Author Topic: unable to get two ebox machines to pass traffic  (Read 2236 times)

a.mcdear

  • Zen Apprentice
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
unable to get two ebox machines to pass traffic
« on: April 02, 2010, 01:01:24 am »
I have two ebox machines, both version 1.4-1. #1 is a gateway, with 2 lan subnets, one for PCs and one for communications with ebox machine #2. Both lan interfaces have static IPs, lan1 is internal, is 10.2.2.1/23. lan2 is also internal, IP is 10.2.4.1/23. DCHP server is enabled on both interfaces to pass out IPs to client PCs (or to the other ebox machine)

machine #2 has 3 lan subnets:
lan2.1 has a dynamic IP, set to internal since it is, it receives its IP from machine #1, currently 10.2.4.2/23. It sucessfully receives an IP from ebox machine #1.
lan3 is internal, static IP 10.2.6.1/23, DHCP server is enabled.
lan4 is internal, static IP 10.2.8.1/23, DHCP server enabled

All of the internal networks can communicate just fine if they are all connected to one ebox machine. However, ebox machine 1 and 2 wont talk to each other. Ebox#2 will successfully obtain a correct IP address from #1, and the correct information for ebox machine #1 shows up in the gateways section... however I cannot ping #1 from #2 or vice versa, nor can I ping any of the internal networks connected to the other machine. Internet traffic will not pass from machine #1 to the networks on machine #2.

Just to make sure the firewall wasn't getting in the way, I disabled it on both machines so that all traffic should be allowed in or out of either machine... still no luck. Any suggestions?
« Last Edit: April 02, 2010, 08:11:47 pm by a.mcdear »

poundjd

  • Zen Warrior
  • ***
  • Posts: 243
  • Karma: +0/-0
  • To your own morals be true!
    • View Profile
Re: unable to get two ebox machines to pass traffic
« Reply #1 on: April 05, 2010, 05:31:15 am »
a.mcdear,
     OK, can the PC's on the server 1's LANs see the INTERNET?  I'll assume so. but if not your first problem is with server 1.

     Now put one of those PC's on the LAN from server1 with server 2 and check that.  - it should get a DHCP address and network information and be able to hit the INTERNET.

     Now you know whither the issue is with server 1 or server 2

     Now that you have established that the problem is with server 2 - which I suspect. you need to look at it closely.

     I suspect that because Server 2 has no external NIC it is not forwarding packets clearly.  I would look at your DHCP server on Server 2 and your routing tables.  The DHCP information should list the Server 2 as the gateway router, if the server 2 is acting as a gateway router (which is should, but because it has no external interface it may not be.) The routing tables should show that packets from 10.2.6 & 10.2.8 need to be routed to 10.2.4.1 (Server 1) via the 10.2.4.2 NIC in Server 2.  I believe that this is what is happening to you.  - not a firewall issue.
-jeff
Jeffrey D. Pound, Sr.
CISSP
Still learning, hope to never stop!

a.mcdear

  • Zen Apprentice
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: unable to get two ebox machines to pass traffic
« Reply #2 on: April 07, 2010, 11:40:02 pm »
Ok that makes sense...
Where do I go to view what is currently set in the routing tables? All I can find is the location to enter a static route, which doesn't show whatever existing routes are already in the table..

Also, do you know if its possible to use a gateway on another LAN segment as a second gateway for multiple gateway use? In other words, can I use an internal interface as a second gateway if there is another physical gateway on that network segment?