Ping issues

anaigini45 · July 21, 2016, 7:04am

I have 2 servers. I want to be able to ping both ways.
Server A cannot ping to server B, but server B can ping to Server A.
Server A ip address : 10.61.1.119
Server B ip address : 10.67.26.89

This is the routing table for Server A :

L28ts03:root # netstat -rn
Routing tables
Destination           Gateway            Flags   Refs Interface  Pmtu
127.0.0.1             127.0.0.1          UH        0  lo0        4136
10.10.10.2            10.10.10.2         UH        0  lan3       4136
10.61.1.119           10.61.1.119        UH        0  lan0       4136
10.44.32.11           10.61.1.1          UGH       0  lan0       1500
10.61.1.0             10.61.1.119        U         2  lan0       1500
10.10.10.0            10.10.10.2         U         2  lan3       1500
10.67.26.89           10.61.1.1          UGH       0  lan0       1500
127.0.0.0             127.0.0.1          U         0  lo0        4136
default               10.61.1.1          UG        0  lan0       1500
L28ts03:root #

This is the routing table for Server B:

[root@l28soadb1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.70.21.65     0.0.0.0         UG    0      0        0 bond0
10.67.26.0      10.67.26.65     255.255.254.0   UG    0      0        0 bond1
10.67.26.64     0.0.0.0         255.255.255.192 U     0      0        0 bond1
10.70.21.64     0.0.0.0         255.255.255.192 U     0      0        0 bond0
10.95.10.0      0.0.0.0         255.255.255.0   U     0      0        0 eno4
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 bond2
169.254.0.0     0.0.0.0         255.255.0.0     U     1006   0        0 eno4
169.254.0.0     0.0.0.0         255.255.0.0     U     1009   0        0 eno52
169.254.0.0     0.0.0.0         255.255.0.0     U     1010   0        0 bond0
169.254.0.0     0.0.0.0         255.255.0.0     U     1011   0        0 bond1
169.254.0.0     0.0.0.0         255.255.0.0     U     1012   0        0 bond2
172.16.100.0    0.0.0.0         255.255.255.0   U     0      0        0 bond2
192.168.0.0     10.67.26.65     255.255.0.0     UG    0      0        0 bond1
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
[root@l28soadb1 ~]#

Server A is a HP-UX server. Server B is a Linux server.
I added the route in this Server A to the destination server (Server B) with this command :

# route add net 10.67.26.89 netmask 255.255.255.255 10.61.1.1 1

This added the route, however, I am still not able to ping to 10.67.26.89.

Could this be a firewall issue or something else?

zaxxon · July 21, 2016, 7:58am

Does 10.61.1.1 have a route to 10.67.26.0/23? I mean the router that has/is 10.61.1.1.

Maybe check additionally with traceroute how far you can get.

anaigini45 · July 25, 2016, 3:41am

This is the output of traceroute. Looks like it does not go anywhere :

L28ts03:root # traceroute 10.67.26.89
traceroute: Warning: Multiple interfaces found; using 10.10.10.2 @ lan3
traceroute to 10.67.26.89 (10.67.26.89), 30 hops max, 40 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
**** max ttl expired before reaching 10.67.26.89 (10.67.26.89)
L28ts03:root #

zaxxon · July 25, 2016, 4:44am

Maybe check with the network guys so that they can check/add a route to that network.

bakunin · August 4, 2016, 12:49pm

anaigini45:

I added the route in this Server A to the destination server (Server B) with this command :
# route add net 10.67.26.89 netmask 255.255.255.255 10.61.1.1 1
This added the route, however, I am still not able to ping to 10.67.26.89.

The route command says the following: if you got a packet for 10.67.26.89, then send it to 10.61.1.1 and the host owning this interface will know how to deal with it. Do you even get to 10.61.1.1? If not, this is the problem! (Tip: if you use ping to test specific connections you assume that the ICMP protocol - which is used by ping - is allowed. This is usually not the case in firewalled environments. They usually drop ICMP packets silently.

Use this:

telnet <targethost> <targetport#>

for tests then. You won't get a telnet connection at all, but you will find out if you get even there (connection attempts fails, usually with some banner from the application waiting behind the port) or not (connection times out with "host unreachable" or so).

In general systems should not know how to route (quite like routers should not do other work besides routing). This is why you should not explain to the routing table of your system about how to use the foreign address 10.61.1.1 to get to some remote server because you need to tell it how to get to 10.61.1.1 itself first. Let the routers decide this and tell the system which interface to use to send the packet:

# route add net 10.67.26.89 netmask 255.255.255.255 <your interfaces IP> 1

and the router adjacent to this interface should be able to forward it on its own. Otherwise your network design is flawed.

I hope this helps.

bakunin