date:20100715

Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

2010-07-15 Thread Agblad Tore

-Original Message-
From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Mark Post
Sent: den 13 juli 2010 18:23
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

 On 7/13/2010 at 09:21 AM, Agblad Tore tore.agb...@volvo.com wrote: 
 My current suspicions is that somewhere a config default value
 specify that if two interfaces, use one as current and the other as backup
 Haven't verified that one yet, for the moment I'm preparing to clone a new
 server in our ip zone to verify it doesn't work here as well.

Check the contents of /etc/sysconfig/network/routes before and after adding 
the second interface.


Mark Post

I checked 'routes', only one row, and now I also have moved the SLES11 SP1 
machine into the same
subnet where the SLES10 SP2 is ( that works fine with three NICs, all possible
to login via)
And no change.
I believe I have now eliminated all network components like routers/switches and
firewalls, only different left is the version of SLES.

Below is the output from:
- uname -a
- cat /etc/*release
- cat /etc/sysconfig/network/routes
- route -n
- ifconfig
for both machines, first the one that is working ok (zlin1016)
and then the one where you only can login using one IP, for the moment
it is the last IP at eth2 (zlin0068).

Linux zlin1016 2.6.16.60-0.34-default #1 SMP Fri Jan 16 14:59:01 UTC 2009 s390x 
s390x s390x GNU/Linux
SUSE Linux Enterprise Server 10 (s390x)
VERSION = 10
PATCHLEVEL = 2
LSB_VERSION=core-2.0-noarch:core-3.0-noarch:core-2.0-s390x:core-3.0-s390x


r...@zlin1016# cat /etc/sysconfig/network/routes 
default 10.220.140.1 - - 

r...@zlin1016# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse Iface
10.220.140.00.0.0.0 255.255.255.0   U 0  00 eth0 
10.220.140.00.0.0.0 255.255.255.0   U 0  00 eth1 
10.220.140.00.0.0.0 255.255.255.0   U 0  00 eth2 
169.254.0.0 0.0.0.0 255.255.0.0 U 0  00 eth0 
127.0.0.0   0.0.0.0 255.0.0.0   U 0  00 lo   
0.0.0.0 10.220.140.10.0.0.0 UG0  00 eth2 

r...@zlin1016# ifconfig  
eth0  Link encap:Ethernet  HWaddr 02:03:00:00:00:14
  inet addr:10.220.140.16  Bcast:10.220.140.255  Mask:255.255.255.0
  inet6 addr: fe80::203:0:100:14/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1492  Metric:1
  RX packets:3660 errors:0 dropped:0 overruns:0 frame:0
  TX packets:41974354 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:12083896240 (11524.1 Mb)  TX bytes:8822526176 (8413.8 Mb)

eth1  Link encap:Ethernet  HWaddr 02:03:00:00:00:15
  inet addr:10.220.140.17  Bcast:10.220.140.255  Mask:255.255.255.0
  inet6 addr: fe80::203:0:100:15/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1492  Metric:1
  RX packets:3199688 errors:0 dropped:0 overruns:0 frame:0
  TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:2127853671 (2029.2 Mb)  TX bytes:986 (986.0 b)

eth2  Link encap:Ethernet  HWaddr 02:03:00:00:00:16
  inet addr:10.220.140.18  Bcast:10.220.140.255  Mask:255.255.255.0
  inet6 addr: fe80::203:0:100:16/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1492  Metric:1
  RX packets:6739712 errors:0 dropped:0 overruns:0 frame:0
  TX packets:8032013 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:4729306178 (4510.2 Mb)  TX bytes:10805899084 (10305.3 Mb)

loLink encap:Local Loopback
  inet addr:127.0.0.1  Mask:255.0.0.0
  inet6 addr: ::1/128 Scope:Host
  UP LOOPBACK RUNNING  MTU:16436  Metric:1
  RX packets:709047 errors:0 dropped:0 overruns:0 frame:0
  TX packets:709047 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:171713607 (163.7 Mb)  TX bytes:171713607 (163.7 Mb)

r...@zlin1016#




Linux zlin0068 2.6.32.12-0.7-default #1 SMP 2010-05-20 11:14:20 +0200 s390x 
s390x s390x GNU/Linux 
SUSE Linux Enterprise Server 11 (s390x) 
  
