0

I am trying to set up subinterfaces on my Ubuntu 14.04 server for each VLAN. I believe I have successfully set them up using vconfig, but the subinterface is only pingable from hosts on its own VLAN. I'll need hosts outside its VLAN to be able to connect to it. This seems to work fine for my CentOS server so I know my networking is correct. I also see ICMP request packets on the subinterface when I do a tcpdump and ping the subinterface from a client outside the VLAN.

Any ideas? What other troubleshooting tips can you give me?

EDIT: I managed to fix this. My tcpdump on the server was showing icmp echo requests, but no reply. I found a related post here. Enabling martian source logging like this:

echo 1 >/proc/sys/net/ipv4/conf/eth2/log_martians

and then 

sysctl net.ipv4.conf.all.rp_filter=2

Fixed it. I'm surprised this doesn't come up more often.

Improve this question

3 Answers 3

Reset to default
1

I managed to fix this. My tcpdump on the server was showing icmp echo requests, but no reply. I found a related post here. Enabling martian source logging like this:

echo 1 >/proc/sys/net/ipv4/conf/eth2/log_martians

and then 

sysctl net.ipv4.conf.all.rp_filter=2

Fixed it. I'm surprised this doesn't come up more often.

Improve this answer
0

For your client to ping your server's IP address, one of the following needs to be true:

  • The client must be on the same [V]LAN AND be using an IP address on the same IP subnet as the address it's trying to ping.

OR

  • There must be an IP router (or network of routers) connecting the client's [V]LAN and IP subnet to the server's [V]LAN and IP subnet.

If you haven't set up a router between the two VLANs (or between the two IP subnets on the same VLAN, if that's what you're doing), then you haven't provided an IP network route for the pings to traverse.

Note that some OSes, at least in some configurations, won't pay attention to which interface a certain IP packet came in on. So in those cases they may reply to a ping request that came in on the "wrong" interface. It could be that your CentOS environment was being lax like this, but your Ubuntu box is being more careful about which interface is which. Or it may be that you've enabled IP forwarding (the simplest version of being an IP router) on the CentOS box, but not on your Ubuntu box.

Improve this answer
1
  • I have a router that configures all my vlans. My router can ping every interface on this server because it itself has an interface that belongs in each vlan. I have many other hosts that belong to different vlans and I am able to ping them without any issues across vlans. I am just not able to ping these specific interfaces across vlans. It must be a configuration on the ubuntu server. Just can't figure out what or even how to troubleshoot.
    – Intrepid
    Commented Apr 20, 2015 at 14:04
0

Sounds like you need routes for the specific remote networks you're trying to connect to.

To test insert the route into the routing table like this:

sudo route add -net 172.16.0.0/12 gw 192.168.1.113 dev eth.<vlan number>

To make these routes permanent, you'll need to an entry in /etc/network/interfaces like this:

up route add [-net|-host] <host/net>/<mask> gw <host/IP> dev <Interface>
Improve this answer
2
  • Sorry for the delayed response. I tried adding your route and it didn't seem to work. In fact it actually broke networking completely. eth0 is configured as 10.10.10.30 and eth0.3 is configured as 10.15.10.30. I used the following: route add -net 10.10.10.0/22 gw 10.15.10.1 dev eth0.3. I had to remove it to gain access to my server again. I am able to ping all interfaces including 10.15.10.30 from my router which I find very strange. Makes me think something is wrong with my router config, but I know it's not because I can ping every other host from every other vlan.
    – Intrepid
    Commented Apr 20, 2015 at 13:57
  • I feel like I'm missing some information here. According to your post in how you fixed your issue it sounds like you're arp'ing out on all interfaces to find the destination Is this correct? net.ipv4.conf.all.rp_filter is normally set to 2 ( which you've done in your case ) when there is asymmetric routing. Packet comes in on one interface and leaves on another. Is this your desired behavior? Can you post a netstat -rn and an ifconfig to shed more light on your config?
    – CaptSparrow
    Commented Apr 21, 2015 at 4:08

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .