[Keine Lösung] Mehrere IP-Adressen auf einem Interface

[Njuguna]

Hi,

ich versuche einem Debian 12 an die Bridge vmbr0 mehrere IP-Adressen zu zuweisen.
Meine ENI:

Code: Alles auswählen

auto lo
iface lo inet loopback

iface enp65s0f1 inet manual

iface enp65s0f0 inet manual

iface eno1np0 inet manual

iface eno2np1 inet manual

auto vmbr0
iface vmbr0 inet static
        address xxx.yy.zz.66/26
        gateway xxx.yy.zz.65
        pointopoint xxx.yy.zz.65
        bridge-ports enp65s0f1
        bridge-stp off
        bridge-fd 0
          up ip route add xxx.yy.zz.70/26 dev vmbr0
          up ip route add xxx.yy.zz.72/26 dev vmbr0
          up ip route add xxx.yy.zz.75/26 dev vmbr0
          up ip route add xxx.yy.zz.79/26 dev vmbr0
          up ip route add xxx.yy.zz.80/26 dev vmbr0
          up ip route add xxx.yy.zz.84/26 dev vmbr0
          up ip route add xxx.yy.zz.85/26 dev vmbr0
          up ip route add xxx.yy.zz.71/26 dev vmbr0
          up ip route add xxx.yy.zz.73/26 dev vmbr0
          up ip route add xxx.yy.zz.74/26 dev vmbr0
          up ip route add xxx.yy.zz.81/26 dev vmbr0
          up ip route add xxx.yy.zz.82/26 dev vmbr0
          up ip route add xxx.yy.zz.83/26 dev vmbr0
        dns-nameserver 8.8.4.4 8.8.8.8 9.9.9.9

auto vmbr1
iface vmbr1 inet static
        address 192.168.1.66/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

oder diese Version:

Code: Alles auswählen

auto lo
iface lo inet loopback

iface enp65s0f1 inet manual

iface enp65s0f0 inet manual

iface eno1np0 inet manual

iface eno2np1 inet manual

auto vmbr0
iface vmbr0 inet static
        address xxx.yy.zz.66/26
        gateway xxx.yy.zz.65
        pointopoint xxx.yy.zz.65
        addresses-srv1 xxx.yy.zz.70/26
        addresses-srv2 xxx.yy.zz.72/26
        addresses-srv3 xxx.yy.zz.75/26
        addresses-srv4 xxx.yy.zz.79/26
        addresses-srv5 xxx.yy.zz.80/26
        addresses-srv6 xxx.yy.zz.84/26
        addresses-srv6 xxx.yy.zz.85/26
        addresses-unused1 xxx.yy.zz.71/26
        addresses-unused2 xxx.yy.zz.73/26
        addresses-unused3 xxx.yy.zz.74/26
        addresses-unused4 xxx.yy.zz.81/26
        addresses-unused5 xxx.yy.zz.82/26
        addresses-unused6 xxx.yy.zz.83/26
        bridge-ports enp65s0f1
        bridge-stp off
        bridge-fd 0
        dns-nameserver 8.8.4.4 8.8.8.8 9.9.9.9
        create_alias_devices yes
        label_addresses yes

auto vmbr1
iface vmbr1 inet static
        address 192.168.1.66/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0      

Diese beiden ENIs funktionieren nach einem Neustart des Networking-Service nicht.

Code: Alles auswählen

ip addr show vmbr0
26: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 04:32:01:01:64:29 brd ff:ff:ff:ff:ff:ff
    inet xxx.yy.zz.66 peer xxx.yy.zz.65/32 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::632:1ff:fe01:6429/64 scope link 
       valid_lft forever preferred_lft forever

Dagegen funktioniert das direkte Zuweisen

Code: Alles auswählen

ip addr add xxx.yy.zz.84/26 dev vmbr0
ip addr add xxx.yy.zz.85/26 dev vmbr0

Code: Alles auswählen

ip addr show vmbr0
vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 04:32:01:01:64:29 brd ff:ff:ff:ff:ff:ff
    inet xxx.yy.zz.66 peer xxx.yy.zz.65/32 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet xxx.yy.zz.84/26 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet xxx.yy.zz.85/26 scope global secondary vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::632:1ff:fe01:6429/64 scope link 
       valid_lft forever preferred_lft forever

Was habe ich übersehen, dass die Konfiguration aus der Datei /etc/network/interfaces nicht übernommen wird? Das manuelle Zuweisen ist etwas umständlich.

Grüße
Njuguna

[mludwig]

Statt des ip route add (warum eigentlich?) würde ich ja den Befehl des manuellen zuweisens in die interfaces schreiben. Also statt

Code: Alles auswählen

up ip route add ...

dann so etwas

Code: Alles auswählen

up ip addr add ...

[Njuguna]

Statt des ip route add (warum eigentlich?) würde ich ja den Befehl des manuellen zuweisens in die interfaces schreiben. Also statt

Code: Alles auswählen

up ip route add ...

dann so etwas

Code: Alles auswählen

up ip addr add ...

Ja, stimmt. Da hatte ich was falsch abgeschrieben.
Danke für Deine Aufmerksamkeit.

[bluestar]

Deine Konfig sieht nach Hetzner aus, was willst du denn genau bauen?

[Njuguna]

Deine Konfig sieht nach Hetzner aus, was willst du denn genau bauen?

Da habe ich es auch her.
Ich habe einen KVM-Host an einem Netzwerk-Switch mit einer Verbindung zu diesem. Der Switch ist das Gateway und die zusätzlichen IP-Adressen sind für die VMs gedacht, die alle in einem internen 192.168.1.0 Netzwerk an einer zweiten Bridge vmbr1 hängen. Externe IP-Adressen werden über eine Firewall (Shorewall) genattet.
Das wäre mein Szenario.

[bluestar]

Was mit an deinem Setup auffällt, du hast komische IPs in Verwendung. Das /26 würde bei xxx.yy.zz.64 beginnen.

Code: Alles auswählen

xxx.yy.zz.70/26

Falls du ein geroutetes Subnetz bei Hetzner hast, kannst du auch statt der /26 als Subnetzmaske die /32 verwenden somit kannst du die IP-Adressen für Netzwerk und Broadcast auch verwenden, d.h. aus einem /26 würden dann 64 nutzbare IPs statt 62.

[Njuguna]

Was mit an deinem Setup auffällt, du hast komische IPs in Verwendung. Das /26 würde bei xxx.yy.zz.64 beginnen.

Code: Alles auswählen

xxx.yy.zz.70/26

Falls du ein geroutetes Subnetz bei Hetzner hast, kannst du auch statt der /26 als Subnetzmaske die /32 verwenden somit kannst du die IP-Adressen für Netzwerk und Broadcast auch verwenden, d.h. aus einem /26 würden dann 64 nutzbare IPs statt 62.

Nein,
ich habe den Server nicht bei Hetzner, der gehört einem Kumpel, den ihn in einem Rechenzentrum selber angeschlossen hat. Aussage war, dass "xxx.yy.zz.66/26" also Subnetmaske 255.255.255.192 hat. Der Switch (Gateway) ist die xxx.yy.zz.65. Ich bin jetzt davon ausgegangen, dass ich bei den weiteren IPs nicht größer werden kann als /26. Was bei Nachdenken Quatsch ist, weil diese IP's bereits Teilmenge von 255.255.255.192 sind.

Auf https://cidr-rechner.de/ kann man eben genau xxx.yy.zz.66/26 eingeben und erhält xxx.yy.zz.65 als erste IP und als Letzte xxx.yy.zz.126.

[mat6937]

Auf https://cidr-rechner.de/ kann man eben genau xxx.yy.zz.66/26 eingeben und erhält xxx.yy.zz.65 als erste IP und als Letzte xxx.yy.zz.126.

BTW: Das geht auch lokal:

Code: Alles auswählen

:~$ ipcalc --nocolor  222.222.222.66/26
Address:   222.222.222.66       11011110.11011110.11011110.01 000010
Netmask:   255.255.255.192 = 26 11111111.11111111.11111111.11 000000
Wildcard:  0.0.0.63             00000000.00000000.00000000.00 111111
=>
Network:   222.222.222.64/26    11011110.11011110.11011110.01 000000
HostMin:   222.222.222.65       11011110.11011110.11011110.01 000001
HostMax:   222.222.222.126      11011110.11011110.11011110.01 111110
Broadcast: 222.222.222.127      11011110.11011110.11011110.01 111111
Hosts/Net: 62                    Class C

[Njuguna]

Cool, sehr gut!

