Centos only responds to 1 NIC



  • This is a follow-on question to: https://what.thedailywtf.com/t/apache-reverse-proxy-w-ssl-downgrade/54500

    Our Centos 7 proxy needs to have 2 nics: one in the public firewalld zone, the other in the private firewalld zone.

    When we use just one nic everything works fine; when we attempt to enable the second nic, only one of the two nics is willing to respond to requests, and it appears to be random which will do that. i.e. one nic binds to all ports and there appears to be no rhyme or reason regarding which nic binds.

    Depending on the state, nmap tells us different ports are available (e.g. SSH is available on the private firewalld side, but not the public firewalld).

    We want the proxy to transit zones; we're obviously missing something in the configuration. Help would be appreciated.



  • I'm not an expert in the field, but is it possible you've accidentally given both NICs the same local IP address?



  • Some config files and logs (e.g. ifconfig) would make it easier.



  • We fixed it. Both NICs had:

    DEFAULTROUTE="yes"
    

    Because we're idiots, apparently.


  • Impossible Mission Players - A

    @rad131304 said:

    Both NICs had:

    Yay race conditions!



  • Nah, not really a race condition. I'm sure the network stack just looks for the first valid route in the routing table, and stopped at the first NIC listed since nothing else was on the table. However the system decided to list or enumerate the interfaces (device id, bus address, ip address, etc.) is how it arrived at the first usable route.

    Bottom line is that he told the server that both NICs were attached to routers that could reach any network address. For all it new, that was true.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.