Different Ports Open on Interfaces Covered by the Same Active Zone

I’ve got a server - running Leap 15.3 - with three network cards - eth0, eth1, and eth2 - where eth0 and eth1 are in a bond (bond0). Both bond0 and eth2 have fixed IP addresses, 10.0.0.20/24 and 10.0.0.21/24, respectively. All interfaces are covered by the same active zone in the firewall, public. If I look at which ports are open, I get:

$ nmap -r 10.0.0.21
Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-15 10:58 CET
Nmap scan report for 10.0.0.21
Host is up (0.58s latency).
Not shown: 995 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   closed http
443/tcp  closed https
3000/tcp open   ppp
9080/tcp open   glrpc

Nmap done: 1 IP address (1 host up) scanned in 69.54 seconds
$ nmap -r 10.0.0.20
Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-15 11:00 CET
Nmap scan report for 10.0.0.20
Host is up (0.0031s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds

Why are there different ports open on the two interfaces when they are covered by the same zone?

For info:

> sudo firewall-cmd --state
running

> sudo firewall-cmd --check-config
success

> sudo firewall-cmd --get-active-zones
docker
  interfaces: docker0
public
  interfaces: eth0 eth1 eth2 bond0

> sudo firewall-cmd --info-zone=public
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: bond0 eth0 eth1 eth2
  sources: 
  services: grafana http https ssh
  ports: 3100/tcp 3100/udp 9080/tcp 9080/udp 3000/tcp 3000/udp
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

> ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000
    link/ether e8:48:b8:9a:c7:3a brd ff:ff:ff:ff:ff:ff
    altname enp6s0
3: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000
    link/ether e8:48:b8:9a:c7:3a brd ff:ff:ff:ff:ff:ff
    altname enp7s0
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 18:c0:4d:6f:b7:e0 brd ff:ff:ff:ff:ff:ff
    altname enp8s0
    inet 10.0.0.21/24 brd 10.0.0.255 scope global eth2
       valid_lft forever preferred_lft forever
    inet6 fe80::1ac0:4dff:fe6f:b7e0/64 scope link 
       valid_lft forever preferred_lft forever
5: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether e8:48:b8:9a:c7:3a brd ff:ff:ff:ff:ff:ff
    inet6 fe80::ea48:b8ff:fe9a:c73a/64 scope link 
       valid_lft forever preferred_lft forever

The configuration looks like this:

> sudo wicked show-config
[sudo] password for root: 
<interface origin="compat:suse:/etc/sysconfig/network/ifcfg-lo">
  <name>lo</name>
  <control>
    <mode>boot</mode>
    <boot-stage>localfs</boot-stage>
    <persistent>true</persistent>
  </control>
  <link/>
  <ipv4>
    <enabled>true</enabled>
    <forwarding>false</forwarding>
  </ipv4>
  <ipv4:static>
    <address>
      <local>127.0.0.1/8</local>
    </address>
  </ipv4:static>
  <ipv6>
    <enabled>true</enabled>
    <forwarding>false</forwarding>
    <privacy>prefer-public</privacy>
    <accept-redirects>false</accept-redirects>
  </ipv6>
  <ipv6:static>
    <address>
      <local>::1/128</local>
    </address>
  </ipv6:static>
</interface>
<interface origin="compat:suse:/etc/sysconfig/network/ifcfg-bond0">
  <name>bond0</name>
  <control>
    <mode>boot</mode>
  </control>
  <firewall/>
  <bond>
    <mode>active-backup</mode>
    <miimon>
      <frequency>100</frequency>
      <carrier-detect>netif</carrier-detect>
    </miimon>
    <slaves>
      <slave>
        <device>eth0</device>
      </slave>
      <slave>
        <device>eth1</device>
      </slave>
    </slaves>
  </bond>
  <link/>
  <ipv4>
    <enabled>true</enabled>
    <forwarding>false</forwarding>
    <arp-verify>true</arp-verify>
  </ipv4>
  <ipv4:static>
    <address>
      <local>10.0.0.20/24</local>
    </address>
    <route>
      <nexthop>
        <gateway>10.0.0.1</gateway>
      </nexthop>
    </route>
  </ipv4:static>
  <ipv6>
    <enabled>true</enabled>
    <forwarding>false</forwarding>
    <privacy>prefer-public</privacy>
    <accept-redirects>false</accept-redirects>
  </ipv6>
</interface>
<interface origin="compat:suse:/etc/sysconfig/network/ifcfg-eth0">
  <name>eth0</name>
  <control>
    <mode>hotplug</mode>
  </control>
  <firewall/>
  <link>
    <master>bond0</master>
  </link>
  <ipv4>
    <enabled>false</enabled>
  </ipv4>
  <ipv6>
    <enabled>false</enabled>
  </ipv6>
</interface>
<interface origin="compat:suse:/etc/sysconfig/network/ifcfg-eth1">
  <name>eth1</name>
  <control>
    <mode>hotplug</mode>
  </control>
  <firewall/>
  <link>
    <master>bond0</master>
  </link>
  <ipv4>
    <enabled>false</enabled>
  </ipv4>
  <ipv6>
    <enabled>false</enabled>
  </ipv6>
</interface>
<interface origin="compat:suse:/etc/sysconfig/network/ifcfg-eth2">
  <name>eth2</name>
  <control>
    <mode>boot</mode>
  </control>
  <firewall/>
  <link>
    <mtu>1500</mtu>
  </link>
  <ipv4>
    <enabled>true</enabled>
    <forwarding>false</forwarding>
    <arp-verify>true</arp-verify>
  </ipv4>
  <ipv4:static>
    <address>
      <local>10.0.0.21/24</local>
    </address>
  </ipv4:static>
  <ipv6>
    <enabled>true</enabled>
    <forwarding>false</forwarding>
    <privacy>prefer-public</privacy>
    <accept-redirects>false</accept-redirects>
  </ipv6>
</interface>

Show output of

ss -lntp

as root on this server.

When you listed your IP addresses, did you notice that 10.0.0.20 is not listed as the address for bond0?


> sudo ss -lntp
State  Recv-Q Send-Q  Local Address:Port    Peer Address:Port                                             
LISTEN 0      128           0.0.0.0:22           0.0.0.0:*     users:(("sshd",pid=29986,fd=3))            
LISTEN 0      100         127.0.0.1:25           0.0.0.0:*     users:(("master",pid=1918,fd=13))          
LISTEN 0      128                 *:46637              *:*     users:(("promtail",pid=6584,fd=9))         
LISTEN 0      50                  *:40111              *:*     users:(("java",pid=21847,fd=105))          
LISTEN 0      50                  *:41073              *:*     users:(("java",pid=16531,fd=106))          
LISTEN 0      50                  *:19092              *:*     users:(("java",pid=16133,fd=119))          
LISTEN 0      50                  *:19093              *:*     users:(("java",pid=16531,fd=119))          
LISTEN 0      50                  *:39989              *:*     users:(("java",pid=16133,fd=106))          
LISTEN 0      50                  *:19094              *:*     users:(("java",pid=16971,fd=119))          
LISTEN 0      128              ::]:22              ::]:*     users:(("sshd",pid=29986,fd=4))            
LISTEN 0      128                 *:9080               *:*     users:(("promtail",pid=6584,fd=8))         
LISTEN 0      128                 *:3000               *:*     users:(("grafana-server",pid=1674,fd=10))  
LISTEN 0      100             ::1]:25              ::]:*     users:(("master",pid=1918,fd=14))          
LISTEN 0      50                  *:36475              *:*     users:(("java",pid=16971,fd=106))          
LISTEN 0      128                 *:3100               *:*     users:(("loki-linux-amd6",pid=2993,fd=10)) 
LISTEN 0      50                  *:42081              *:*     users:(("java",pid=21122,fd=105))          
LISTEN 0      50                  *:9092               *:*     users:(("java",pid=16133,fd=131))          
LISTEN 0      50                  *:9093               *:*     users:(("java",pid=16531,fd=131))          
LISTEN 0      50                  *:9094               *:*     users:(("java",pid=16971,fd=131))          
LISTEN 0      50                  *:38471              *:*     users:(("java",pid=21493,fd=105))          
LISTEN 0      128                 *:9096               *:*     users:(("loki-linux-amd6",pid=2993,fd=11)) 


Eh… Isn’t it?


