Closed Bug 1484013 Opened 7 years ago Closed 7 years ago

Server Reachable from one NIC but not the other.

Categories

(Infrastructure & Operations Graveyard :: NetOps: Other, task)

Product:
Infrastructure & Operations Graveyard
Component:
NetOps: Other
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mpoessy, Assigned: jabba)

Details

Filed on behalf of Gene Wood: I'm trying to access a server with two NICs. I can get to one but not the other. $ traceroute 10.48.72.159 traceroute to 10.48.72.159 (10.48.72.159), 30 hops max, 60 byte packets 1 10.48.240.1 (10.48.240.1) 10.128 ms 10.106 ms 10.102 ms 2 ae1-72.fw1.corpdmz.mdc1.mozilla.net (10.48.72.1) 10.154 ms 10.155 ms 10.151 ms 3 wde1-stage.corpdmz.mdc1.mozilla.com (10.48.72.159) 10.400 ms 10.403 ms 10.392 ms $ traceroute 10.48.72.161 traceroute to 10.48.72.161 (10.48.72.161), 30 hops max, 60 byte packets 1 10.48.240.1 (10.48.240.1) 8.820 ms 8.760 ms 8.730 ms 2 ae1-72.fw1.corpdmz.mdc1.mozilla.net (10.48.72.1) 8.711 ms 8.827 ms 8.818 ms 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * *^C $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.251.24.1 0.0.0.0 UG 100 0 0 enx106530bf5476 0.0.0.0 10.251.32.1 0.0.0.0 UG 600 0 0 wlp59s0 10.8.0.0 10.48.240.1 255.248.0.0 UG 50 0 0 tun0 10.16.0.0 10.48.240.1 255.240.0.0 UG 50 0 0 tun0 10.32.0.0 10.48.240.1 255.252.0.0 UG 50 0 0 tun0 10.48.0.0 10.48.240.1 255.252.0.0 UG 50 0 0 tun0 10.48.240.0 0.0.0.0 255.255.254.0 U 50 0 0 tun0 10.128.0.0 10.48.240.1 255.192.0.0 UG 50 0 0 tun0 10.192.0.0 10.48.240.1 255.192.0.0 UG 50 0 0 tun0 10.251.24.0 0.0.0.0 255.255.248.0 U 100 0 0 enx106530bf5476 10.251.24.1 0.0.0.0 255.255.255.255 UH 100 0 0 enx106530bf5476 10.251.32.0 0.0.0.0 255.255.248.0 U 600 0 0 wlp59s0 52.2.79.174 10.48.240.1 255.255.255.255 UGH 50 0 0 tun0 52.3.167.221 10.48.240.1 255.255.255.255 UGH 50 0 0 tun0 54.152.188.242 10.48.240.1 255.255.255.255 UGH 50 0 0 tun0 54.203.27.53 10.48.240.1 255.255.255.255 UGH 50 0 0 tun0 63.245.208.97 10.251.24.1 255.255.255.255 UGH 100 0 0 enx106530bf5476 63.245.215.58 10.48.240.1 255.255.255.255 UGH 50 0 0 tun0 63.245.215.245 10.48.240.1 255.255.255.255 UGH 50 0 0 tun0 63.245.223.0 10.48.240.1 255.255.255.128 UG 50 0 0 tun0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlp59s0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 These are the VPN rules that apply to me : -N vpn_default -A vpn_default -d 10.48.75.24/32 -m comment --comment "graphite1.private.mdc1.mozilla.com" -j ACCEPT -A vpn_default -d 10.22.75.248/32 -m comment --comment "Infoblox HA DNS in scl3" -j ACCEPT -A vpn_default -d 63.245.223.0/25 -m comment --comment "community VLAN" -j ACCEPT -A vpn_default -d 10.22.75.17/32 -p tcp -m multiport --dports 443 -m comment --comment "graphite-web.private.scl3.mozilla.com" -j ACCEPT -A vpn_default -d 10.22.75.17/32 -p udp -m multiport --dports 443 -m comment --comment "graphite-web.private.scl3.mozilla.com" -j ACCEPT -A vpn_default -d 10.22.81.113/32 -m comment --comment "etherpadmigrator1.webapp.scl3.mozilla.com" -j ACCEPT -A vpn_default -d 10.22.75.41/32 -p tcp -m multiport --dports 53 -m comment --comment "ns2.private.scl3.mozilla.com" -j ACCEPT -A vpn_default -d 10.22.75.41/32 -p udp -m multiport --dports 53 -m comment --comment "ns2.private.scl3.mozilla.com" -j ACCEPT -A vpn_default -d 10.48.75.120/32 -m comment --comment "Infoblox HA DNS in mdc1" -j ACCEPT -A vpn_default -d 10.22.75.40/32 -p tcp -m multiport --dports 53 -m comment --comment "ns1.private.scl3.mozilla.com" -j ACCEPT -A vpn_default -d 10.22.75.40/32 -p udp -m multiport --dports 53 -m comment --comment "ns1.private.scl3.mozilla.com" -j ACCEPT -A vpn_default -d 10.22.74.153/32 -m comment --comment "triage1.dmz.scl3.mozilla.com" -j ACCEPT -A vpn_default -d 10.8.81.18/32 -p tcp -m multiport --dports 443 -m comment --comment "old-etherpad.webapp.phx1.mozilla.com" -j ACCEPT -A vpn_default -d 10.8.81.18/32 -p udp -m multiport --dports 443 -m comment --comment "old-etherpad.webapp.phx1.mozilla.com" -j ACCEPT -A vpn_default -d 10.50.75.120/32 -m comment --comment "Infoblox HA DNS in mdc2" -j ACCEPT -A vpn_default -d 10.22.75.17/32 -p tcp -m multiport --dports 80 -m comment --comment "graphite-web.private.scl3.mozilla.com" -j ACCEPT -A vpn_default -d 10.22.75.17/32 -p udp -m multiport --dports 80 -m comment --comment "graphite-web.private.scl3.mozilla.com" -j ACCEPT -A vpn_default -d 10.22.72.136/32 -p tcp -m multiport --dports 53 -m comment --comment "openvpn1.corpdmz.scl3.mozilla.com" -j ACCEPT -A vpn_default -d 10.22.72.136/32 -p udp -m multiport --dports 53 -m comment --comment "openvpn1.corpdmz.scl3.mozilla.com" -j ACCEPT -N vpn_corp -A vpn_corp -d 52.2.79.174/32 -m comment --comment services-qa-jenkins -j ACCEPT -A vpn_corp -d 10.22.75.42/32 -p tcp -m multiport --dports 80,443 -m comment --comment "nagios1.private.scl3.mozilla.com" -j ACCEPT -A vpn_corp -d 10.22.75.42/32 -p udp -m multiport --dports 80,443 -m comment --comment "nagios1.private.scl3.mozilla.com" -j ACCEPT -A vpn_corp -d 10.243.24.0/21 -m comment --comment "par1 corp network" -j ACCEPT -A vpn_corp -d 10.22.75.137/32 -p tcp -m multiport --dports 443 -m comment --comment "observium.private.scl3.mozilla.com" -j ACCEPT -A vpn_corp -d 10.22.75.137/32 -p udp -m multiport --dports 443 -m comment --comment "observium.private.scl3.mozilla.com" -j ACCEPT -A vpn_corp -d 54.152.188.242/32 -m comment --comment services-qa-jenkins -j ACCEPT -A vpn_corp -d 10.50.72.0/24 -m comment --comment "corpdmz.mdc2" -j ACCEPT -A vpn_corp -d 10.22.81.143/32 -m comment --comment "webqa-ci-zlb.webapp.scl3.mozilla.com" -j ACCEPT -A vpn_corp -d 10.22.75.48/32 -m comment --comment "ldapadmin1.private.scl3.mozilla.com" -j ACCEPT -A vpn_corp -d 10.251.24.0/21 -m comment --comment "sfo1 corp network" -j ACCEPT -A vpn_corp -d 10.22.82.50/32 -m comment --comment "elasticsearch-private.bugs.scl3.mozilla.com (bug 965329)" -j ACCEPT -A vpn_corp -d 52.3.167.221/32 -m comment --comment services-qa-jenkins -j ACCEPT -A vpn_corp -d 10.248.24.0/21 -m comment --comment "pdx1 corp network" -j ACCEPT -A vpn_corp -d 10.239.24.0/21 -m comment --comment "corp.lon2.mozilla.com" -j ACCEPT -A vpn_corp -d 54.203.27.53/32 -m comment --comment "screenshots-admin.services.mozilla.com" -j ACCEPT -A vpn_corp -d 10.48.75.39/32 -m comment --comment "ldapadmin1.private.mdc1.mozilla.com" -j ACCEPT -A vpn_corp -d 10.22.72.0/24 -m comment --comment "corpdmz.scl3" -j ACCEPT -A vpn_corp -d 63.245.215.245/32 -p tcp -m multiport --dports 80,443 -m comment --comment "vreplay.mozilla.com" -j ACCEPT -A vpn_corp -d 63.245.215.245/32 -p udp -m multiport --dports 80,443 -m comment --comment "vreplay.mozilla.com" -j ACCEPT -A vpn_corp -d 10.252.24.0/21 -m comment --comment "mtv2 corp network" -j ACCEPT -A vpn_corp -d 10.48.72.0/24 -m comment --comment "corpdmz.mdc1" -j ACCEPT -A vpn_corp -d 10.244.24.0/21 -m comment --comment "yvr1 corp network" -j ACCEPT -A vpn_corp -d 10.252.73.0/24 -m comment --comment 1130459 -j ACCEPT -A vpn_corp -d 10.22.82.46/32 -m comment --comment "elasticsearch-zlb.bugs.scl3.mozilla.com (bug 965329)" -j ACCEPT -A vpn_corp -d 10.242.24.0/21 -m comment --comment "tor1 corp network" -j ACCEPT -A vpn_corp -d 63.245.215.58/32 -m comment --comment "mrepo-zlb.vips.scl3.mozilla.com" -j ACCEPT -A vpn_corp -d 10.247.24.0/21 -m comment --comment "tpe1 corp network" -j ACCEPT -A vpn_corp -d 10.238.24.0/21 -m comment --comment "ber3 corp network" -j ACCEPT -A vpn_corp -d 10.22.70.17/32 -p tcp -m multiport --dports 389 -m comment --comment "ldap.db.scl3.mozilla.com" -j ACCEPT -A vpn_corp -d 10.22.70.17/32 -p udp -m multiport --dports 389 -m comment --comment "ldap.db.scl3.mozilla.com" -j ACCEPT -N vpn_clearpass -A vpn_clearpass -d 10.22.75.101/32 -m comment --comment "aruba-cppm1.private.scl3.mozilla.net" -j ACCEPT -N vpn_opsec_mozdef -A vpn_opsec_mozdef -d 10.22.75.80/32 -m comment --comment "mozdefes7.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.79/32 -m comment --comment "mozdefes6.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.48.75.210/32 -m comment --comment "mozdef.private.mdc1.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.86/32 -m comment --comment "mozdefes8.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.87/32 -m comment --comment "mozdefes9.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.88/32 -m comment --comment "mozdefes10.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.89/32 -m comment --comment "mozdefes11.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.184/32 -m comment --comment "mozdefes1.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.185/32 -m comment --comment "mozdefes2.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.186/32 -m comment --comment "mozdefes3.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.187/32 -m comment --comment "mozdefes4.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.44/32 -m comment --comment "mozdef.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.24/32 -m comment --comment "mozdef4.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.183/32 -m comment --comment "mozdefalert.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.35/32 -m comment --comment "mozdef3.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.34/32 -m comment --comment "mozdef2.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.188/32 -m comment --comment "mozdefes5.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.177/32 -m comment --comment "mozdefqa2.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_mozdef -d 10.22.75.33/32 -m comment --comment "mozdef1.private.scl3.mozilla.com" -j ACCEPT -N vpn_eis_automation -A vpn_eis_automation -d 10.22.75.113/32 -p tcp -m multiport --dports 4445 -m comment --comment "eis-automation1.private.scl3.mozilla.com" -j ACCEPT -A vpn_eis_automation -d 10.22.75.113/32 -p udp -m multiport --dports 4445 -m comment --comment "eis-automation1.private.scl3.mozilla.com" -j ACCEPT -N vpn_puppetdashboard_users -A vpn_puppetdashboard_users -d 10.8.75.212/32 -m comment --comment "puppetdashboard-zlb.vips.private.phx1.mozilla.com" -j ACCEPT -N vpn_opsec_nagios -A vpn_opsec_nagios -d 10.22.75.92/32 -m comment --comment "nagios-eis1.private.scl3.mozilla.com" -j ACCEPT -A vpn_opsec_nagios -d 10.50.75.205/32 -m comment --comment "nagios-eis1.private.mdc2.mozilla.com" -j ACCEPT -A vpn_opsec_nagios -d 10.48.75.205/32 -m comment --comment "nagios-eis1.private.mdc1.mozilla.com" -j ACCEPT -N vpn_git_internal -A vpn_git_internal -d 10.22.75.178/32 -m comment --comment "git-internal-stage-vip.private.scl3.mozilla.com" -j ACCEPT -A vpn_git_internal -d 10.22.75.154/32 -m comment --comment "git-internal.mozilla.org" -j ACCEPT -N vpn_inventory -A vpn_inventory -d 10.22.75.208/32 -p tcp -m multiport --dports 443 -m comment --comment "inventory-zlb.private.scl3.mozilla.com" -j ACCEPT -A vpn_inventory -d 10.22.75.208/32 -p udp -m multiport --dports 443 -m comment --comment "inventory-zlb.private.scl3.mozilla.com" -j ACCEPT -A vpn_inventory -d 10.22.75.208/32 -p tcp -m multiport --dports 80 -m comment --comment "inventory-zlb.private.scl3.mozilla.com" -j ACCEPT -A vpn_inventory -d 10.22.75.208/32 -p udp -m multiport --dports 80 -m comment --comment "inventory-zlb.private.scl3.mozilla.com" -j ACCEPT
Thanks Mike, sorry I thought service now was where this kind of request went.
Mike asks "Does the one NIC work to access other servers/sites?" The ens160 interface with the 10.48.72.159 IP address has the lower metric in the route table [root@wde1-stage.corpdmz.mdc1 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.48.72.1 0.0.0.0 UG 100 0 0 ens160 0.0.0.0 10.48.72.1 0.0.0.0 UG 101 0 0 ens192 10.48.72.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160 10.48.72.0 0.0.0.0 255.255.255.0 U 101 0 0 ens192 and so outbound traffic from the server uses 10.48.72.159 So I can access other servers/site from 10.48.72.159 but without changing the route table I can't test if 10.48.72.161 can reach other devices.
Assignee: network-operations → jdow
Status: NEW → ASSIGNED
Jabba setup a new vpn group with these 2 IPs and added my user to it.
I've not been able to get this to work yet but I did get access through Zeus so I'll close this for now.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.