0

Infrastructure setup:

  1. VPC is created with 192.168.254.0/24 netwok
  2. Private subnet within VPC (Virtual Private Cloud) is created with 192.168.254.0/25 network
  3. Public subnet within the VPC is created with 192.168.254.128/28 network
  4. There are 5 odd number of ubuntu servers in Private subnet which are accessing internet through the jump server (this is also a ubuntu server) created in Public subnet
  5. One web server is also there with the jump server in Public subnet.
  6. Only jump server and Web server which are in public subnet are associated with Elastic IP / Public IP. (both the servers have their own elastic / public ip's)

  7. Jump server has two private IP's from Public subnet assigned to 2 different physical ethernet adapters

    • 192.168.254.135 (eth0 - primary) this IP also has Elastic IP / Public IP assigned to it
    • 192.168.254.134 (eth1 - secondary) This IP does not have elastic IP assigned
  8. Web server which is in public subnet has private IP assigned 192.168.254.136
  9. All servers from Private subnet do not have internet gateway as their internet traffic is routed through the Jump Server which is in Public Subnet.
  10. Private subnet also does not have internet gateway assigned in it's route
  11. All servers from Private subnet are able to get internet connection successfully through the jump server without any issue.
  12. Complete range of Private subnet is allowed in Public Subnet though the routing and Security group i.e. firewall on all protocols and all ports and vice a versa from Public subnet to private subnet.
  13. All servers from Public subnet are able to ping or connect on 192.168.254.135 ip which primary IP of the jump server, but they are not able to ping the secondary ip which is 192.168.254.134
  14. From jump server I am able to ping both the Private Ip's assigned to it.
  15. Web Server which is in the Public subnet is also able to ping only primary IP of the jump server.
  16. Jump server is a t2.micro instance and as per aws documentation here we shall be able able use 2 physical NIC's with it.
  17. From Jump server we have allowed IPv4 forwarding and it is working fine.
  18. From jump server it shows both the NIC's are up and running

Below are few more details from Jump Server:

root@ip-192-168-254-135:~# ifup eth1 Internet Systems Consortium DHCP Client 4.2.4 Copyright 2004-2012 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Listening on LPF/eth1/0e:f8:f2:11:7d:bd Sending on LPF/eth1/0e:f8:f2:11:7d:bd Sending on Socket/fallback DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x651f3853) DHCPREQUEST of 192.168.254.134 on eth1 to 255.255.255.255 port 67 (xid=0x651f3853) DHCPOFFER of 192.168.254.134 from 192.168.254.129 DHCPACK of 192.168.254.134 from 192.168.254.129 bound to 192.168.254.134 -- renewal in 1602 seconds. root@ip-192-168-254-135:~# ifconfig -a | egrep 'eth|inet.*192.168' eth0 Link encap:Ethernet HWaddr 0e:1c:ca:ae:cd:3e inet addr:192.168.254.135 Bcast:192.168.254.143 Mask:255.255.255.240 eth1 Link encap:Ethernet HWaddr 0e:f8:f2:11:7d:bd inet addr:192.168.254.134 Bcast:192.168.254.143 Mask:255.255.255.240 root@ip-192-168-254-135:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.254.129 0.0.0.0 UG 0 0 0 eth0 192.168.254.128 0.0.0.0 255.255.255.240 U 0 0 0 eth0 192.168.254.128 0.0.0.0 255.255.255.240 U 0 0 0 eth1 root@ip-192-168-254-135:~# ip rule list 0: from all lookup local 32766: from all lookup main 32767: from all lookup default root@ip-192-168-254-135:~# ping -c2 192.168.254.134 PING 192.168.254.134 (192.168.254.134) 56(84) bytes of data. 64 bytes from 192.168.254.134: icmp_seq=1 ttl=64 time=0.031 ms 64 bytes from 192.168.254.134: icmp_seq=2 ttl=64 time=0.039 ms --- 192.168.254.134 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.031/0.035/0.039/0.004 ms root@ip-192-168-254-135:~# ip route list default via 192.168.254.129 dev eth0 192.168.254.128/28 dev eth0 proto kernel scope link src 192.168.254.135 192.168.254.128/28 dev eth1 proto kernel scope link src 192.168.254.134 root@ip-192-168-254-135:~# cat /etc/iproute2/rt_tables ###### ###### reserved values ###### 255 local 254 main 253 default 0 unspec ###### ###### local ###### ######1 inr.ruhep root@ip-192-168-254-135:~#

Can anyone explain me why we are not able to ping the secondary IP of the Jump server from anywhere apart than the jump server itself. All other servers from Private and Public subnet are able to ping jump servers Primary IP but not the secondary IP. Jump server and all other servers from both the subnets allow all incoming traffic / connections from all Subnets of the VPC from their respective local firewall.

Improve this question

1 Answer 1

Reset to default
0

You have 2 options to fix the problem.

1) Assign 2 IPs to eth0(it is possible from ec2 console), you will need to use "ip addr add ..." to configure the second IP. 2) Configure source based routing. Possible answer: https://superuser.com/questions/638044/source-based-policy-routing-nat-dnat-snat-aka-multi-wans-on-centos-5

Improve this answer
3
  • Hi, thanks for the answer though, I can't use this solution as I am going to use that virtual network adapter for some other purpose later :( Commented Dec 24, 2014 at 12:38
  • If you can keep the interfaces on separate subnets, that would also do the job. But I'm guessing that you don't want that. Commented Dec 24, 2014 at 12:50
  • Hi, Yes you are right, I am going to use four Private IP's but from Same subnet :( Commented Dec 25, 2014 at 3:45

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.