<div dir="ltr"><div><div>This is driving me nuts.<br><br></div>I can ping the gateway but traceroute never completes. I can ping the working vIP and the traceroute does show connection but continues to poll "deeper". I can't ping the "missing" vIP and traceroute goes to neverneverland.<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 16, 2015 at 8:35 AM, Jim Kinney <span dir="ltr"><<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">I've got a firewall/router running centos 7. I've disabled firewalld and enabled iptables instead while I learn the new firewalld. </p>
<p dir="ltr">The box has a WAN nic with 3 IPs. One for itself and the other 2 for other systems. I'm using nat and have pre and post routing rules to do the translation.</p>
<p dir="ltr">Now for the weirdness.</p>
<p dir="ltr">One works and the other doesn't.</p>
<p dir="ltr">The rules are identical except for IPs. The rest of the LAN is simply nat translated outbound. They all work. One server, the :2 on the nic can't get outside at all if one the static translate. The :1 machine is fine.</p>
<p dir="ltr">Doing a tcpdump shows ping to WAN gateway going out and returning to outside nic but it then gets lost in the redirect.</p>
<p dir="ltr">There are explicit forward rules for needed ports but I opened it to all ports for the troubled machine.</p>
<p dir="ltr">It's a new machine that passed a full memtest+ run.</p>
<p dir="ltr">I'm stumped.</p>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr">-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br></i></i></i></i></div></div>
</div>