VERSION = 11
  
PATCHLEVEL = 1  
  
LSB_VERSION=core-2.0-noarch:core-3.2-noarch:core-4.0-noarch:core-2.0-s390x:core-3.2-s390x:core-4.0-s390x
addr:10.220.140.167  

zlin0068:~ # cat /etc/sysconfig/network/routes
default 10.220.140.1 - -  
zlin0068:~ #

Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

2010-07-15 Thread Agblad Tore

Ok, I have tried that now, had to be sure how to turn of
firewall first via VM console in case of no net at all.

No change, but now I get messages in the log (messages file)
with 'kernel: martian source my login ip not working from my PC ip address, 
on dev eth0' (or 1) 

martian source means a source IP that is not possible together with other 
ipconfig
( I have done some googling here ), so the kernel just refuse it.

But I don't get the reason here, it is not an 'impossible' source IP here.

I keep digging/googling

/Tore


___
Tore Agblad
Volvo Information Technology
Infrastructure Mainframe Design  Development, Linux servers
Dept 4352  DA1S 
SE-405 08, Gothenburg  Sweden

Telephone: +46-31-3233569
E-mail: tore.agb...@volvo.com

http://www.volvo.com/volvoit/global/en-gb/

-Original Message-
From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Amir 
Glaser
Sent: den 14 juli 2010 12:54
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

I've noticed that sometimes in various version of SuSE it is not enough
to turn the firewall off.  For some unknown reason (I haven't had the
time to look deeper into it), when you have several interfaces you have
to add them all to the internal zone, and only then turn the firewall
off (or keep it on if you wish).  I'm not sure this issue still exists
in SLES11 (as I've said - I haven't had the time to fully investigate
this), but I definitely experienced this on SLES9 and SLES10.

Thanks,

Amir Glaser

CSL-WAVE Development MGR



Tel:
+972 9 9540470, ext. 105
www.csl-int.com
Fax:
+972 9 9541452


-Original Message-
From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of
Agblad Tore
Sent: Tuesday, July 13, 2010 4:21 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Strange problems adding network adapter no 2 (eth1) in
SLES11 SP1

Yes , we took the easy way and turned the firewall off.
No luck :( 
My current suspicions is that somewhere a config default value
specify that if two interfaces, use one as current and the other as
backup
Haven't verified that one yet, for the moment I'm preparing to clone a
new
server in our ip zone to verify it doesn't work here as well.
Thank's anyway :)

___
Tore Agblad
Volvo Information Technology
Infrastructure Mainframe Design  Development, Linux servers
Dept 4352  DA1S 
SE-405 08, Gothenburg  Sweden

Telephone: +46-31-3233569
E-mail: tore.agb...@volvo.com

http://www.volvo.com/volvoit/global/en-gb/

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

2010-07-15 Thread Amir Glaser

OK,  do you have the firewall on or off now?  What happens if you try to
turn the firewall on with the new settings (all interfaces in the
internal zone)?
By the way - excuse me for the silly question, but is it at all possible
that you might have a conflicting IP address? (another server on the
network with the same IP address which does not support SSH)

Thanks,


Amir Glaser

CSL-WAVE Development MGR



Tel:
+972 9 9540470, ext. 105
www.csl-int.com
Fax:
+972 9 9541452


-Original Message-
From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of
Agblad Tore
Sent: Thursday, July 15, 2010 12:39 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Strange problems adding network adapter no 2 (eth1) in
SLES11 SP1

Ok, I have tried that now, had to be sure how to turn of
firewall first via VM console in case of no net at all.

No change, but now I get messages in the log (messages file)
with 'kernel: martian source my login ip not working from my PC ip
address, on dev eth0' (or 1) 

martian source means a source IP that is not possible together with
other ipconfig
( I have done some googling here ), so the kernel just refuse it.

But I don't get the reason here, it is not an 'impossible' source IP
here.

I keep digging/googling

/Tore


___
Tore Agblad
Volvo Information Technology
Infrastructure Mainframe Design  Development, Linux servers
Dept 4352  DA1S 
SE-405 08, Gothenburg  Sweden

Telephone: +46-31-3233569
E-mail: tore.agb...@volvo.com

http://www.volvo.com/volvoit/global/en-gb/

-Original Message-
From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of
Amir Glaser
Sent: den 14 juli 2010 12:54
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Strange problems adding network adapter no 2 (eth1) in
SLES11 SP1

I've noticed that sometimes in various version of SuSE it is not enough
to turn the firewall off.  For some unknown reason (I haven't had the
time to look deeper into it), when you have several interfaces you have
to add them all to the internal zone, and only then turn the firewall
off (or keep it on if you wish).  I'm not sure this issue still exists
in SLES11 (as I've said - I haven't had the time to fully investigate
this), but I definitely experienced this on SLES9 and SLES10.

Thanks,

Amir Glaser

CSL-WAVE Development MGR



Tel:
+972 9 9540470, ext. 105
www.csl-int.com
Fax:
+972 9 9541452


-Original Message-
From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of
Agblad Tore
Sent: Tuesday, July 13, 2010 4:21 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Strange problems adding network adapter no 2 (eth1) in
SLES11 SP1

Yes , we took the easy way and turned the firewall off.
No luck :( 
My current suspicions is that somewhere a config default value
specify that if two interfaces, use one as current and the other as
backup
Haven't verified that one yet, for the moment I'm preparing to clone a
new
server in our ip zone to verify it doesn't work here as well.
Thank's anyway :)

___
Tore Agblad
Volvo Information Technology
Infrastructure Mainframe Design  Development, Linux servers
Dept 4352  DA1S 
SE-405 08, Gothenburg  Sweden

Telephone: +46-31-3233569
E-mail: tore.agb...@volvo.com

http://www.volvo.com/volvoit/global/en-gb/

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 9.0.830 / Virus Database: 271.1.1/3006 - Release Date: 07/15/10
05:26:00

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

2010-07-15 Thread Steffen Maier

On 07/15/2010 11:39 AM, Agblad Tore wrote:
 Ok, I have tried that now, had to be sure how to turn of
 firewall first via VM console in case of no net at all.
 
 No change, but now I get messages in the log (messages file)
 with 'kernel: martian source my login ip not working from my PC ip 
 address, on dev eth0' (or 1) 
 
 martian source means a source IP that is not possible together with other 
 ipconfig
 ( I have done some googling here ), so the kernel just refuse it.
 
 But I don't get the reason here, it is not an 'impossible' source IP here.

Since you have multiple interfaces on the same subnet, things may be a
bit complicated.

The kernel message you get is from ip_handle_martian_source
[http://lxr.linux.no/#linux+v2.6.32/net/ipv4/route.c#L1915].
In your case I suspect it to be called by __mkroute_input
[http://lxr.linux.no/#linux+v2.6.32/net/ipv4/route.c#L1945]
after having checked the source IP address with fib_validate_source
[http://lxr.linux.no/#linux+v2.6.32/net/ipv4/fib_frontend.c#L223].
The latter does a reverse path filtering check among other things.
Having multiple interface on the same subnet, with strict reverse
path filtering, only packets are allowed that have:
destination IP of packet == source IP of route table lookup with
source IP of packet as destination IP key for table lookup.

Depending on which of your eth{0,1,2} ends up having the first
routing table entry for the subnet, only traffic sent to this IP is
allowed but all other traffic from the same subnet ends up giving you
the above kernel message and the packets are dropped.

You can check if my assumption is valid with the following command:
tail /proc/sys/net/ipv4/conf/*/rp_filter
If it contains 1 for strict rp_filter on all eth{0,1,2} with SLES11SP1
but not with SLES10 then that may be the difference.

Do you really need multiple interfaces in the same subnet?
If so, you may configure loose rp_filter by writing 2 into the above
sysctl files (persistent config may be done with /etc/sysctl.conf)
[http://lxr.linux.no/#linux+v2.6.32/Documentation/networking/ip-sysctl.txt#L726].

Steffen

Linux on System z Development

IBM Deutschland Research  Development GmbH
Vorsitzender des Aufsichtsrats: Martin Jetter
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

2010-07-15 Thread Agblad Tore

I tried with firewall on and off, and with all interfaces in external zone, fw 
on and off.
No ip conflict I assume since we can influence what NIC to be active, all of 
them works
but only one at a time :(

and that is not a silly question, my experince is that often the error is to 
simple !
meaning somebody did not ask those silly questions

I think I go for that 'martian source' message. Obviously this is the reason 
the ssh login
is refused, I just have figure out why.
Since we use Layer3 network here, we know that MACaddress as seen from outside 
is the same
for all three NICs, that might be the reason it is considered an impossible 
source ip address.
Hmm

Cordialement / Vriendelijke Groeten / Best Regards / Med Vänliga Hälsningar
  Tore Agblad

   Volvo Information Technology
   Infrastructure Mainframe Design  Development
   SE-405 08, Gothenburg  Sweden
   E-mail: tore.agb...@volvo.com

   http://www.volvo.com/volvoit/global/en-gb/

From: Linux on 390 Port [linux-...@vm.marist.edu] On Behalf Of Amir Glaser 
[a...@csl-int.com]
Sent: Thursday, July 15, 2010 13:11
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

OK,  do you have the firewall on or off now?  What happens if you try to
turn the firewall on with the new settings (all interfaces in the
internal zone)?
By the way - excuse me for the silly question, but is it at all possible
that you might have a conflicting IP address? (another server on the
network with the same IP address which does not support SSH)

Thanks,


Amir Glaser

CSL-WAVE Development MGR



Tel:
+972 9 9540470, ext. 105
www.csl-int.com
Fax:
+972 9 9541452


-Original Message-
From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of
Agblad Tore
Sent: Thursday, July 15, 2010 12:39 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Strange problems adding network adapter no 2 (eth1) in
SLES11 SP1

Ok, I have tried that now, had to be sure how to turn of
firewall first via VM console in case of no net at all.

No change, but now I get messages in the log (messages file)
with 'kernel: martian source my login ip not working from my PC ip
address, on dev eth0' (or 1)

martian source means a source IP that is not possible together with
other ipconfig
( I have done some googling here ), so the kernel just refuse it.

But I don't get the reason here, it is not an 'impossible' source IP
here.

I keep digging/googling

/Tore


___
Tore Agblad
Volvo Information Technology
Infrastructure Mainframe Design  Development, Linux servers
Dept 4352  DA1S
SE-405 08, Gothenburg  Sweden

Telephone: +46-31-3233569
E-mail: tore.agb...@volvo.com

http://www.volvo.com/volvoit/global/en-gb/

-Original Message-
From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of
Amir Glaser
Sent: den 14 juli 2010 12:54
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Strange problems adding network adapter no 2 (eth1) in
SLES11 SP1

I've noticed that sometimes in various version of SuSE it is not enough
to turn the firewall off.  For some unknown reason (I haven't had the
time to look deeper into it), when you have several interfaces you have
to add them all to the internal zone, and only then turn the firewall
off (or keep it on if you wish).  I'm not sure this issue still exists
in SLES11 (as I've said - I haven't had the time to fully investigate
this), but I definitely experienced this on SLES9 and SLES10.

Thanks,

Amir Glaser

CSL-WAVE Development MGR



Tel:
+972 9 9540470, ext. 105
www.csl-int.com
Fax:
+972 9 9541452


-Original Message-
From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of
Agblad Tore
Sent: Tuesday, July 13, 2010 4:21 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Strange problems adding network adapter no 2 (eth1) in
SLES11 SP1

Yes , we took the easy way and turned the firewall off.
No luck :(
My current suspicions is that somewhere a config default value
specify that if two interfaces, use one as current and the other as
backup
Haven't verified that one yet, for the moment I'm preparing to clone a
new
server in our ip zone to verify it doesn't work here as well.
Thank's anyway :)

___
Tore Agblad
Volvo Information Technology
Infrastructure Mainframe Design  Development, Linux servers
Dept 4352  DA1S
SE-405 08, Gothenburg  Sweden

Telephone: +46-31-3233569
E-mail: tore.agb...@volvo.com

http://www.volvo.com/volvoit/global/en-gb/

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

2010-07-15 Thread Amir Glaser

Hi,

I'm guessing you meant internal zone and not external zone?  Another 
question - is there ping to the other interfaces?  Do you get the same Martian 
Source messages when you attempt to ping as well?

The fact that you're getting something (the Martian Source message) when trying 
to access the other interfaces, tells me that there's nothing wrong with the 
routing/ARP lookup/etc. but rather something internal to the Linux - this is 
why I'm pursuing the firewall issue.  Steffen's idea also makes sense because 
all your interfaces are on the same IP segement.

Thanks,


Amir Glaser

CSL-WAVE Development MGR



Tel:
+972 9 9540470, ext. 105
www.csl-int.com
Fax:
+972 9 9541452



-Original Message-
From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Agblad 
Tore
Sent: Thursday, July 15, 2010 2:16 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

I tried with firewall on and off, and with all interfaces in external zone, fw 
on and off.
No ip conflict I assume since we can influence what NIC to be active, all of 
them works
but only one at a time :(

and that is not a silly question, my experince is that often the error is to 
simple !
meaning somebody did not ask those silly questions

I think I go for that 'martian source' message. Obviously this is the reason 
the ssh login
is refused, I just have figure out why.
Since we use Layer3 network here, we know that MACaddress as seen from outside 
is the same
for all three NICs, that might be the reason it is considered an impossible 
source ip address.
Hmm

Cordialement / Vriendelijke Groeten / Best Regards / Med Vänliga Hälsningar
  Tore Agblad

   Volvo Information Technology
   Infrastructure Mainframe Design  Development
   SE-405 08, Gothenburg  Sweden
   E-mail: tore.agb...@volvo.com

   http://www.volvo.com/volvoit/global/en-gb/

From: Linux on 390 Port [linux-...@vm.marist.edu] On Behalf Of Amir Glaser 
[a...@csl-int.com]
Sent: Thursday, July 15, 2010 13:11
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

OK,  do you have the firewall on or off now?  What happens if you try to
turn the firewall on with the new settings (all interfaces in the
internal zone)?
By the way - excuse me for the silly question, but is it at all possible
that you might have a conflicting IP address? (another server on the
network with the same IP address which does not support SSH)

Thanks,


Amir Glaser

CSL-WAVE Development MGR



Tel:
+972 9 9540470, ext. 105
www.csl-int.com
Fax:
+972 9 9541452


-Original Message-
From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of
Agblad Tore
Sent: Thursday, July 15, 2010 12:39 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Strange problems adding network adapter no 2 (eth1) in
SLES11 SP1

Ok, I have tried that now, had to be sure how to turn of
firewall first via VM console in case of no net at all.

No change, but now I get messages in the log (messages file)
with 'kernel: martian source my login ip not working from my PC ip
address, on dev eth0' (or 1)

martian source means a source IP that is not possible together with
other ipconfig
( I have done some googling here ), so the kernel just refuse it.

But I don't get the reason here, it is not an 'impossible' source IP
here.

I keep digging/googling

/Tore


___
Tore Agblad
Volvo Information Technology
Infrastructure Mainframe Design  Development, Linux servers
Dept 4352  DA1S
SE-405 08, Gothenburg  Sweden

Telephone: +46-31-3233569
E-mail: tore.agb...@volvo.com

http://www.volvo.com/volvoit/global/en-gb/

-Original Message-
From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of
Amir Glaser
Sent: den 14 juli 2010 12:54
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Strange problems adding network adapter no 2 (eth1) in
SLES11 SP1

I've noticed that sometimes in various version of SuSE it is not enough
to turn the firewall off.  For some unknown reason (I haven't had the
time to look deeper into it), when you have several interfaces you have
to add them all to the internal zone, and only then turn the firewall
off (or keep it on if you wish).  I'm not sure this issue still exists
in SLES11 (as I've said - I haven't had the time to fully investigate
this), but I definitely experienced this on SLES9 and SLES10.

Thanks,

Amir Glaser

CSL-WAVE Development MGR



Tel:
+972 9 9540470, ext. 105
www.csl-int.com
Fax:
+972 9 9541452


-Original Message-
From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of
Agblad Tore
Sent: Tuesday, July 13, 2010 4:21 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Strange problems adding network adapter no 2 (eth1) in
SLES11 SP1

Yes , we took the easy way and turned the firewall off.
No luck :(
My current suspicions is that somewhere a config default value
specify that if

Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

2010-07-15 Thread Alan Altmark

On Thursday, 07/15/2010 at 04:18 EDT, Agblad Tore tore.agb...@volvo.com
wrote:
 I checked 'routes', only one row, and now I also have moved the SLES11
SP1
 machine into the same
 subnet where the SLES10 SP2 is ( that works fine with three NICs, all
possible
 to login via)
 And no change.

On a VSWITCH there is no point in having more than one virtual NIC on the
same subnet (LAN segment).  All you're doing is creating more work for
Linux.  Get rid of eth1 and eth2.

I mean, it's not like you can have an isolated vNIC failure or
accidentally unplug it!

Alan Altmark
z/VM Development
IBM Endicott

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

2010-07-15 Thread Tom Duerbusch

When the thoughts went to a firewall problem, I don't recall that YaSTfirewall2 
is enabled by default in SLES 11 SP1 was discussed.  I think only networking 
firewalls have been discussed.

That caught me yesterday.

Try
YaSTfirewall2 status
to see if it is running.

YaSTfirewall2 stop
to stop it.

Then test again.


Tom Duerbusch
THD Consulting

Sent via BlackBerry by ATT

-Original Message-
From: Alan Altmark alan_altm...@us.ibm.com
Sender: Linux on 390 Port LINUX-390@VM.MARIST.EDU
Date: Thu, 15 Jul 2010 08:34:38 
To: LINUX-390@VM.MARIST.EDU
Reply-To: Linux on 390 Port LINUX-390@VM.MARIST.EDU
Subject: Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

On Thursday, 07/15/2010 at 04:18 EDT, Agblad Tore tore.agb...@volvo.com
wrote:
 I checked 'routes', only one row, and now I also have moved the SLES11
SP1
 machine into the same
 subnet where the SLES10 SP2 is ( that works fine with three NICs, all
possible
 to login via)
 And no change.

On a VSWITCH there is no point in having more than one virtual NIC on the
same subnet (LAN segment).  All you're doing is creating more work for
Linux.  Get rid of eth1 and eth2.

I mean, it's not like you can have an isolated vNIC failure or
accidentally unplug it!

Alan Altmark
z/VM Development
IBM Endicott

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1

8 matches

Site Navigation

Mail list logo

Footer information