[TriLUG] SLES 9 and networking question

Chander Ganesan chander at otg-nc.com
Tue Feb 28 12:53:49 EST 2006 

kevin at flanagannc.net wrote:
>    I have a SLES 9 system that is connected to my internal corporate
> (10.x.x.x) network, I am attempting to connect it to a DMZ (172.x.x.x)
> as well, but not route between the two.
>
>   When I set all interfaces to DHCP the 10 net has a server and
> reservation, it gets an address and is reachable.
>
>   When I turn on the 172 net interface I get dropped from my connection on
> the 10 net.
>
>   I have tried to assign the info, address, mask, gateway to the 10 net
> interface in YAST as static, same result.
>
>   YAST is really starting to bother me, I'm afraid that if I change files
> by hand they will get written over by YAST next time I go in to it.
>
>    Did I mention that another group officially supports the system?  They
> just aren't helping....
>
>    Does anyone know enough SLES to point me in the right direction?
>   
Hi Kevin,

This sounds like a routing issue...

At first glance, I would say that you'll probably want to add an entry 
in /etc/sysconfig/network/routes that looks like the following:

# Destination                  Gateway                  netmask         
                  device
172.0.0.0      0.0.0.0      255.0.0.0      eth1

That would tell Linux to route packets destined to 172.0.0.0 through the 
eth1 device.  Is your 172 net interface a DHCP assigned address?  If so, 
you might find it easiest to make the change through YaST to use a 
static IP - use expert routing to set these settings (or put them in the 
file directly).  If the 172 net has subnets then we could use metrics to 
get Linux to route to the right place for different subnets inside...

This is just a guess, since Linux should be able to "talk" to either of 
the two local networks without needing any routing information (since 
they are local networks) - the route is used when you try to go "off" of 
the subnet.  The output of /sbin/route -n when both interfaces, and the 
IP address of the host that "loses" connectivity would be helpful here.  
I'm wondering if the machine that you are using to connect to the linux 
system is on a different subnet than the linux system (then things would 
make more sense).  Can you connect to the linux box from a host on the 
same subnet as it when this problem occurs?

For packets to get to the 172 network they'd have to originate on the 
linux system (since you aren't doing any routing).  If you wanted to do 
this from your desktop you could use PuTTy to create a SSH socks proxy 
and then use the proxy to access the 172 network...

You can use SuSEconfig to determine whether or not files will change 
(run it and see).  Typically the files that YaST refers to/modifies are 
in /etc/sysconfig, and most settings can be made there (by hand) and 
applied with SuSEconfig (a shell script).  The biggest "gotchas" tend to 
be startup related things (such as apache modules) which come from 
/etc/sysconfig/apache2 as opposed to the typical 'modules.conf' file.

We're a Novell training partner and provide a wide range of SUSE Linux 
training - and a much wider range of open source training (MySQL, 
PostgreSQL, PHP, Linux, etc.) if you want to learn more. :-)

-- 
Chander Ganesan
Open Technology Group, Inc.
One Copley Parkway, Suite 210
Morrisville, NC  27560
Phone: 877-258-8987/919-463-0999
http://www.otg-nc.com

More information about the TriLUG mailing list