<interface origin="compat:suse:/etc/sysconfig/network/ifcfg-bond0">
  <name>bond0</name>
  <control>
    <mode>boot</mode>
  </control>
  <firewall/>
  <bond>
    <mode>active-backup</mode>
    <miimon>
      <frequency>100</frequency>
      <carrier-detect>netif</carrier-detect>
    </miimon>
    <slaves>
      <slave>
        <device>eth0</device>
      </slave>
      <slave>
        <device>eth1</device>
      </slave>
    </slaves>
  </bond>
  <link/>
  <ipv4>
    <enabled>true</enabled>
    <forwarding>false</forwarding>
    <arp-verify>true</arp-verify>
  </ipv4>
  <ipv4:static>
    <address>
      <local>10.0.0.20/24</local>
    </address>
    <route>
      <nexthop>
        <gateway>10.0.0.1</gateway>
      </nexthop>
    </route>
  </ipv4:static>
  <ipv6>
    <enabled>true</enabled>
    <forwarding>false</forwarding>
    <privacy>prefer-public</privacy>
    <accept-redirects>false</accept-redirects>
  </ipv6>
</interface>

It’s right there in the <local>-tag and defined in the same manner as for eth2, but with the 10.0.0.20 static address instead of 10.0.0.21.

No, it is not.

It’s right there in the <local>-tag

It does not matter what is in configuration. This address is not active on any interface on your system. Most likely it is active somewhere else and wicked is refusing to configure duplicate address.

Ah. Right. Acute blindness on my part. So…


bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000     link/ether e8:48:b8:9a:c7:3a brd ff:ff:ff:ff:ff:ff
    inet6 fe80::ea48:b8ff:fe9a:c73a/64 scope link 
       valid_lft forever preferred_lft forever

…with no ipv4-address defined. Any inkling to where I should start looking for conflicting address definitions? Thanks.

Check ARP cache (ip neigh) which MAC address has it; check logs what wicked says about this interface. You need to access this IP address (e.g. ping) before it is entered in cache.

I guess something is awry with the configurations of eth0 and eth1, because according to IP address above, both have the same MAC. In anycase, following your suggestions:

Pinging 10.0.0.20 from another machine and then doing IP neigh on that machine gives me:


$ ip neigh
10.0.0.21 dev enxd46e0e062a09 lladdr 18:c0:4d:6f:b7:e0 REACHABLE
10.0.0.21 dev enp3s0 lladdr 18:c0:4d:6f:b7:e0 STALE
10.0.0.20 dev enxd46e0e062a09 lladdr 18:a6:f7:da:c4:0e REACHABLE

I then tried to look for the 10.0.0.20 MAC for in the logs :


//var/log> sudo ls -l | sudo find ./ -type f -name "*log" -exec grep "18:a6:f7:da:c4:0e" {} \;

That gave me nothing. However, looking for the eth0/eth1 MAC gave me information overload:


//var/log> sudo ls -l | sudo find ./ -type f -name "*log" -exec sudo grep "e8:48:b8:9a:c7:3a" {} \;
2021-12-16 14:52:04 <1> localhost(5015) [Ruby] modules/NetHwDetection.rb(Start):112 IFCONFIG1: $"exit":0, "stderr":"", "stdout":"1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000
    link/ether e8:48:b8:9a:c7:3a brd ff:ff:ff:ff:ff:ff
    altname enp6s0
3: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000
    link/ether e8:48:b8:9a:c7:3a brd ff:ff:ff:ff:ff:ff
    altname enp7s0
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 18:c0:4d:6f:b7:e0 brd ff:ff:ff:ff:ff:ff
    altname enp8s0
    inet 10.0.0.21/24 brd 10.0.0.255 scope global eth2
       valid_lft forever preferred_lft forever
    inet6 fe80::1ac0:4dff:fe6f:b7e0/64 scope link 
       valid_lft forever preferred_lft forever
5: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether e8:48:b8:9a:c7:3a brd ff:ff:ff:ff:ff:ff
    inet6 fe80::ea48:b8ff:fe9a:c73a/64 scope link 
       valid_lft forever preferred_lft forever
"]
2021-12-16 14:52:05 <1> localhost(5015) [Ruby] modules/NetHwDetection.rb(Start):122 IFCONFIG2: $"exit":0, "stderr":"", "stdout":"1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000
    link/ether e8:48:b8:9a:c7:3a brd ff:ff:ff:ff:ff:ff
    altname enp6s0
3: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000
    link/ether e8:48:b8:9a:c7:3a brd ff:ff:ff:ff:ff:ff
    altname enp7s0
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 18:c0:4d:6f:b7:e0 brd ff:ff:ff:ff:ff:ff
    altname enp8s0
    inet 10.0.0.21/24 brd 10.0.0.255 scope global eth2
       valid_lft forever preferred_lft forever
    inet6 fe80::1ac0:4dff:fe6f:b7e0/64 scope link 
       valid_lft forever preferred_lft forever
5: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether e8:48:b8:9a:c7:3a brd ff:ff:ff:ff:ff:ff
    inet6 fe80::ea48:b8ff:fe9a:c73a/64 scope link 
       valid_lft forever preferred_lft forever
"]


In the persisten-net rules the eths are correct:


> sudo cat /etc/udev/rules.d/70-persistent-net.rules 
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="18:c0:4d:6f:b7:e0", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth2"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="e8:48:b8:9a:f5:19", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="e8:48:b8:9a:c7:3a", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

In wicked, I get:


> sudo systemctl status wicked
● wicked.service - wicked managed network interfaces
     Loaded: loaded (/usr/lib/systemd/system/wicked.service; enabled; vendor preset: disabled)
     Active: active (exited) since Thu 2021-12-16 11:00:27 CET; 3h 48min ago
    Process: 1137 ExecStart=/usr/sbin/wicked --systemd ifup all (code=exited, status=0/SUCCESS)
   Main PID: 1137 (code=exited, status=0/SUCCESS)

dic 16 10:59:57 localhost systemd[1]: Starting wicked managed network interfaces...
dic 16 11:00:27 localhost wicked[1137]: lo              up
dic 16 11:00:27 localhost wicked[1137]: eth0            enslaved
dic 16 11:00:27 localhost wicked[1137]: eth1            enslaved
dic 16 11:00:27 localhost wicked[1137]: eth2            up
dic 16 11:00:27 localhost wicked[1137]: bond0           device-not-running
dic 16 11:00:27 localhost systemd[1]: Finished wicked managed network interfaces.

FYI, output from lspci:


06:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)
    Subsystem: Realtek Semiconductor Co., Ltd. TP-Link TG-3468 v4.0 Gigabit PCI Express Network Adapter
    Flags: bus master, fast devsel, latency 0, IRQ 34
    I/O ports at e000 [size=256]
    Memory at f7404000 (64-bit, non-prefetchable) [size=4]
    Memory at f7400000 (64-bit, non-prefetchable) [size=16]
    Capabilities: [40] Power Management version 3
    Capabilities: [50] MSI: Enable- Count=1/1 Maskable- 64bit+
    Capabilities: [70] Express Endpoint, MSI 01
    Capabilities: [b0] MSI-X: Enable+ Count=4 Masked-
    Capabilities: [d0] Vital Product Data
    Capabilities: [100] Advanced Error Reporting
    Capabilities: [140] Virtual Channel
    Capabilities: [160] Device Serial Number 01-00-00-00-68-4c-e0-00
    Capabilities: [170] Latency Tolerance Reporting
    Capabilities: [178] L1 PM Substates
    Kernel driver in use: r8169
    Kernel modules: r8169

07:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)
    Subsystem: Realtek Semiconductor Co., Ltd. TP-Link TG-3468 v4.0 Gigabit PCI Express Network Adapter
    Flags: bus master, fast devsel, latency 0, IRQ 31
    I/O ports at d000 [size=256]
    Memory at f7304000 (64-bit, non-prefetchable) [size=4]
    Memory at f7300000 (64-bit, non-prefetchable) [size=16]
    Capabilities: [40] Power Management version 3
    Capabilities: [50] MSI: Enable- Count=1/1 Maskable- 64bit+
    Capabilities: [70] Express Endpoint, MSI 01
    Capabilities: [b0] MSI-X: Enable+ Count=4 Masked-
    Capabilities: [d0] Vital Product Data
    Capabilities: [100] Advanced Error Reporting
    Capabilities: [140] Virtual Channel
    Capabilities: [160] Device Serial Number 01-00-00-00-68-4c-e0-00
    Capabilities: [170] Latency Tolerance Reporting
    Capabilities: [178] L1 PM Substates
    Kernel driver in use: r8169
    Kernel modules: r8169

08:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 16)
    Subsystem: Gigabyte Technology Co., Ltd Onboard Ethernet
    Flags: bus master, fast devsel, latency 0, IRQ 39
    I/O ports at c000 [size=256]
    Memory at f7204000 (64-bit, non-prefetchable) [size=4]
    Memory at f7200000 (64-bit, non-prefetchable) [size=16]
    Capabilities: [40] Power Management version 3
    Capabilities: [50] MSI: Enable- Count=1/1 Maskable- 64bit+
    Capabilities: [70] Express Endpoint, MSI 01
    Capabilities: [b0] MSI-X: Enable+ Count=4 Masked-
    Capabilities: [100] Advanced Error Reporting
    Capabilities: [140] Virtual Channel
    Capabilities: [160] Device Serial Number e0-b7-6f-4d-c0-18-00-00
    Capabilities: [170] Latency Tolerance Reporting
    Capabilities: [178] L1 PM Substates
    Kernel driver in use: r8169
    Kernel modules: r8169

All in all, I am still not sure where the erroneous MAC address is coming from. Tried to fix it by deleting the bond and the eth-configurations in YaST2, and then adding at anew but that did nothing.[/size][/size][/size][/size][/size][/size][/size][/size][/size]

18:A6:F7 Tp-Link Technologies Co.,Ltd.
18:C0:4D Giga-Byte Technology Co.,Ltd.

Do you have TP-Link device in your network?

Yup. At least a couple of switches and an access point.

So you have MAC address of device that has this IP, what is the problem to find device?

None. I got stuck on thinking that the problem was the identical MACs for eth0 and eth1 and/or some configuration problem on the server. There shouldn’t be any devices with the same IP on this static network. But there is. Someone has gone and connected something and defined a static connection all by themselves without asking… :expressionless:


Nmap scan report for 10.0.0.20
Host is up (0.0027s latency).
All 1000 scanned ports on 10.0.0.20 are unfiltered
MAC Address: 18:A6:F7:DA:C4:0E (Tp-link Technologies)

Finally found the culprit. Disconnected the TP-Link device and now everything works without a hitch. Thanks for the help, @arvidjaar.


Nmap scan report for 10.0.0.20
Host is up (0.00066s latency).
Not shown: 995 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   closed http
443/tcp  closed https
3000/tcp open   ppp
9080/tcp open   glrpc

Nmap scan report for 10.0.0.21
Host is up (0.00074s latency).
Not shown: 995 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   closed http
443/tcp  closed https
3000/tcp open   ppp
9080/tcp open   glrpc