[Njuguna]

Also diese Version

Code: Alles auswählen

auto lo
iface lo inet loopback

iface enp65s0f1 inet manual

iface enp65s0f0 inet manual

iface eno1np0 inet manual

iface eno2np1 inet manual

auto vmbr0
iface vmbr0 inet static
        address xxx.yy.zz.66/26
        gateway xxx.yy.zz.65
        pointopoint xxx.yy.zz.65
        bridge-ports enp65s0f1
        bridge-stp off
        bridge-fd 0
          up ip route add -host xxx.yy.zz.70/32 dev vmbr0
          up ip route add -host xxx.yy.zz.72/32 dev vmbr0
          up ip route add -host xxx.yy.zz.75/32 dev vmbr0
          up ip route add -host xxx.yy.zz.79/32 dev vmbr0
          up ip route add -host xxx.yy.zz.80/32 dev vmbr0
          up ip route add -host xxx.yy.zz.84/32 dev vmbr0
          up ip route add -host xxx.yy.zz.85/32 dev vmbr0
          up ip route add -host xxx.yy.zz.71/32 dev vmbr0
          up ip route add -host xxx.yy.zz.73/32 dev vmbr0
          up ip route add -host xxx.yy.zz.74/32 dev vmbr0
          up ip route add -host xxx.yy.zz.81/32 dev vmbr0
          up ip route add -host xxx.yy.zz.82/32 dev vmbr0
          up ip route add -host xxx.yy.zz.83/32 dev vmbr0
        dns-nameserver 8.8.4.4 8.8.8.8 9.9.9.9

auto vmbr1
iface vmbr1 inet static
        address 192.168.1.66/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

klappt jetzt. Die Version mit

Code: Alles auswählen

up ip addr add

klappt nicht.
Allerdings musste ich noch in der systctl.conf

Code: Alles auswählen

net.ipv4.ip_forward=1

freigeben und

Code: Alles auswählen

sysctl --system

machen.
Intern lassen sich alle 192.168.1.71 bis 192.168.1.83 anpingen, sofern sie laufen und extern xxx.yy.zz.XX auch bis auf xxx.yy.zz.71.
Hier kommt

Code: Alles auswählen

ping xxx.yy.zz.71
PING xxx.yy.zz.71 (xxx.yy.zz.71) 56(84) bytes of data.
From xxx.yy.zz.66 icmp_seq=1 Time to live exceeded
From xxx.yy.zz.66 icmp_seq=2 Time to live exceeded
From xxx.yy.zz.66 icmp_seq=3 Time to live exceeded

Von dieser VM kann aber nach außen alles angepingt werden. Das ist jetzt neu, da diese IP bereits funktioniert hatte.

[bluestar]

Also diese Version

Code: Alles auswählen

iface vmbr0 inet static
        address xxx.yy.zz.66/26
        gateway xxx.yy.zz.65
        pointopoint xxx.yy.zz.65
        bridge-ports enp65s0f1
        bridge-stp off
        bridge-fd 0
          up ip route add -host xxx.yy.zz.70/32 dev vmbr0
          up ip route add -host xxx.yy.zz.72/32 dev vmbr0
          up ip route add -host xxx.yy.zz.75/32 dev vmbr0
          up ip route add -host xxx.yy.zz.79/32 dev vmbr0
          up ip route add -host xxx.yy.zz.80/32 dev vmbr0
          up ip route add -host xxx.yy.zz.84/32 dev vmbr0
          up ip route add -host xxx.yy.zz.85/32 dev vmbr0
          up ip route add -host xxx.yy.zz.71/32 dev vmbr0
          up ip route add -host xxx.yy.zz.73/32 dev vmbr0
          up ip route add -host xxx.yy.zz.74/32 dev vmbr0
          up ip route add -host xxx.yy.zz.81/32 dev vmbr0
          up ip route add -host xxx.yy.zz.82/32 dev vmbr0
          up ip route add -host xxx.yy.zz.83/32 dev vmbr0
        dns-nameserver 8.8.4.4 8.8.8.8 9.9.9.9

Das ist eine Konfiguration für ein geroutetes Setup, und ja in diesem Falle brauchst du, wie schon erkannt net.ipv4.ip_forward=1. Deine Shorewall Konfigruation fehlt in deinem Post leider komplett und bei deiner Ping Ausgabe ist leider nicht erkenntlich von wo du den Ping absetzt.

Code: Alles auswählen

ping xxx.yy.zz.71
PING xxx.yy.zz.71 (xxx.yy.zz.71) 56(84) bytes of data.
From xxx.yy.zz.66 icmp_seq=1 Time to live exceeded
From xxx.yy.zz.66 icmp_seq=2 Time to live exceeded
From xxx.yy.zz.66 icmp_seq=3 Time to live exceeded

[Njuguna]

Ich setze den Ping von einem komplett anderen Rechner ab, also von aussen.
Aber Danke, das Problem hat sich quasi von selbst gelöst. In der Shorewall-Config stand in der entsprechenden IP-Adresse noch eine alte Ziffer drin.

Jetzt habe ich das soweit, wie ich es brauche.

[Njuguna]

Auch wenn es immer wieder einmal geklappt hatte, irgendwie ist hier der Wurm drin.
Ich weiß nicht, was da falsch läuft, mal kann ich intern keine Maschine im 192.168.1.0er Netz anpingen, dann geht das zwar wieder, aber aus dem Internet sind die VMs nicht über die externen IPs erreichbar.
Ich mache immer wieder Reboots des KVM-Host. Jetzt im Moment bin ich glücklich, intern lassen sich alle VMs bis auf eine anpingen und aus dem Internet auch. Aber wie sieht das nach dem nächsten Reboot aus?

Hier noch einmal meine Config auf dem KVM-Host:

Code: Alles auswählen

auto lo
iface lo inet loopback

iface enp65s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
        address xxx.yy.zz.66/26
        gateway xxx.yy.zz.65
        pointopoint xxx.yy.zz.65
        bridge-ports enp65s0f1
        bridge-stp off
        bridge-fd 0
          up ip route add -host xxx.yy.zz.70/32 dev vmbr0
          up ip route add -host xxx.yy.zz.72/32 dev vmbr0
          up ip route add -host xxx.yy.zz.75/32 dev vmbr0
          up ip route add -host xxx.yy.zz.79/32 dev vmbr0
          up ip route add -host xxx.yy.zz.80/32 dev vmbr0
          up ip route add -host xxx.yy.zz.84/32 dev vmbr0
          up ip route add -host xxx.yy.zz.85/32 dev vmbr0
          up ip route add -host xxx.yy.zz.71/32 dev vmbr0
          up ip route add -host xxx.yy.zz.73/32 dev vmbr0
          up ip route add -host xxx.yy.zz.74/32 dev vmbr0
          up ip route add -host xxx.yy.zz.81/32 dev vmbr0
          up ip route add -host xxx.yy.zz.82/32 dev vmbr0
          up ip route add -host xxx.yy.zz.83/32 dev vmbr0
        dns-nameserver 8.8.4.4 8.8.8.8 9.9.9.9

auto vmbr1
iface vmbr1 inet static
        address 192.168.1.66/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

Das Forwarding ist aktiviert:

Code: Alles auswählen

# cat /proc/sys/net/ipv4/ip_forward
1

Aktuelle lauffähige Situation

Code: Alles auswählen

ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: enp65s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether 04:32:01:01:64:29 brd ff:ff:ff:ff:ff:ff
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 04:32:01:01:64:29 brd ff:ff:ff:ff:ff:ff
    inet xxx.yy.zz.66 peer xxx.yy.zz.65/32 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::632:1ff:fe01:6429/64 scope link 
       valid_lft forever preferred_lft forever
4: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 7a:f8:9e:40:57:9b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.66/24 scope global vmbr1
       valid_lft forever preferred_lft forever
    inet6 fe80::78f8:9eff:fe40:579b/64 scope link 
       valid_lft forever preferred_lft forever
5: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr1 state UNKNOWN group default qlen 1000
    link/ether b2:f1:07:f3:b5:63 brd ff:ff:ff:ff:ff:ff
6: tap102i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr1 state UNKNOWN group default qlen 1000
    link/ether ea:5d:24:91:f2:38 brd ff:ff:ff:ff:ff:ff
7: tap103i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr1 state UNKNOWN group default qlen 1000
    link/ether ee:98:53:16:f7:4e brd ff:ff:ff:ff:ff:ff
8: tap104i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr104i0 state UNKNOWN group default qlen 1000
    link/ether 32:0f:79:a6:ef:05 brd ff:ff:ff:ff:ff:ff
9: fwbr104i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ca:3d:d0:57:ad:67 brd ff:ff:ff:ff:ff:ff
10: fwpr104p0@fwln104i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1 state UP group default qlen 1000
    link/ether 1a:c9:da:7b:f5:11 brd ff:ff:ff:ff:ff:ff
11: fwln104i0@fwpr104p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr104i0 state UP group default qlen 1000
    link/ether 8a:0f:c2:f2:2d:d3 brd ff:ff:ff:ff:ff:ff
12: tap105i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr105i0 state UNKNOWN group default qlen 1000
    link/ether de:13:08:96:a8:08 brd ff:ff:ff:ff:ff:ff
13: fwbr105i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 3e:78:2c:d7:02:b5 brd ff:ff:ff:ff:ff:ff
14: fwpr105p0@fwln105i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1 state UP group default qlen 1000
    link/ether 7e:b6:47:06:15:b0 brd ff:ff:ff:ff:ff:ff
15: fwln105i0@fwpr105p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr105i0 state UP group default qlen 1000
    link/ether 52:57:cf:b1:f5:80 brd ff:ff:ff:ff:ff:ff
16: tap106i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr1 state UNKNOWN group default qlen 1000
    link/ether 8a:95:b5:52:36:c2 brd ff:ff:ff:ff:ff:ff
17: tap107i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr107i0 state UNKNOWN group default qlen 1000
    link/ether 42:9c:2c:0f:c7:b2 brd ff:ff:ff:ff:ff:ff
18: fwbr107i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether de:63:9c:40:3a:5b brd ff:ff:ff:ff:ff:ff
19: fwpr107p0@fwln107i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether ea:ad:71:68:fc:18 brd ff:ff:ff:ff:ff:ff
20: fwln107i0@fwpr107p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr107i0 state UP group default qlen 1000
    link/ether ee:5a:25:51:ad:0b brd ff:ff:ff:ff:ff:ff

Das Nat in der Shorewall

Code: Alles auswählen

# shorewall show nat
Shorewall 5.2.8 NAT Table at neckar1 - Wed Oct 11 04:47:55 PM CEST 2023

Counters reset Wed Oct 11 04:34:53 PM CEST 2023

Chain PREROUTING (policy ACCEPT 4568 packets, 253K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 4089  164K net_dnat   0    --  vmbr0  *       0.0.0.0/0            0.0.0.0/0           
  476 17982 DNAT       0    --  *      *       0.0.0.0/0            xxx.yy.zz.70         to:192.168.1.70
   84  3975 DNAT       0    --  *      *       0.0.0.0/0            xxx.yy.zz.72         to:192.168.1.72
  394 14977 DNAT       0    --  *      *       0.0.0.0/0            xxx.yy.zz.75         to:192.168.1.75
   71  3063 DNAT       0    --  *      *       0.0.0.0/0            xxx.yy.zz.79         to:192.168.1.79
   60  2574 DNAT       0    --  *      *       0.0.0.0/0            xxx.yy.zz.80         to:192.168.1.80
  232 14230 DNAT       0    --  *      *       0.0.0.0/0            xxx.yy.zz.84         to:192.168.1.84
   75  3266 DNAT       0    --  *      *       0.0.0.0/0            xxx.yy.zz.85         to:192.168.1.85

Chain INPUT (policy ACCEPT 655 packets, 25886 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 71 packets, 5416 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 3008 packets, 122K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1150 85599 SNAT       0    --  *      *       192.168.1.70         0.0.0.0/0            to:xxx.yy.zz.70
   18  1179 SNAT       0    --  *      *       192.168.1.72         0.0.0.0/0            to:xxx.yy.zz.72
  162 10692 SNAT       0    --  *      *       192.168.1.75         0.0.0.0/0            to:xxx.yy.zz.75
    6   447 SNAT       0    --  *      *       192.168.1.79         0.0.0.0/0            to:xxx.yy.zz.79
    0     0 SNAT       0    --  *      *       192.168.1.80         0.0.0.0/0            to:xxx.yy.zz.80
  301 26280 SNAT       0    --  *      *       192.168.1.84         0.0.0.0/0            to:xxx.yy.zz.84
  148 16326 SNAT       0    --  *      *       192.168.1.85         0.0.0.0/0            to:xxx.yy.zz.85

Chain net_dnat (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:52070 /* SSH */ to:192.168.1.70
    0     0 DNAT       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:52072 /* SSH */ to:192.168.1.72
    0     0 DNAT       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:52079 /* SSH */ to:192.168.1.79
    0     0 DNAT       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:52080 /* SSH */ to:192.168.1.80
    7   930 DNAT       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:16384:32768 to:192.168.1.80

Die Netzwerk-Config auf allen VMs ausser bei einem Ubuntu

Code: Alles auswählen

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug ens18
iface ens18 inet static
        address 192.168.1.70/24
        gateway 192.168.1.66
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 9.9.9.9
        dns-search example.tld

Hier ändert jeweils nur das letzte Oktett in der IP. Die VM mit Ubuntu und der IP 192.168.1.80 ist mit netplan konfiguriert und war bislang noch nie erreichbar.

Also, ich verstehe absolut nicht, warum ein beliebiges Neubooten des KVM-Hosts nach dem Zufallsprinzip entscheidet, ob das interne Netzwerk funktioniert und das Nat-Forwarding.
Vielleicht mache ich irgendwo einen Fehler, ich sehe ihn bloss nicht.

[bluestar]

Deine gesamte Shorewall Konfiguration /etc/shorewall wäre hier hilfreich.

[Njuguna]

Deine gesamte Shorewall Konfiguration /etc/shorewall wäre hier hilfreich.

Bitte schön hier ist sie:
interfaces

Code: Alles auswählen

#ZONE   INTERFACE       OPTIONS
net     $NET_IF         dhcp,routefilter,tcpflags,physical=vmbr0
loc     $LOC_IF         routeback,bridge,physical=vmbr1

conntrack

Code: Alles auswählen

?FORMAT 3
######################################################################################################
#ACTION                 SOURCE          DEST            PROTO   DPORT           SPORT   USER    SWITCH

?if $AUTOHELPERS && __CT_TARGET

?if __AMANDA_HELPER
CT:helper:amanda:PO     -               -               udp     10080
?endif

?if __FTP_HELPER
CT:helper:ftp:PO        -               -               tcp     21
?endif

?if __H323_HELPER
CT:helper:RAS:PO        -               -               udp     1719
CT:helper:Q.931:PO      -               -               tcp     1720
?endif

?if __IRC_HELPER
CT:helper:irc:PO        -               -               tcp     6667
?endif

?if __NETBIOS_NS_HELPER
CT:helper:netbios-ns:PO -               -               udp     137
?endif

?if __PPTP_HELPER
CT:helper:pptp:PO       -               -               tcp     1723
?endif

?if __SANE_HELPER
CT:helper:sane:PO       -               -               tcp     6566
?endif

?if __SIP_HELPER
CT:helper:sip:PO        -               -               udp     5060
?endif

?if __SNMP_HELPER
CT:helper:snmp:PO       -               -               udp     161
?endif

?if __TFTP_HELPER
CT:helper:tftp:PO       -               -               udp     69
?endif

?endif

nat

Code: Alles auswählen

#EXTERNAL       INTERFACE       INTERNAL        ALLINTS         LOCAL
xxx.yy.zz.70   vmbr1           192.168.1.70    Yes             No
xxx.yy.zz.72   vmbr1           192.168.1.72    Yes             No
xxx.yy.zz.75   vmbr1           192.168.1.75    Yes             No
xxx.yy.zz.79   vmbr1           192.168.1.79    Yes             No
xxx.yy.zz.80   vmbr1           192.168.1.80    Yes             No
xxx.yy.zz.84   vmbr1           192.168.1.84    Yes             No
xxx.yy.zz.85   vmbr1           192.168.1.85    Yes             No

params

Code: Alles auswählen

NET_IF=vmbr0
LOC_IF=vmbr1

policy

Code: Alles auswählen

#SOURCE         DEST            POLICY          LOG LEVEL       LIMIT:BURST
net             all             DROP            info
fw              all             ACCEPT          info
loc             all             ACCEPT          info
# THE FOLLOWING POLICY MUST BE LAST
all             all             REJECT          info

rules

Code: Alles auswählen

#ACTION         SOURCE          DEST            PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/   MARK    CONNLIMIT       TIME            HEADERS         SWITCH          HELPER
#                                                       PORT    PORT(S)         DEST            LIMIT           GROUP
?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW

#       Don't allow connection pickup from the net
#
Invalid(DROP)   net             all             tcp
DNS(ACCEPT)     loc             net
DNS(ACCEPT)     net             loc
DNS(ACCEPT)     $FW             loc
DNS(ACCEPT)     loc             $FW
DNS(ACCEPT)     loc:192.168.1.80        net
DNS(ACCEPT)     net             loc:192.168.1.80
DNS(ACCEPT)     loc:192.168.1.72        net
DNS(ACCEPT)     net             loc:192.168.1.72
SSH(ACCEPT)     net             $FW
SSH(ACCEPT)     loc             $FW
SSH(ACCEPT)     $FW             loc
SSH(DNAT)       net             loc:192.168.1.70        tcp     52070
SSH(DNAT)       net             loc:192.168.1.72        tcp     52072
SSH(DNAT)       net             loc:192.168.1.79        tcp     52079
SSH(DNAT)       net             loc:192.168.1.80        tcp     52080

Ping(ACCEPT)    loc             $FW
Ping(ACCEPT)    net             $FW
Ping(ACCEPT)    $FW             net
Ping(ACCEPT)    net             loc
Ping(ACCEPT)    loc             net

HTTP(ACCEPT)    net             $FW
HTTP(ACCEPT)    $FW             net
HTTP(ACCEPT)    net                                             loc:192.168.1.70,192.168.1.72,192.168.1.75,192.168.1.80,192.168.1.84
HTTP(ACCEPT)    loc:192.168.1.70,192.168.1.72,192.168.1.75,192.168.1.80,192.168.1.84    net
HTTP(ACCEPT)    loc             $FW
HTTP(ACCEPT)    $FW             loc
HTTPS(ACCEPT)   net             $FW
HTTPS(ACCEPT)   $FW             net
HTTPS(ACCEPT)   net                                             loc:192.168.1.70,192.168.1.72,192.168.1.75,192.168.1.80,192.168.1.84
HTTPS(ACCEPT)   loc:192.168.1.70,192.168.1.72,192.168.1.75,192.168.1.80,192.168.1.84    net

SMTP(ACCEPT)    net             loc:192.168.1.70
SMTP(ACCEPT)    loc:192.168.1.70 net
SMTPS(ACCEPT)   net             loc:192.168.1.70
SMTPS(ACCEPT)   loc:192.168.1.70 net
SUBM(ACCEPT)    net             loc:192.168.1.70
SUBM(ACCEPT)    loc:192.168.1.70 net

IMAP(ACCEPT)    net             loc:192.168.1.70
IMAP(ACCEPT)    loc:192.168.1.70 net
IMAPS(ACCEPT)   net             loc:192.168.1.70
IMAPS(ACCEPT)   loc:192.168.1.70 net

POP3(ACCEPT)    net             loc:192.168.1.70
POP3(ACCEPT)    loc:192.168.1.70 net
POP3S(ACCEPT)   net             loc:192.168.1.70
POP3S(ACCEPT)   loc:192.168.1.70 net

SIEVE(ACCEPT)   net             loc:192.168.1.70
SIEVE(ACCEPT)   loc:192.168.1.70 net

FTP(ACCEPT)     net             loc:192.168.1.75
FTP(ACCEPT)     loc:192.168.1.75 net

ACCEPT          net             loc:192.168.1.75        tcp     49152:65535

Syslog(ACCEPT)  net             $FW
Syslog(ACCEPT)  $FW             net
                                            loc:192.168.1.70,192.168.1.75,192.168.1.84,192.168.1.85         tcp     5665
ACCEPT  loc:192.168.1.72        loc:192.168.1.66        tcp     5665
ACCEPT  loc:192.168.1.66        loc:192.168.1.72        tcp     5665
ACCEPT  net                     loc:192.168.1.72        tcp     5665
ACCEPT  loc:192.168.1.72        net                     tcp     5665
ACCEPT  loc:192.168.1.72                     $FW                     tcp     5665
ACCEPT  $FW                     loc:192.168.1.72                     tcp     5665
HTTP(ACCEPT)    loc:192.168.1.72        loc:192.168.1.71,192.168.1.75
HTTP(ACCEPT)    loc:192.168.1.71,192.168.1.75   loc:192.168.1.72
MySQL(ACCEPT)   loc:192.168.1.72        loc:192.168.1.71,192.168.1.75
MySQL(ACCEPT)   loc:192.168.1.71,192.168.1.75   loc:192.168.1.72

DNAT    net             loc:192.168.1.80        udp     16384:32768

shorewall.conf

Code: Alles auswählen

###############################################################################
#
#  Shorewall Version 5 -- /etc/shorewall/shorewall.conf
#
#  For information about the settings in this file, type "man shorewall.conf"
#
#  Manpage also online at https://shorewall.org/manpages/shorewall.conf.html
###############################################################################
#                      S T A R T U P   E N A B L E D
###############################################################################

STARTUP_ENABLED=Yes

###############################################################################
#                            V E R B O S I T Y
###############################################################################

VERBOSITY=1

###############################################################################
#                               P A G E R
###############################################################################

PAGER=

###############################################################################
#                            F I R E W A L L
###############################################################################

FIREWALL=

###############################################################################
#                              L O G G I N G
###############################################################################

LOG_LEVEL="info"

BLACKLIST_LOG_LEVEL=

INVALID_LOG_LEVEL=

LOG_BACKEND=

LOG_MARTIANS=Yes

LOG_VERBOSITY=2

LOG_ZONE=Both

LOGALLNEW=

LOGFILE=/var/log/shorewall.log

LOGFORMAT="%s %s "

LOGTAGONLY=No

LOGLIMIT="s:1/sec:10"

MACLIST_LOG_LEVEL="$LOG_LEVEL"

RELATED_LOG_LEVEL=

RPFILTER_LOG_LEVEL="$LOG_LEVEL"

SFILTER_LOG_LEVEL="$LOG_LEVEL"

SMURF_LOG_LEVEL="$LOG_LEVEL"

STARTUP_LOG=/var/log/shorewall-init.log

TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"

UNTRACKED_LOG_LEVEL=

###############################################################################
#       L O C A T I O N   O F   F I L E S   A N D   D I R E C T O R I E S
###############################################################################

ARPTABLES=

CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"

GEOIPDIR=/usr/share/xt_geoip/LE

IPTABLES=

IP=

IPSET=

LOCKFILE=

MODULESDIR=

NFACCT=

PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"

PERL=/usr/bin/perl

RESTOREFILE=restore

SHOREWALL_SHELL=/bin/sh

SUBSYSLOCK=""

TC=

###############################################################################
#               D E F A U L T   A C T I O N S / M A C R O S
###############################################################################

ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none"
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"

###############################################################################
#                        R S H / R C P  C O M M A N D S
###############################################################################

RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}'

###############################################################################
#                       F I R E W A L L   O P T I O N S
###############################################################################

ACCOUNTING=Yes

ACCOUNTING_TABLE=filter

ADD_IP_ALIASES=No

ADD_SNAT_ALIASES=No

ADMINISABSENTMINDED=Yes

AUTOCOMMENT=Yes

AUTOHELPERS=No

AUTOMAKE=Yes

BALANCE_PROVIDERS=No

BASIC_FILTERS=No

BLACKLIST="NEW,INVALID,UNTRACKED"

CLAMPMSS=No

CLEAR_TC=Yes

COMPLETE=No

DEFER_DNS_RESOLUTION=Yes

DELETE_THEN_ADD=Yes

DETECT_DNAT_IPADDRS=No

DISABLE_IPV6=No

DOCKER=No

DOCKER_BRIDGE=docker0

DONT_LOAD=

DYNAMIC_BLACKLIST=Yes

EXPAND_POLICIES=Yes

EXPORTMODULES=Yes

FASTACCEPT=No

FORWARD_CLEAR_MARK=

HELPERS=

IGNOREUNKNOWNVARIABLES=No

IMPLICIT_CONTINUE=No

IPSET_WARNINGS=Yes

IP_FORWARDING=Keep

KEEP_RT_TABLES=No

MACLIST_TABLE=filter

MACLIST_TTL=

MANGLE_ENABLED=Yes

MARK_IN_FORWARD_CHAIN=No

MINIUPNPD=No

MULTICAST=No

MUTEX_TIMEOUT=60

NULL_ROUTE_RFC1918=No

OPTIMIZE=All

OPTIMIZE_ACCOUNTING=No

PERL_HASH_SEED=0

REJECT_ACTION=

RENAME_COMBINED=Yes

REQUIRE_INTERFACE=No

RESTART=restart

RESTORE_DEFAULT_ROUTE=Yes

RESTORE_ROUTEMARKS=Yes

RETAIN_ALIASES=No

ROUTE_FILTER=Yes

SAVE_ARPTABLES=No

SAVE_IPSETS=No

TC_ENABLED=Internal

TC_EXPERT=No

TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"

