bill W

 

[NetJunkie]

It's your WAN router. It doesn't know how to get back to the 172.16.239.0 network. You need to add a route that says to get there it needs to use 10.0.0.9. If your WAN router won't let you add routes then you can setup your vrouter to NAT 172.16.239.0 to 10.0.0.0....but then you'd be doing NATing which may or may not be a problem for you.

 

[wildbill001]

@#$@$#%^@#!@#$% I knew I was overlooking something!!!

NOT sure why the WAN would have lost its static route because I did NOT touch it. You would think that as long as I have been in this business (~30yrs) I would have known by now NOT to assume anything about any equipment.

Let that be a lesson to you "young whipper-snappers"-- ALWAYS check everything

Thank you so much for saving what little hair I have left on my head.

Bill W

 

[nicholasfarmer]

Guessing you have this fixed?
Also, any reason to have the seperate 172.x network? Without a vfirewall, its only causing you more latency and burning CPU cycles.

And just as a suggestion, drop $20 and get an intel nic for the PC and seperate out the management and prod networks. I'm just guessing here but if your router is smart enough to add route statements then maybe you can create a seperate vlan for the 172.x network and connect it to its own nic.

Even in my home lab I never allow my management network on a vlan that can touch the Internet.

Just trying to help.
Nicholas Farmer

 

[wildbill001]

Yes, adding the static route to the WAN router did the trick.
As for the 172.x network: Actually there are a several reasons for having it.
1) it mimics my work development lab which is physically over in England.
2) it isolates work from home
3) The software I use/test from work is tied to an IP address and is extremely difficult to re-IP, So if we travel anywhere and I bring the server, once I tap into the destination network, I almost always have to re-IP. That can cost me days of work. Not worth it.

Not ideal but workable as long as I don't forget to check ALL the static routes when I make changes at home.

I hear what you are saying about the management network but see #1 above.

Bill W
Always willing to listen to experience (but don't always pay close attention.)