There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Weird (to me) networking issue - can you help?

I have two subnets and am experiencing some pretty weird (to me) behaviour - could you help me understand what’s going on?

Scenario 1


<span style="color:#323232;">PC:                        192.168.11.101/24
</span><span style="color:#323232;">Server: 192.168.10.102/24, 192.168.11.102/24
</span>

From my PC I can connect to .11.102, but not to .10.102:


<span style="color:#323232;">ping -c 10 192.168.11.102 </span><span style="font-style:italic;color:#969896;"># works fine
</span><span style="color:#323232;">ping -c 10 192.168.10.102 </span><span style="font-style:italic;color:#969896;"># 100% packet loss
</span>

Scenario 2

Now, if I disable .11.102 on the server (ip link set <dev> down) so that it only has an ip on the .10 subnet, the previously failing ping works fine.


<span style="color:#323232;">PC:                        192.168.11.101/24
</span><span style="color:#323232;">Server: 192.168.10.102/24
</span>

From my PC:


<span style="color:#323232;">ping -c 10 192.168.10.102 </span><span style="font-style:italic;color:#969896;"># now works fine
</span>

This is baffling to me… any idea why it might be?

Here’s some additional information:

  • The two subnets are on different vlans (.10/24 is untagged and .11/24 is tagged 11).
  • The PC and Server are connected to the same managed switch, which however does nothing “strange” (it just leaves tags as they are on all ports).
  • The router is connected to the aformentioned switch and set to forward packets between the two subnets (I’m pretty sure how I’ve configured it so, plus IIUC the second scenario ping wouldn’t work without forwarding).
  • The router also has the same vlan setup, and I can ping both .10.1 and .11.1 with no issue in both scenarios 1 and 2.
  • In case it may matter, machine 1 has the following routes, setup by networkmanager from dhcp:

<span style="color:#323232;">default via 192.168.11.1 dev eth1 proto dhcp              src 192.168.11.101 metric 410
</span><span style="color:#323232;">192.168.11.0/24          dev eth1 proto kernel scope link src 192.168.11.101 metric 410
</span>
  • In case it may matter, Machine 2 uses systemd-networkd and the routes generated from DHCP are slightly different (after dropping the .11.102 address for scenario 2, of course the relevant routes disappear):

<span style="color:#323232;">default via 192.168.10.1 dev eth0 proto dhcp              src 192.168.10.102 metric 100
</span><span style="color:#323232;">192.168.10.0/24          dev eth0 proto kernel scope link src 192.168.10.102 metric 100
</span><span style="color:#323232;">192.168.10.1             dev eth0 proto dhcp   scope link src 192.168.10.102 metric 100
</span><span style="color:#323232;">default via 192.168.11.1 dev eth1 proto dhcp              src 192.168.11.102 metric 101
</span><span style="color:#323232;">192.168.11.0/24          dev eth1 proto kernel scope link src 192.168.11.102 metric 101
</span><span style="color:#323232;">192.168.11.1             dev eth1 proto dhcp   scope link src 192.168.11.102 metric 101
</span>
Shdwdrgn ,

This sounds familiar. Can you verify if you’ve enabled net.ipv4.ip_forward=1 in /etc/sysctl.conf? If you have to make a change, then issue sysctl --system to reload the updates.

talkingpumpkin OP ,
@talkingpumpkin@lemmy.world avatar

Thanks! Forwarding is disabled. I don’t want the server to steal the router’s job :)

Shdwdrgn ,

If you already have a router tying these two networks together then you should NOT also have two NICs in one machine tied to both networks. Pick one or the other, you can’t have both. If you think you need both then you haven’t correctly considered your network topology.

SnotFlickerman , (edited )
@SnotFlickerman@lemmy.blahaj.zone avatar

Have you considered adding a manually configured route for each of these networks to find each other?

If the auto-generated routes aren’t able to find it, I would personally manually add the route on both ends (give 192.168.11.0/24 a path to 192.168.10.0/24 and vice versa) to see if that changes anything.

Occasionally, you just have to tell computers what to do.

EDIT: said “path” when I meant “route”

teslasaur ,

My guess is that the server receives the packet from the client with src .11.101 dst .10.102 and tries to respond over the interface that has .11.102 assigned. The client expects a response from src .10.102 and drops the packet. But I would turn on a packet sniffer in the gateway to see if the returning traffic even passes the Firewall in scenario 1.

talkingpumpkin OP ,
@talkingpumpkin@lemmy.world avatar

So the request goes trough but the replies are discarded ? That could actually be it!

I think there was an option to allow martian packets… I’ll search it and give it a try. Thanks!

sj_zero ,

Having a pair of default gateways could be an issue. On Windows (which I know, isn't the OS here), you have to be pretty careful because if you're straddling two networks, you need to pick one network to be the dominant one, that's the one whose default gateway will get packets heading onto outbound networks.

talkingpumpkin OP ,
@talkingpumpkin@lemmy.world avatar

I tried dropping the default routes (one at a time) and it doesn’t make a difference, which isn’t (I think) surprising as all traffic is local as far as the server in scenario 1 is concerned. Also IIUC only the default gateway with the lowest metric actually counts.

just_another_person , (edited )

You have two NICs in a machine and two networks, one untagged and one tagged? This is a mess for a number of reasons. You have two routes and two adapters that don’t route to the default gateway of each subnet because you’re also tagging one portion of the VLAN traffic, and not tagging the other. That’s your problem.

How you’re going to fix it: learn about VLANs and subnetting, then let your router do the job it’s designed to do. You’ve already defeated the purpose of the VLANs by having them bridged with this one machine anyway. There’s literally no point except this confusing setup.

talkingpumpkin OP ,
@talkingpumpkin@lemmy.world avatar

I don’t think I quite explained the situation well enough: my server only has 1 ethernet port (same as my PC), otherwise I wouldn’t have bothered with vlans (well, I would still have bothered, since my house still only has one “backbone” cable running through it, but I would have configured it on the switches only).

Anyway… a few of the things you say/imply go against my understanding of networking, so one of us would better go back RTFM as you suggest :) (just kidding - most probably I just don’t understand what you mean)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •