Problem in connecting TCP services between 2 Solaris Servers

neel.gurjar · June 30, 2007, 6:15pm

Hi,

I have 3 solaris servers. Two servers of differnet network and one gateway.
Server1 --> 192.168.0.1 --> Solaris 9
Server2 --> 10.27.40.2 --> Solaris 10
Server3 --> Iface1 --> 192.168.0.5 --> Solaris 10 --> Gateway
Iface2 --> 10.27.40.5

Now I am able to ssh from Server1 to Server2 through gateway but I am not able to ssh Server1 from Server2. From Server2 I checked Ping to server1 it works then traceroute also work properly only ssh, NFS and other TCP services are not working...

Please help me in this..
Thanks
NeeleshG

porter · June 30, 2007, 6:45pm

Does the server you cannot ssh to have sshd running?

You mention gateways, are there any firewalls?

neel.gurjar · June 30, 2007, 8:02pm

Yes sshd is running. And when I ssh server3 from server1 and ssh server2 from server3 it works.
There is no firewall.

Thanks
NeeleshG

porter · June 30, 2007, 9:09pm

It sounds like either your routing or your netmasks are wrong.

Can you list each machine's network interfaces, IP addresses and netmasks.
Then list what ever routes including default routes you have configured.

neel.gurjar · July 4, 2007, 1:38am

Server1 - ce0 - 192.168.0.1/255.255.255.0 --> Solaris 9

Routing Table:

netstat -nr

10.27.40.2 192.168.0.5 UGH 1 20
default 192.168.0.254 UG 19171880
127.0.0.1 127.0.0.1 UH 82129125 lo0

Server2

Server2 --> 10.27.40.2/255.255.255.0 --> Solaris 10

Routing table:

192.168.0.0 10.27.40.5 UG 1 77518
default 10.27.40.2 UG 1 352170
127.0.0.1 127.0.0.1 UH 264213562 lo0

Server3

ce0 --> 192.168.0.5/255.255.255.0 --> Solaris 10 --> Gateway
ce1 --> 10.27.40.5/255.255.255.0

10.27.40.0 10.27.40.5 U 1 65134 ce1
default 192.168.0.254 UG 1 84121 ce0
127.0.0.1 127.0.0.1 UH 10351386451 lo0

neel.gurjar · July 4, 2007, 1:55am

I checked routing from both side with traceroute it works properly. It goes to gateway first and then server.

When I ssh from server1 to server2 it works. but when I ssh from server2 to server1 it doesnt work. So I sniffed pacekts with snoop on all all servers. Then I got that, server2 send packets it goes to server3 then it goest to server1. Server1 sends reply to each packet but server3 doesnt reseive thore replies from Server1. Here is the problem. Please help

When I SSH from Server1 to Server2 :

         ssh      \(gw\)

Server1 ----> Server3 ----> Server2
Server1 <---- Server3 <---- Server2

When I SSH from Server2 to Server1 :

ssh

Server2 ----> Server3 ----> Server1
Server2 Server3 X <---- Server1

porter · July 4, 2007, 12:01pm

Can you enable something like telnet temporarily and confirm this exhibits the same problem?

neel.gurjar · July 4, 2007, 10:16pm

Hi

Telnet is also not working.
I am not able to telnet to server1 from server2. But I am able to connect with telnet from server3 to server1.

Thanks
NeeleshG:confused:

porter · July 4, 2007, 10:59pm

Is server3 acting as purely a router or as a firewall?

neel.gurjar · July 4, 2007, 11:28pm

Server 3 is purely for Gateway only. There is no software and hardware firewall is used.

Note: I saw that there is single NIC in Server1 but 4 virtual IPs. All Ips are from same network and all are having same netmask 255.255.255.0.

Firstly I didnot consider it but now I think there may something about it. in netstat -nr also all IP is gateway for same network.

Could it be the reason ?

Thanks
NeeleshG

porter · July 4, 2007, 11:44pm

Where is the hardware firewall, does this affect the picture, what is it doing?

Have you tried using ssh to each address?

neel.gurjar · July 4, 2007, 11:50pm

There is no hardware firewall used.

Thanks
NeeleshG

porter · July 4, 2007, 11:57pm

When you successfully telnet from server2 to server1 where does telnet say you are connecting from? Eg do it a couple of times then see what it says on the successful login prompt.

Also, when you are successful, do a netstat -a and look for your connection pairs that refer to your tcp connection, this will tell you what IP addresses are being used at either end for the session.

neel.gurjar · July 5, 2007, 1:08am

But I am not able to telnet to server1 from server2.

I am not able to connect to server1 from server2

That is the problem....

Thanks
NeeleshG

neel.gurjar · July 5, 2007, 1:22am

I tried to telnet server3 from server1 it is showing..

Connecting from given server1 IP and in netstat -an also it is showing same IP.

Thanks
NeeleshG

neel.gurjar · July 5, 2007, 1:25am

Hi,
Can we have a chat on Google Talk. My email id for google is email address removed

If you can give me your email address from gmail we can chat directly if possible.

Thanks
NeeleshG

porter · July 5, 2007, 1:31am

Sorry, you said you can connect from server1 to server2.

What I want you to do is confirm the IP addresses on one successful TCP stream between the two boxes that goes across the gateway.

You establish this TCP connection with telnet, ssh or whatever,then look for the IP address pairs in netstat.

zazzybob · July 5, 2007, 1:31am

neel.gurjar - Please review our rules - in particular Rule 10

Thanks,
ZB

neel.gurjar · July 5, 2007, 1:35am

Yes I tried conecting ssh from server1 to server2 and checked in netstat -an then I found that ESTABLISHED connection is from the same IP which I have already given..

Thanks
NeeleshG

NOTE : And sorry team for posting my email address...

neel.gurjar · July 5, 2007, 1:38am

Sorry ZB,
My plan was to upload chat on forum directly. So I can resolve issue earlier and team will also get benifit. I know forums are for benifit of all... as I also manage one linux forum....

Thanks
NeeleshG