TRACK_PROVIDERS=Yes

TRACK_RULES=No

USE_DEFAULT_RT=Yes

USE_NFLOG_SIZE=No

USE_PHYSICAL_NAMES=No

USE_RT_NAMES=No

VERBOSE_MESSAGES=Yes

WARNOLDCAPVERSION=Yes

WORKAROUNDS=No

ZERO_MARKS=No

ZONE2ZONE=-

###############################################################################
#                       P A C K E T   D I S P O S I T I O N
###############################################################################

BLACKLIST_DISPOSITION=DROP

INVALID_DISPOSITION=CONTINUE

MACLIST_DISPOSITION=REJECT

RELATED_DISPOSITION=ACCEPT

RPFILTER_DISPOSITION=DROP

SMURF_DISPOSITION=DROP

SFILTER_DISPOSITION=DROP

TCP_FLAGS_DISPOSITION=DROP

UNTRACKED_DISPOSITION=CONTINUE

################################################################################
#                       P A C K E T  M A R K  L A Y O U T
################################################################################

TC_BITS=

PROVIDER_BITS=

PROVIDER_OFFSET=

MASK_BITS=

ZONE_BITS=0

Die Auslistung der Makros lasse ich hier mal weg, da hier nur die Ports drin stehen, die in Log sichtbar sind.

[Njuguna]

Ich habe jetzt die Beobachtung gemacht, dass ca. 20-22 Stunden alles intern und vom Internet erreichbar war. Dann plötzlich ging die Erreichbarkeit von Außen nicht mehr. Auch nach einem Reboot nicht mehr, das interne Netzwerkwerk funktioniert dagegen.

[bluestar]

Ich habe jetzt die Beobachtung gemacht, dass ca. 20-22 Stunden alles intern und vom Internet erreichbar war.

Wie hast du das überprüft?

[Njuguna]

Wenn das Ganze gestern und heute Morgen mit ping, ssh aus dem Internet funktioniert
zum Beispiel

Code: Alles auswählen

ping xx.yy.zz.70

oder

Code: Alles auswählen

ssh -p 52070 xx.yy.zz.70

dann ist ja offensichtlich alles in Butter, oder?
Und wenn dann heute Nachmittag genau dasselbe zu einem Timeout führt, ist offensichtlich etwas zusammengebrochen. Wohlbemerkt, ohne dass in der Zwischenzeit etwas verändert wurde.
Oder wie würdest Du das überprüfen?

[bluestar]

Und wenn dann heute Nachmittag genau dasselbe zu einem Timeout führt, ist offensichtlich etwas zusammengebrochen.

Deine Konfiguration sieht für mich an sich schlüssig aus, einzig in der shorewall.conf würde ich IP_FORWARDING =yes eintragen.
Ansonsten könntest du mal mit tshark den eingehenden Traffic anschauen um das näher zu analysieren.

[Njuguna]

Dank für den Hinweis mit tshark. Ich habe den jetzt mal auf vmbr0, die an dem Netzwerk-Interface enp65s0f1 hängt, durchgeführt. Alles mit xxx.yy.zz sind die externen IP-Adressen, die auf 192.168.1.uu weitergeleitet werden sollen. AAA.BBB.CCC.100 bin ich aus dem Internet und ich mache die ganze Aufzeichnung über

Code: Alles auswählen

ping xxx.yy.zz.70

Code: Alles auswählen

1 0.000000000 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 270 52066 → 46078 [PSH, ACK] Seq=1 Ack=1 Win=501 Len=204 TSval=2103963978 TSecr=4101267692
    2 0.012441185 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=205 Win=976 Len=0 TSval=4101267723 TSecr=2103963978
    3 0.473194254 xxx.yy.zz.72 → 8.8.4.4      DNS 81 Standard query 0x5808 A 3.debian.pool.ntp.org
    4 0.473205724 xxx.yy.zz.72 → 8.8.4.4      DNS 81 Standard query 0x690d AAAA 3.debian.pool.ntp.org
    5 0.503913556 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=205 Ack=1 Win=501 Len=44 TSval=2103964482 TSecr=4101267723
    6 0.516980487 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=249 Win=976 Len=0 TSval=4101268227 TSecr=2103964482
    7 0.660676462 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.124? Tell xxx.yy.zz.65
    8 0.784720484 Cisco_4b:9a:83 → Cisco_4b:9a:83 LOOP 60 Reply
    9 0.899544983 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.114? Tell xxx.yy.zz.65
   10 0.977444389 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.97? Tell xxx.yy.zz.65
   11 1.016116659 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=249 Ack=1 Win=501 Len=44 TSval=2103964994 TSecr=4101268227
   12 1.029088938 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=293 Win=976 Len=0 TSval=4101268739 TSecr=2103964994
   13 1.254066396 Cisco_4b:9a:83 → Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 32768/200/00:17:e0:4b:9a:80  Cost = 0  Port = 0x8039
   14 1.292951712 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.88? Tell xxx.yy.zz.65
   15 1.326924080 xxx.yy.zz.84 → 8.8.8.8      DNS 81 Standard query 0xa581 A 3.debian.pool.ntp.org
   16 1.326966281 xxx.yy.zz.84 → 8.8.8.8      DNS 81 Standard query 0x9c8e AAAA 3.debian.pool.ntp.org
   17 1.340300939 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.84? Tell xxx.yy.zz.65
   18 1.380556112 Cisco_4b:9a:83 → CDP/VTP/DTP/PAgP/UDLD CDP 455 Device ID: sw1.muc  Port ID: GigabitEthernet2/0/3  
   19 1.382735939 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.120? Tell xxx.yy.zz.65
   20 1.430657540 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.91? Tell xxx.yy.zz.65
   21 1.520711133 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.94? Tell xxx.yy.zz.65
   22 1.528062225 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=293 Ack=1 Win=501 Len=44 TSval=2103965506 TSecr=4101268739
   23 1.540832539 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=337 Win=976 Len=0 TSval=4101269251 TSecr=2103965506
   24 1.644035516 xxx.yy.zz.85 → 8.8.8.8      DNS 93 Standard query 0x2b8a A 3.debian.pool.ntp.org.germany.com
   25 1.644068257 xxx.yy.zz.85 → 8.8.8.8      DNS 93 Standard query 0x2596 AAAA 3.debian.pool.ntp.org.germany.com
   26 1.652182269 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.85? Tell xxx.yy.zz.65
   27 2.025276208 99.79.48.100 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001c, seq=5255/34580, ttl=235
   28 2.025331159 xxx.yy.zz.66 → 99.79.48.100 ICMP 50 Echo (ping) reply    id=0x001c, seq=5255/34580, ttl=64 (request in 27)
   29 2.040143806 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=337 Ack=1 Win=501 Len=44 TSval=2103966018 TSecr=4101269251
   30 2.053122476 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=381 Win=976 Len=0 TSval=4101269763 TSecr=2103966018
   31 2.076770334 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.74? Tell xxx.yy.zz.65
   32 2.086228501 3.98.164.148 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001c, seq=5255/34580, ttl=235
   33 2.086261721 xxx.yy.zz.66 → 3.98.164.148 ICMP 50 Echo (ping) reply    id=0x001c, seq=5255/34580, ttl=64 (request in 32)
   34 2.100962595 xxx.yy.zz.79 → 9.9.9.9      DNS 81 Standard query 0xb5a6 A 3.debian.pool.ntp.org
   35 2.100976236 xxx.yy.zz.79 → 9.9.9.9      DNS 81 Standard query 0xbfa7 AAAA 3.debian.pool.ntp.org
   36 2.108057471 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.79? Tell xxx.yy.zz.65
   37 2.131911664 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.76? Tell xxx.yy.zz.65
   38 2.144462032  3.98.56.110 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001c, seq=5255/34580, ttl=235
   39 2.144477012 xxx.yy.zz.66 → 3.98.56.110  ICMP 50 Echo (ping) reply    id=0x001c, seq=5255/34580, ttl=64 (request in 38)
   40 2.291010151 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.111? Tell xxx.yy.zz.65
   41 2.316904258 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.77? Tell xxx.yy.zz.65
   42 2.352877657 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.70? Tell xxx.yy.zz.65
   43 2.416579573 50.18.18.122 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0010, seq=4240/36880, ttl=240
   44 2.416664695 xxx.yy.zz.66 → 50.18.18.122 ICMP 50 Echo (ping) reply    id=0x0010, seq=4240/36880, ttl=64 (request in 43)
   45 2.521162955 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.123? Tell xxx.yy.zz.65
   46 2.552056162 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=381 Ack=1 Win=501 Len=44 TSval=2103966530 TSecr=4101269763
   47 2.565199356 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=425 Win=976 Len=0 TSval=4101270275 TSecr=2103966530
   48 2.580807803 13.57.177.210 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0010, seq=4240/36880, ttl=240
   49 2.580834004 xxx.yy.zz.66 → 13.57.177.210 ICMP 50 Echo (ping) reply    id=0x0010, seq=4240/36880, ttl=64 (request in 48)
   50 2.632892734 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.67? Tell xxx.yy.zz.65
   51 2.843169158 15.228.121.86 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001c, seq=3180/27660, ttl=240
   52 2.843217650 xxx.yy.zz.66 → 15.228.121.86 ICMP 50 Echo (ping) reply    id=0x001c, seq=3180/27660, ttl=64 (request in 51)
   53 2.889001646 18.231.197.237 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001c, seq=3180/27660, ttl=240
   54 2.889039477 xxx.yy.zz.66 → 18.231.197.237 ICMP 50 Echo (ping) reply    id=0x001c, seq=3180/27660, ttl=64 (request in 53)
   55 3.008753755 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.119? Tell xxx.yy.zz.65
   56 3.011880907 43.198.182.71 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0019, seq=7219/13084, ttl=239
   57 3.011910388 xxx.yy.zz.66 → 43.198.182.71 ICMP 50 Echo (ping) reply    id=0x0019, seq=7219/13084, ttl=64 (request in 56)
   58 3.064075211 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=425 Ack=1 Win=501 Len=44 TSval=2103967042 TSecr=4101270275
   59 3.077078642 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=469 Win=976 Len=0 TSval=4101270787 TSecr=2103967042
   60 3.102958338 xxx.yy.zz.75 → 9.9.9.9      DNS 81 Standard query 0x814c A 3.debian.pool.ntp.org
   61 3.102971398 xxx.yy.zz.75 → 9.9.9.9      DNS 81 Standard query 0xda49 AAAA 3.debian.pool.ntp.org
   62 3.110296360 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.75? Tell xxx.yy.zz.65
   63 3.112782054 18.231.159.131 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001c, seq=3180/27660, ttl=240
   64 3.112820235 xxx.yy.zz.66 → 18.231.159.131 ICMP 50 Echo (ping) reply    id=0x001c, seq=3180/27660, ttl=64 (request in 63)
   65 3.259130359 Cisco_4b:9a:83 → Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 32768/200/00:17:e0:4b:9a:80  Cost = 0  Port = 0x8039
   66 3.275905237 18.162.229.18 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0019, seq=7219/13084, ttl=239
   67 3.275943448 xxx.yy.zz.66 → 18.162.229.18 ICMP 50 Echo (ping) reply    id=0x0019, seq=7219/13084, ttl=64 (request in 66)
   68 3.297969844 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.107? Tell xxx.yy.zz.65
   69 3.306341852 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.88? Tell xxx.yy.zz.65
   70 3.390180006 18.166.78.236 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0019, seq=7219/13084, ttl=239
   71 3.390214777 xxx.yy.zz.66 → 18.166.78.236 ICMP 50 Echo (ping) reply    id=0x0019, seq=7219/13084, ttl=64 (request in 70)
   72 3.477311490 xxx.yy.zz.72 → 9.9.9.9      DNS 81 Standard query 0x5808 A 3.debian.pool.ntp.org
   73 3.477330230 xxx.yy.zz.72 → 9.9.9.9      DNS 81 Standard query 0x690d AAAA 3.debian.pool.ntp.org
   74 3.484476827 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.72? Tell xxx.yy.zz.65
   75 3.521324690 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.90? Tell xxx.yy.zz.65
   76 3.576024989 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=469 Ack=1 Win=501 Len=44 TSval=2103967554 TSecr=4101270787
   77 3.588756381 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=513 Win=976 Len=0 TSval=4101271299 TSecr=2103967554
   78 3.589325465 15.237.191.139 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0013, seq=6909/64794, ttl=227
   79 3.589359166 xxx.yy.zz.66 → 15.237.191.139 ICMP 50 Echo (ping) reply    id=0x0013, seq=6909/64794, ttl=64 (request in 78)
   80 3.627595686 35.93.111.226 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001f, seq=9701/58661, ttl=230
   81 3.627626226 xxx.yy.zz.66 → 35.93.111.226 ICMP 50 Echo (ping) reply    id=0x001f, seq=9701/58661, ttl=64 (request in 80)
   82 3.641402657 44.234.187.0 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001f, seq=9701/58661, ttl=235
   83 3.641431357 xxx.yy.zz.66 → 44.234.187.0 ICMP 50 Echo (ping) reply    id=0x001f, seq=9701/58661, ttl=64 (request in 82)
   84 3.653447571 34.211.216.213 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001f, seq=9701/58661, ttl=235
   85 3.653475792 xxx.yy.zz.66 → 34.211.216.213 ICMP 50 Echo (ping) reply    id=0x001f, seq=9701/58661, ttl=64 (request in 84)
   86 3.777317218 35.86.175.62 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001f, seq=9701/58661, ttl=230
   87 3.777349769 xxx.yy.zz.66 → 35.86.175.62 ICMP 50 Echo (ping) reply    id=0x001f, seq=9701/58661, ttl=64 (request in 86)
   88 3.783516331 15.188.55.70 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0013, seq=6909/64794, ttl=230
   89 3.783545501 xxx.yy.zz.66 → 15.188.55.70 ICMP 50 Echo (ping) reply    id=0x0013, seq=6909/64794, ttl=64 (request in 88)
   90 3.790172824 13.38.38.103 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0013, seq=6909/64794, ttl=227
   91 3.790202745 xxx.yy.zz.66 → 13.38.38.103 ICMP 50 Echo (ping) reply    id=0x0013, seq=6909/64794, ttl=64 (request in 90)
   92 3.978088546 15.152.213.193 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001b, seq=8413/56608, ttl=239
   93 3.978124246 xxx.yy.zz.66 → 15.152.213.193 ICMP 50 Echo (ping) reply    id=0x001b, seq=8413/56608, ttl=64 (request in 92)
   94 3.998845908 18.142.119.220 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0010, seq=10979/58154, ttl=232
   95 3.998876049 xxx.yy.zz.66 → 18.142.119.220 ICMP 50 Echo (ping) reply    id=0x0010, seq=10979/58154, ttl=64 (request in 94)
   96 4.036023579 13.213.15.99 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0010, seq=10979/58154, ttl=233
   97 4.036039530 xxx.yy.zz.66 → 13.213.15.99 ICMP 50 Echo (ping) reply    id=0x0010, seq=10979/58154, ttl=64 (request in 96)
   98 4.088093580 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=513 Ack=1 Win=501 Len=44 TSval=2103968066 TSecr=4101271299
   99 4.101008767 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=557 Win=976 Len=0 TSval=4101271811 TSecr=2103968066
  100 4.107838966 13.250.1.144 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0010, seq=10979/58154, ttl=232
  101 4.107871577 xxx.yy.zz.66 → 13.250.1.144 ICMP 50 Echo (ping) reply    id=0x0010, seq=10979/58154, ttl=64 (request in 100)
  102 4.121379900 13.246.24.76 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0003, seq=11941/42286, ttl=218
