Weird connection issues post-install [SOLVED]

[christian]

I can't think why the switch would differentiate between the zentyal server and any of the others...

Me neither but it's late here and I need to sleep a bit  let's think about this later...

[Sam Graf]

... For example, I can ping my media server from my laptop but I can't ssh into it. I get an "ssh: connect to host 192.168.1.11 port 22: Connection refused" message, even though that server is set up to allow incoming ssh connections....

Since this IP address isn't in your DHCP range, where is it getting assigned?

[MikeHartman]

I set up some fixed IPs to match the setup on the previous router. I created an object called "fixed", added a bunch of members with host name, MAC and desired IP, and then selected that object under DHCP->Fixed addresses. Seems to work for all the machines I set up that way. The laptops that are able to ssh to each other are in that list too, so I don't think it's a problem with fixed vs dynamic IPs or anything like that.

[christian]

1 - Your method to create "fixed DHCP by MAC address" is the correct one although it's very strange to allocate such DHCP addresses out of the range.
2 - "connection refused" message means that you can reach destination server. You should check whenever your SSH server is not configured with some limitation (have a look at /etc/hosts.deny and /etc/hosts.allow). You should also have something in /var/syslog showing SSH connection isn't it?
3 - you may have in IPtables module dynamically rejecting source IP if you made too many attempts within short period of time.
4 - is you switch a real switch?   

[MikeHartman]

1) That's a holdover from the setup on my other router, but it makes sense to me. If the range is where the dynamically allocated addresses are coming from, it seems like a good idea to keep the fixed addresses separate. Even if the router won't accidentally hand out a fixed address to someone else because the normal owner isn't currently online it's handy to know that any IP in range X was dynamic. I.e. if all my "known" machines are given fixed IPs and I see an IP in the dynamic range in some error log somewhere, I immediately know that it was a friend's machine or even someone who broke into my wifi that caused the problem.

2) I'll double-check, but that's very weird. My network topology is pretty much identical to what it was pre-zentyal. I'm using the same IP ranges, the media server has the same IP it had before, and so does the laptop. So if the media server was only set to accept certain IPs/IP ranges before, those same IPs are what's in use now.

3) I don't have IPtables running on the media server so I'm pretty sure that's not it.

4) Yep, real switch mounted in the rack. SMCGS16 EZ - it's unmanaged and has no config that might have gotten messed up.

[christian]

2) I'll double-check, but that's very weird. My network topology is pretty much identical to what it was pre-zentyal. I'm using the same IP ranges, the media server has the same IP it had before, and so does the laptop. So if the media server was only set to accept certain IPs/IP ranges before, those same IPs are what's in use now.

Well, laptop is using now DHCP isn't it?
Anyway... anything in syslog on target server?

[MikeHartman]

Both the media server and laptop are using DHCP, and the DHCP server is set up to hand them the same fixed addresses every time, but that's the same setup I had with the old router. So either way, the server is always *.11 and the laptop is always *.25.

I'll check the logs on the target server shortly. It's at the other end of the house and I've been spoiled all these years by SSH - I hardly ever walk down there.

[MikeHartman]

I couldn't find any ssh entries in the media server logs at all - tried dmesg, /var/log/messages, etc. However, I finally gave up and ran that machine through a full reboot. I had no idea which part of the stack might have stale info, figured I'd go with the scorched earth approach.

That seems to have done it. As soon as it came back up I could connect to it. Still seems very odd to me since all the computers remained attached to the same IPs. All the network changes should have been completely transparent to it unless there's some weird handshaking going on in the background that I'm not aware of.

But anyway, it's working now and doesn't seem to have been related to zentyal so I'll continue tweaking and let everyone resume their normal business. Thanks for the help!