I have a SuSE server (sorry but no idea what version of SuSe it’s running… I’d take a guess at 10.0) on a network with several other SuSE servers.
They are all able to be SSHed externally as well as internally and all have their local firewalls disabled.
I just had to reboot one of the servers and it is behaving quite strangely. I am able to SSH in and out of it externally, but can’t SSH in and out of it internally.
When trying to SSH out internally I get the message:
“ssh: connect to host ... port 22: No route to host”
When trying to SSH in internally I get the message:
“ssh: connect to host ... port 22: Connection timed out”
Using ssh -v doesn’t give any more useful information.
I have double checked that the IP is correct and that the internal firewall is disabled etc.
The external firewall hasn’t got anything that would prevent it (and shouldn’t be an issue anyway as it’s an internal only problem… SSH externally works fine).
Also, it might help to know that I have the same problem with ping. I can ping this server from an external system, but not from an internal one.
I think I’ll rebuild the server next week. Been having a few other issues with it too and if it persists after that I’ll have a look at changing the hardware.
Also having your firewalls disabled isn’t the best practice, and should
have nothing to do with this, but that’s beside the point. If you can get
the results from the commands above from this machine as well as others
that could help.
Good luck.
mattm591 wrote:
> Couldn’t see anything out of place in ethtool.
>
> I think I’ll rebuild the server next week. Been having a few other
> issues with it too and if it persists after that I’ll have a look at
> changing the hardware.
>
> Thanks for your help.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
The response from ip route for the problem server was:
...0/24 dev eth0 proto kernel scope link src ...93 ...0/24 dev eth1 proto kernel scope link src ...98
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via ..*.2 dev eth1
For a working server:
...0/24 dev eth0 proto kernel scope link src ...95
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via ..*.2 dev eth0
resolv.conf is identical for both
nameserver ..1.250
nameserver ..0.250
search local
The places I replaced with * were identical for both.
Good. That’s about what I expected from your previous post. Specifically
on your broken box you have both NICs plugged in, or at least both of them
think they are plugged in (notice they state UP as part of their status).
Unplug them for reals, or just disable them completely since you aren’t
(and shouldn’t be) using them. I’m guessing the problem is here from the ip route command:
>> ...0/24 dev eth0 proto kernel scope link src ...93
>> ...0/24 dev eth1 proto kernel scope link src ...98
I’m not 100% sure but that .93 is first makes me think it will be tried
first (fairly sure really) and that is not going to be a good thing for
you since that NIC isn’t working at some level. Be sure this is cleaned
up after you disable/unplug eth0 in order for things to take off.
Alternatively, make eth0 your .98 and eth1 your .93 and see if that helps
(you should still disable the other NIC).
Good luck.
mattm591 wrote:
> Thanks for the reply.
>
> The response from ip addr for the problem server was:
>
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> inet 127.0.0.1/8 scope host lo
>> 2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
>> qlen 1000
>> link/ether 00:1d:7d:06:ea:3d brd ff:ff:ff:ff:ff:ff
>> inet ...93/24 brd ...255 scope global eth0
>> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> qlen 1000
>> link/ether 00:1d:7d:06:ea:4d brd ff:ff:ff:ff:ff:ff
>> inet ...98/24 brd ...255 scope global eth1
>
> From a working server I got
>> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> inet 127.0.0.1/8 scope host lo
>> inet6 ::1/128 scope host
>> valid_lft forever preferred_lft forever
>> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
>> link/ether 00:15:17:37:4d:ff brd ff:ff:ff:ff:ff:ff
>> inet ...95/24 brd ...255 scope global eth0
>> inet6 fe80::215:17ff:fe37:4dff/64 scope link
>> valid_lft forever preferred_lft forever
>> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
>> link/ether 00:15:17:37:4e:00 brd ff:ff:ff:ff:ff:ff
>> 4: sit0: <NOARP> mtu 1480 qdisc noop
>> link/sit 0.0.0.0 brd 0.0.0.0
>
> The response from ip route for the problem server was:
>
>> ...0/24 dev eth0 proto kernel scope link src ...93
>> ...0/24 dev eth1 proto kernel scope link src ...98
>> 169.254.0.0/16 dev eth0 scope link
>> 127.0.0.0/8 dev lo scope link
>> default via ...2 dev eth1
>
> For a working server:
>
>> ...0/24 dev eth0 proto kernel scope link src ...95
>> 169.254.0.0/16 dev eth0 scope link
>> 127.0.0.0/8 dev lo scope link
>> default via ...2 dev eth0
>
> resolv.conf is identical for both
>
>> nameserver ..1.250
>> nameserver ..0.250
>> search local
>
> The places I replaced with * were identical for both.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
A couple ways… first, go into Yast and disable that interface. That is
probably the best way since it will persist across reboots.
In the meantime the typical ifup/ifdown options work, and you can even use
the /etc/init.d/network script to disable one of multiple interfaces as
shown here:
/etc/init.d/network
Usage: /etc/init.d/network <action> <config>] <interface>] -o <options>]
actions: start|stop|status|reload|force-reload|try-restart
restart|stop-all-dhcp-clients|restart-all-dhcp-clients
options: [on]boot,hotplug,manual,check,debug,fake,nm,netcontrol
type=<typelist>,skip=<skiplist>
typelist: space seperated list of interface types
skiplist: space seperated list of interfaces to skip for ‘start’
So… /etc/init.d/network stop eth0
Or the more traditional way:
/sbin/ifdown eth0
The consideration, then, is whether or not route gets cleaned up, which
you can manipulate with the ip or route commands.
Good luck.
mattm591 wrote:
> Thanks for this.
>
> The server is remote and (should) only have something plugged into
> eth1.
>
> Is there anyway to disable eth0 without physically being able to remove
> anything that may be plugged into it (pretty sure there isn’t).
>
> I’m not sure how to disable an ethernet in SuSE because all the config
> files are so tied to yast.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/