  103 4.121407080 xxx.yy.zz.66 → 13.246.24.76 ICMP 50 Echo (ping) reply    id=0x0003, seq=11941/42286, ttl=64 (request in 102)
  104 4.151933008 16.170.248.7 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001c, seq=11847/18222, ttl=223
  105 4.151945949 xxx.yy.zz.66 → 16.170.248.7 ICMP 50 Echo (ping) reply    id=0x001c, seq=11847/18222, ttl=64 (request in 104)
  106 4.152527104 13.245.75.183 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0003, seq=11941/42286, ttl=217
  107 4.152540434 xxx.yy.zz.66 → 13.245.75.183 ICMP 50 Echo (ping) reply    id=0x0003, seq=11941/42286, ttl=64 (request in 106)
  108 4.156140268 51.20.135.180 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001c, seq=11847/18222, ttl=223
  109 4.156171119 xxx.yy.zz.66 → 51.20.135.180 ICMP 50 Echo (ping) reply    id=0x001c, seq=11847/18222, ttl=64 (request in 108)
  110 4.174991721 43.218.128.209 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0018, seq=7104/49179, ttl=236
  111 4.175021852 xxx.yy.zz.66 → 43.218.128.209 ICMP 50 Echo (ping) reply    id=0x0018, seq=7104/49179, ttl=64 (request in 110)
  112 4.221632469 15.152.16.214 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001b, seq=8413/56608, ttl=234
  113 4.221659790 xxx.yy.zz.66 → 15.152.16.214 ICMP 50 Echo (ping) reply    id=0x001b, seq=8413/56608, ttl=64 (request in 112)
  114 4.228591711 35.177.88.72 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001c, seq=11557/9517, ttl=221
  115 4.228619782 xxx.yy.zz.66 → 35.177.88.72 ICMP 50 Echo (ping) reply    id=0x001c, seq=11557/9517, ttl=64 (request in 114)
  116 4.236361415 108.136.53.174 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0018, seq=7104/49179, ttl=236
  117 4.236395455 xxx.yy.zz.66 → 108.136.53.174 ICMP 50 Echo (ping) reply    id=0x0018, seq=7104/49179, ttl=64 (request in 116)
  118 4.242789752 13.208.242.249 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001b, seq=8413/56608, ttl=234
  119 4.242819313 xxx.yy.zz.66 → 13.208.242.249 ICMP 50 Echo (ping) reply    id=0x001b, seq=8413/56608, ttl=64 (request in 118)
  120 4.280620221 108.137.10.5 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0018, seq=7104/49179, ttl=236
  121 4.280649431 xxx.yy.zz.66 → 108.137.10.5 ICMP 50 Echo (ping) reply    id=0x0018, seq=7104/49179, ttl=64 (request in 120)
  122 4.290942720 108.136.169.188 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0018, seq=7104/49179, ttl=236
  123 4.290970531 xxx.yy.zz.66 → 108.136.169.188 ICMP 50 Echo (ping) reply    id=0x0018, seq=7104/49179, ttl=64 (request in 122)
  124 4.305231103 43.218.122.133 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0018, seq=7104/49179, ttl=236
  125 4.305258184 xxx.yy.zz.66 → 43.218.122.133 ICMP 50 Echo (ping) reply    id=0x0018, seq=7104/49179, ttl=64 (request in 124)
  126 4.326986992 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.104? Tell xxx.yy.zz.65
  127 4.327514916 xxx.yy.zz.84 → 9.9.9.9      DNS 81 Standard query 0xa581 A 3.debian.pool.ntp.org
  128 4.327558327 xxx.yy.zz.84 → 9.9.9.9      DNS 81 Standard query 0x9c8e AAAA 3.debian.pool.ntp.org
  129 4.335285719 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.84? Tell xxx.yy.zz.65
  130 4.335883485 13.48.132.73 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001c, seq=11847/18222, ttl=231
  131 4.335916855 xxx.yy.zz.66 → 13.48.132.73 ICMP 50 Echo (ping) reply    id=0x001c, seq=11847/18222, ttl=64 (request in 130)
  132 4.358499256 43.218.96.111 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0018, seq=7104/49179, ttl=236
  133 4.358526497 xxx.yy.zz.66 → 43.218.96.111 ICMP 50 Echo (ping) reply    id=0x0018, seq=7104/49179, ttl=64 (request in 132)
  134 4.447190213 18.133.157.17 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001c, seq=11557/9517, ttl=221
  135 4.447219094 xxx.yy.zz.66 → 18.133.157.17 ICMP 50 Echo (ping) reply    id=0x001c, seq=11557/9517, ttl=64 (request in 134)
  136 4.449259067 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.98? Tell xxx.yy.zz.65
  137 4.453182560 13.244.115.190 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0003, seq=11941/42286, ttl=218
  138 4.453210711 xxx.yy.zz.66 → 13.244.115.190 ICMP 50 Echo (ping) reply    id=0x0003, seq=11941/42286, ttl=64 (request in 137)
  139 4.463823607 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.71? Tell xxx.yy.zz.65
  140 4.500021642 15.160.165.39 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0019, seq=14751/40761, ttl=230
  141 4.500048743 xxx.yy.zz.66 → 15.160.165.39 ICMP 50 Echo (ping) reply    id=0x0019, seq=14751/40761, ttl=64 (request in 140)
  142 4.505587008 15.161.49.59 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0019, seq=14751/40761, ttl=230
  143 4.505614059 xxx.yy.zz.66 → 15.161.49.59 ICMP 50 Echo (ping) reply    id=0x0019, seq=14751/40761, ttl=64 (request in 142)
  144 4.511312558 184.72.74.241 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0007, seq=1246/56836, ttl=241
  145 4.511340179 xxx.yy.zz.66 → 184.72.74.241 ICMP 50 Echo (ping) reply    id=0x0007, seq=1246/56836, ttl=64 (request in 144)
  146 4.514543652 3.91.173.196 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0007, seq=1246/56836, ttl=234
  147 4.514559413 xxx.yy.zz.66 → 3.91.173.196 ICMP 50 Echo (ping) reply    id=0x0007, seq=1246/56836, ttl=64 (request in 146)
  148 4.539497274 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.118? Tell xxx.yy.zz.65
  149 4.548037617 107.22.59.24 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0007, seq=1246/56836, ttl=243
  150 4.548071808 xxx.yy.zz.66 → 107.22.59.24 ICMP 50 Echo (ping) reply    id=0x0007, seq=1246/56836, ttl=64 (request in 149)
  151 4.600039555 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=557 Ack=1 Win=501 Len=44 TSval=2103968578 TSecr=4101271811
  152 4.612979573 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=601 Win=976 Len=0 TSval=4101272323 TSecr=2103968578
  153 4.642188096 13.40.210.187 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001c, seq=11557/9517, ttl=221
  154 4.642205517 xxx.yy.zz.66 → 13.40.210.187 ICMP 50 Echo (ping) reply    id=0x001c, seq=11557/9517, ttl=64 (request in 153)
  155 4.645201846   3.81.37.36 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0007, seq=1246/56836, ttl=239
  156 4.645223056 xxx.yy.zz.66 → 3.81.37.36   ICMP 50 Echo (ping) reply    id=0x0007, seq=1246/56836, ttl=64 (request in 155)
  157 4.712159875 35.152.58.60 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0019, seq=14751/40761, ttl=237
  158 4.712197716 xxx.yy.zz.66 → 35.152.58.60 ICMP 50 Echo (ping) reply    id=0x0019, seq=14751/40761, ttl=64 (request in 157)
  159 4.727937797 3.238.94.144 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0007, seq=1246/56836, ttl=241
  160 4.727970908 xxx.yy.zz.66 → 3.238.94.144 ICMP 50 Echo (ping) reply    id=0x0007, seq=1246/56836, ttl=64 (request in 159)
  161 4.757016977 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.111? Tell xxx.yy.zz.65
  162 4.937402820 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.87? Tell xxx.yy.zz.65
  163 4.989249764 57.180.10.186 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001a, seq=19015/18250, ttl=240
  164 4.989278045 xxx.yy.zz.66 → 57.180.10.186 ICMP 50 Echo (ping) reply    id=0x001a, seq=19015/18250, ttl=64 (request in 163)
  165 5.112207617 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=601 Ack=1 Win=501 Len=44 TSval=2103969090 TSecr=4101272323
  166 5.125105664 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=645 Win=976 Len=0 TSval=4101272835 TSecr=2103969090
  167 5.212632121 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.122? Tell xxx.yy.zz.65
  168 5.264012714 Cisco_4b:9a:83 → Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 32768/200/00:17:e0:4b:9a:80  Cost = 0  Port = 0x8039
  169 5.287631441 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.89? Tell xxx.yy.zz.65
  170 5.304689666 52.194.242.74 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001a, seq=19015/18250, ttl=240
  171 5.304726357 xxx.yy.zz.66 → 52.194.242.74 ICMP 50 Echo (ping) reply    id=0x001a, seq=19015/18250, ttl=64 (request in 170)
  172 5.306987946 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.81? Tell xxx.yy.zz.65
  173 5.401356382 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.70? Tell xxx.yy.zz.65
  174 5.424358014 35.77.36.234 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x001a, seq=19015/18250, ttl=236
  175 5.424389285 xxx.yy.zz.66 → 35.77.36.234 ICMP 50 Echo (ping) reply    id=0x001a, seq=19015/18250, ttl=64 (request in 174)
  176 5.623788083 xxx.yy.zz.66 → AAA.BBB.CCC.100 TCP 110 52066 → 46078 [PSH, ACK] Seq=645 Ack=1 Win=501 Len=44 TSval=2103969602 TSecr=4101272835
  177 5.636719841 AAA.BBB.CCC.100 → xxx.yy.zz.66 TCP 66 46078 → 52066 [ACK] Seq=1 Ack=689 Win=976 Len=0 TSval=4101273347 TSecr=2103969602
  178 5.645716537 3.38.195.109 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0011, seq=20803/17233, ttl=234
  179 5.645734947 xxx.yy.zz.66 → 3.38.195.109 ICMP 50 Echo (ping) reply    id=0x0011, seq=20803/17233, ttl=64 (request in 178)
  180 5.671727546 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.117? Tell xxx.yy.zz.65
  181 5.698625419 3.249.209.39 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x000f, seq=20179/54094, ttl=242
  182 5.698644990 xxx.yy.zz.66 → 3.249.209.39 ICMP 50 Echo (ping) reply    id=0x000f, seq=20179/54094, ttl=64 (request in 181)
  183 5.725291076 18.195.76.252 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0018, seq=20299/19279, ttl=245
  184 5.725319496 xxx.yy.zz.66 → 18.195.76.252 ICMP 50 Echo (ping) reply    id=0x0018, seq=20299/19279, ttl=64 (request in 183)
  185 5.749527569 34.207.155.111 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0007, seq=1246/56836, ttl=240
  186 5.749555820 xxx.yy.zz.66 → 34.207.155.111 ICMP 50 Echo (ping) reply    id=0x0007, seq=1246/56836, ttl=64 (request in 185)
  187 5.768613067 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.119? Tell xxx.yy.zz.65
  188 5.847884299  3.36.107.65 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0011, seq=20803/17233, ttl=236
  189 5.847919900 xxx.yy.zz.66 → 3.36.107.65  ICMP 50 Echo (ping) reply    id=0x0011, seq=20803/17233, ttl=64 (request in 188)
  190 5.870722905 3.75.133.205 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0018, seq=20299/19279, ttl=245
  191 5.870738346 xxx.yy.zz.66 → 3.75.133.205 ICMP 50 Echo (ping) reply    id=0x0018, seq=20299/19279, ttl=64 (request in 190)
  192 5.898272285 34.253.233.107 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x000f, seq=20179/54094, ttl=242
  193 5.898300926 xxx.yy.zz.66 → 34.253.233.107 ICMP 50 Echo (ping) reply    id=0x000f, seq=20179/54094, ttl=64 (request in 192)
  194 5.912638270 3.79.155.238 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0018, seq=20299/19279, ttl=245
  195 5.912667041 xxx.yy.zz.66 → 3.79.155.238 ICMP 50 Echo (ping) reply    id=0x0018, seq=20299/19279, ttl=64 (request in 194)
  196 5.997925709 54.78.141.254 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x000f, seq=20179/54094, ttl=243
  197 5.997953370 xxx.yy.zz.66 → 54.78.141.254 ICMP 50 Echo (ping) reply    id=0x000f, seq=20179/54094, ttl=64 (request in 196)
  198 6.064569640 Cisco_38:6d:12 → Broadcast    ARP 60 Who has xxx.yy.zz.86? Tell xxx.yy.zz.65
  199 6.078082723  3.34.146.76 → xxx.yy.zz.66 ICMP 60 Echo (ping) request  id=0x0011, seq=20803/17233, ttl=234
  200 6.078119224 xxx.yy.zz.66 → 3.34.146.76  ICMP 50 Echo (ping) reply    id=0x0011, seq=20803/17233, ttl=64 (request in 199)

