Interfaces on 192.168.1.0/24 lose connectivity to all other subnets.
Posted: 2018/06/11 08:27:55
I have a strange problem. The interfaces in question I have not modified their settings in quite a long time. I had temporarily created an OVS bridge and some ports on another interface and that is when the change occured. After removing that bridge and even turning off those interfaces the problem persits.
The host in question (kvm-2).
eno1 - 192.168.1.144
enp10s0f0 ---> bridge00 (OVS) 192.168.1.146
kvm-2 (host in question):
Cannot ping: 192.168.40.1 (router/gateway), 192.168.40.24 (laptop)
192.168.50.1, 192.168.50.0/24
Can ping both directions:
192.168.1.179 (laptop on ethernet)
192.168.1.143 (raspberry pi)
My laptop:
Wifi: 192.168.40.24 - cannot connect 192.168.1.144 or .146
Can connect all other hosts on 192.168.1.0/24
Can connect: 192.168.50.0/24 (all hosts)
Example host 192.168.50.25
Can connect: 192.168.40.1, 192.168.40.24
Can connection: 192.168.1.1, 192.168.1.143
Cannot connect 192.168.1.144, 192.168.1.146
ip a sh:
route -n
ifcfg-eno1
ifcfg-enp10s0f0 (ovs bridge00 on this interface]
ovs-vsctl show
show config from my edgerouter x
I'm really stumped here. The only changes I made were on enp10s0f1, enp8s0f0/1 and i have since reverted and even set those interfaces to down. eno1 and enp10s0f have been configured the same for a long time so I am not sure where to go from here. Any help much appreciated.
The host in question (kvm-2).
eno1 - 192.168.1.144
enp10s0f0 ---> bridge00 (OVS) 192.168.1.146
kvm-2 (host in question):
Cannot ping: 192.168.40.1 (router/gateway), 192.168.40.24 (laptop)
192.168.50.1, 192.168.50.0/24
Can ping both directions:
192.168.1.179 (laptop on ethernet)
192.168.1.143 (raspberry pi)
My laptop:
Wifi: 192.168.40.24 - cannot connect 192.168.1.144 or .146
Can connect all other hosts on 192.168.1.0/24
Can connect: 192.168.50.0/24 (all hosts)
Example host 192.168.50.25
Can connect: 192.168.40.1, 192.168.40.24
Can connection: 192.168.1.1, 192.168.1.143
Cannot connect 192.168.1.144, 192.168.1.146
ip a sh:
Code: Select all
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp8s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:1b:21:a9:69:20 brd ff:ff:ff:ff:ff:ff
3: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 40:2c:f4:e9:f4:14 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.144/24 brd 192.168.1.255 scope global dynamic eno1
valid_lft 86333sec preferred_lft 86333sec
inet6 fe80::dbe3:6e0:c7d:9274/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: enp8s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:1b:21:a9:69:21 brd ff:ff:ff:ff:ff:ff
5: enp10s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovs-system state UP group default qlen 1000
link/ether 00:1b:21:a9:69:24 brd ff:ff:ff:ff:ff:ff
inet6 fe80::21b:21ff:fea9:6924/64 scope link
valid_lft forever preferred_lft forever
6: enp10s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:1b:21:a9:69:25 brd ff:ff:ff:ff:ff:ff
7: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 12:75:a4:89:b1:9d brd ff:ff:ff:ff:ff:ff
9: bridge00: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 00:1b:21:a9:69:24 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.146/24 brd 192.168.1.255 scope global dynamic bridge00
valid_lft 79896sec preferred_lft 79896sec
inet6 fe80::21b:21ff:fea9:6924/64 scope link
valid_lft forever preferred_lft forever
10: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:4b:f3:86 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
11: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:4b:f3:86 brd ff:ff:ff:ff:ff:ff
12: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:d9:7e:9d brd ff:ff:ff:ff:ff:ff
inet 192.168.200.1/24 brd 192.168.200.255 scope global virbr1
valid_lft forever preferred_lft forever
13: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN group default qlen 1000
link/ether 52:54:00:d9:7e:9d brd ff:ff:ff:ff:ff:ff
15: graylog-vm: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:e6:d7:88 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fee6:d788/64 scope link
valid_lft forever preferred_lft forever
16: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:3b:e4:43 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe3b:e443/64 scope link
valid_lft forever preferred_lft forever
17: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:cb:1d:41 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fecb:1d41/64 scope link
valid_lft forever preferred_lft forever
19: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:a9:74:7e brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fea9:747e/64 scope link
valid_lft forever preferred_lft forever
20: vnet4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:0c:61:b9 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe0c:61b9/64 scope link
valid_lft forever preferred_lft forever
22: vnet5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:8d:d7:00 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe8d:d700/64 scope link
valid_lft forever preferred_lft forever
23: vnet6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:a2:02:5d brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fea2:25d/64 scope link
valid_lft forever preferred_lft forever
24: vnet7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:82:fc:6d brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe82:fc6d/64 scope link
valid_lft forever preferred_lft forever
25: katello-vm: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:2a:c0:b2 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe2a:c0b2/64 scope link
valid_lft forever preferred_lft forever
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 107 0 0 eno1
169.254.0.0 0.0.0.0 255.255.0.0 U 1009 0 0 bridge00
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 bridge00
192.168.1.0 0.0.0.0 255.255.255.0 U 107 0 0 eno1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr1
Code: Select all
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="dhcp"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eno1"
UUID="61f5f092-7dac-4c0f-84f9-4b14d74acda3"
DEVICE="eno1"
ONBOOT="yes"
Code: Select all
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp10s0f0
UUID=97284645-e66b-4c4e-bbce-d408b5ff1850
DEVICE=enp10s0f0
ONBOOT=yes
Code: Select all
33b59614-9304-4457-9270-3ea10b3e897e
Bridge "bridge00"
Port "bridge00"
Interface "bridge00"
type: internal
Port "vnet3"
tag: 70
Interface "vnet3"
Port "vnet4"
tag: 50
Interface "vnet4"
Port "vnet5"
Interface "vnet5"
Port "enp10s0f0"
Interface "enp10s0f0"
Port "vnet8"
tag: 50
Interface "vnet8"
error: "could not open network device vnet8 (No such device)"
Port "vnet6"
tag: 50
Interface "vnet6"
Port "vnet1"
tag: 50
Interface "vnet1"
Port "vnet0"
tag: 50
Interface "vnet0"
Port graylog-vm
tag: 50
Interface graylog-vm
Port katello-vm
tag: 50
Interface katello-vm
Port "vnet7"
tag: 50
Interface "vnet7"
ovs_version: "2.5.4"
Code: Select all
firewall {
all-ping enable
broadcast-ping disable
group {
network-group PROTECT_NEWORKS {
description ""
network 192.168.1.0/24
network 192.168.2.0/24
network 192.168.40.0/24
network 192.168.50.0/24
network 192.168.70.0/24
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name BLOCK_IN {
default-action accept
description ""
rule 1 {
action accept
description "Accepted Established/Related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "drop PROTECTED_NETWORKS"
destination {
group {
network-group PROTECT_NEWORKS
}
}
log disable
protocol all
}
}
name BLOCK_LOCAL {
default-action drop
description ""
rule 1 {
action accept
description "Accept DNS"
destination {
port 53
}
log disable
protocol udp
}
rule 2 {
action accept
description "Accept DHCP"
destination {
port 67
}
log disable
protocol udp
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 30 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.1.1/24
description "Local 2"
duplex auto
speed auto
vif 40 {
address 192.168.40.1/24
description "VLAN40 - WiFi"
}
vif 50 {
address 192.168.50.1/24
description "VLAN50 - Lab Servers"
}
vif 60 {
address 192.168.60.1/24
description "VLAN60 - Exposed Servers"
firewall {
in {
name BLOCK_IN
}
local {
name BLOCK_LOCAL
}
}
}
vif 70 {
address 192.168.70.1/24
description "VLAN70 - LXD Containers"
}
vif 99 {
address 192.168.99.1/24
description "VLAN99 - Management"
}
}
ethernet eth1 {
address dhcp
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.2.1/24
description Local
mtu 1500
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth0
rule 1 {
description pivpn
forward-to {
address 192.168.1.150
port 1194
}
original-port 1194
protocol udp
}
wan-interface eth1
}
service {
dhcp-relay {
interface eth0.60
interface eth0
interface eth0.50
interface eth0.40
server 192.168.1.143
}
dhcp-server {
disabled false
hostfile-update enable
shared-network-name LAN1 {
authoritative disable
subnet 192.168.1.0/24 {
bootfile-name pxelinux.0
bootfile-server 192.168.50.54
default-router 192.168.1.1
dns-server 192.168.1.1
domain-name piggah.lan
lease 86400
start 192.168.1.21 {
stop 192.168.1.240
}
static-mapping kvm-1 {
ip-address 192.168.1.147
mac-address 68:1c:a2:12:da:28
}
static-mapping kvm-2 {
ip-address 192.168.1.144
mac-address 40:2c:f4:e9:f4:14
}
static-mapping librenms {
ip-address 192.168.1.196
mac-address 52:54:00:8d:d7:00
}
static-mapping pi-rex {
ip-address 192.168.1.143
mac-address b8:27:eb:2c:24:ae
}
static-mapping pi-tron {
ip-address 192.168.1.150
mac-address b8:27:eb:35:58:dd
}
static-mapping piceratops {
ip-address 192.168.1.171
mac-address b8:27:eb:84:3a:2d
}
static-mapping piggahNAS {
ip-address 192.168.1.145
mac-address 24:5e:be:1d:99:bf
}
static-mapping plex-vm {
ip-address 192.168.1.140
mac-address 52:54:00:53:6f:78
}
subnet-parameters "filename "/pxe-boot/pxelinux.0";"
}
}
shared-network-name LAN2 {
authoritative disable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 192.168.2.1
domain-name piggah.lan
lease 86400
start 192.168.2.21 {
stop 192.168.2.240
}
}
}
shared-network-name VLAN40 {
authoritative disable
subnet 192.168.40.0/24 {
default-router 192.168.40.1
dns-server 192.168.40.1
domain-name piggah.lan
lease 86400
start 192.168.40.21 {
stop 192.168.40.240
}
static-mapping MacBookNF {
ip-address 192.168.40.24
mac-address 8c:85:90:66:1f:ef
}
}
}
shared-network-name VLAN50 {
authoritative disable
subnet 192.168.50.0/24 {
bootfile-name pxelinux.0
bootfile-server 192.168.50.54
default-router 192.168.50.1
dns-server 192.168.50.1
domain-name piggah.lan
lease 14400
start 192.168.50.21 {
stop 192.168.50.240
}
static-mapping freeipa {
ip-address 192.168.50.87
mac-address 52:54:00:3b:e4:43
}
static-mapping graylog {
ip-address 192.168.50.25
mac-address 52:54:00:e6:d7:88
}
static-mapping ipa {
ip-address 192.168.50.67
mac-address 52:54:00:cb:9d:8e
}
static-mapping katello {
ip-address 192.168.50.54
mac-address 52:54:00:2a:c0:b2
}
static-mapping rancher01 {
ip-address 192.168.50.97
mac-address 52:54:00:d6:d6:b7
}
}
}
shared-network-name VLAN60 {
authoritative disable
subnet 192.168.60.0/24 {
default-router 192.168.60.1
dns-server 192.168.60.1
domain-name piggah.pub
lease 86400
start 192.168.60.21 {
stop 192.168.60.240
}
}
}
shared-network-name VLAN70 {
authoritative disable
subnet 192.168.70.0/24 {
default-router 192.168.70.1
dns-server 192.168.70.1
domain-name piggah.dev
lease 26400
start 192.168.70.21 {
stop 192.168.70.240
}
}
}
shared-network-name VLAN99 {
authoritative disable
subnet 192.168.99.0/24 {
default-router 192.168.99.1
dns-server 192.168.99.1
domain-name piggah.mng
lease 86400
start 192.168.99.21 {
stop 192.168.99.240
}
}
}
static-arp disable
use-dnsmasq disable
}
dns {
forwarding {
cache-size 1000
listen-on eth0
listen-on switch0
listen-on eth0.60
listen-on eth0.50
listen-on eth0.40
listen-on eth0.70
listen-on eth0.99
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
outbound-interface eth1
type masquerade
}
}
snmp {
community Qz2a7yG39 {
authorization ro
}
}
ssh {
port 22
protocol-version v2
}
unms {
disable
}
}
system {
host-name ubnt
login {
user nick {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name "nick ferguson"
level admin
}
}
name-server 192.168.1.143
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat enable
ipsec enable
}
static-host-mapping {
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
host 192.168.50.25:7514 {
facility all {
level info
}
}
}
time-zone UTC
traffic-analysis {
dpi enable
export enable
}
}