In den Zeilen 1/2, 5/6, 22/23 etc. sieht man, dass zwischen dem KVM-Host "xxx.yy.zz.66" und mir etwas passiert. "xxx.yy.zz.70", was ich anpinge taucht, nirgends auf.
Dafür sieht man in den Zeilen 15, 24 wie "xxx.yy.zz.84" und "xxx.yy.zz.85", zwei DNS-Server mit ihren externen IP-Adressen 8.8.8.8 abfragen, auch xxx.yy.zz.79 fragt den 9.9.9.9 in 34 ab.
Also in die eine Richtung scheint das Nat zu funktionieren, in die eingehende Richtung leider nicht.

Das Ändern des Parameters in der shorewall.conf hatte keine Auswirkung gezeigt.

[Njuguna]

Code: Alles auswählen

1 0.000000000 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=1/256, ttl=64
    2 0.000199455 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=1/256, ttl=64 (request in 1)
    3 0.007106656 192.168.1.72 → 192.168.1.84 ICMP 98 Echo (ping) request  id=0x6f54, seq=5/1280, ttl=64
    4 0.007233519 192.168.1.84 → 192.168.1.72 ICMP 98 Echo (ping) reply    id=0x6f54, seq=5/1280, ttl=64 (request in 3)
    5 0.974042291 192.168.1.85 → 8.8.8.8      DNS 93 Standard query 0xe692 A 2.debian.pool.ntp.org.germany.com
    6 0.974139713 192.168.1.85 → 8.8.8.8      DNS 93 Standard query 0x1894 AAAA 2.debian.pool.ntp.org.germany.com
    7 1.032149002 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=2/512, ttl=64
    8 1.032311326 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=2/512, ttl=64 (request in 7)
    9 1.656012405 192.168.1.84 → 8.8.8.8      DNS 81 Standard query 0x8791 A 3.debian.pool.ntp.org
   10 1.656074106 192.168.1.84 → 8.8.8.8      DNS 81 Standard query 0x3d93 AAAA 3.debian.pool.ntp.org
   11 1.711066026 192.168.1.79 → 192.168.1.84 DNS 81 Standard query 0xbb00 A 2.debian.pool.ntp.org
   12 1.711070206 192.168.1.79 → 192.168.1.84 DNS 81 Standard query 0x4407 AAAA 2.debian.pool.ntp.org
   13 1.723700437 192.168.1.84 → 192.168.1.79 DNS 81 Standard query response 0xbb00 Refused A 2.debian.pool.ntp.org
   14 1.723778409 192.168.1.84 → 192.168.1.79 DNS 81 Standard query response 0x4407 Refused AAAA 2.debian.pool.ntp.org
   15 1.723935663 192.168.1.79 → 9.9.9.9      DNS 81 Standard query 0xbb00 A 2.debian.pool.ntp.org
   16 1.723938873 192.168.1.79 → 9.9.9.9      DNS 81 Standard query 0x4407 AAAA 2.debian.pool.ntp.org
   17 2.056178142 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=3/768, ttl=64
   18 2.056319176 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=3/768, ttl=64 (request in 17)
   19 2.214818034 192.168.1.72 → 8.8.4.4      DNS 81 Standard query 0x7f74 A 1.debian.pool.ntp.org
   20 2.214821885 192.168.1.72 → 8.8.4.4      DNS 81 Standard query 0x9f4a AAAA 1.debian.pool.ntp.org
   21 2.584757400 12:27:a3:31:1e:6f → be:74:6e:1b:15:9c ARP 42 Who has 192.168.1.84? Tell 192.168.1.75
   22 2.584953335 be:74:6e:1b:15:9c → 12:27:a3:31:1e:6f ARP 42 192.168.1.84 is at be:74:6e:1b:15:9c
   23 3.080193189 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=4/1024, ttl=64
   24 3.080358134 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=4/1024, ttl=64 (request in 23)
   25 3.208139070 7a:f8:9e:40:57:9b → be:74:6e:1b:15:9c ARP 42 Who has 192.168.1.84? Tell 192.168.1.66
   26 3.208255182 be:74:6e:1b:15:9c → 7a:f8:9e:40:57:9b ARP 42 192.168.1.84 is at be:74:6e:1b:15:9c
   27 3.431240530 192.168.1.75 → 192.168.1.84 DNS 81 Standard query 0xd68d A 2.debian.pool.ntp.org
   28 3.431259221 192.168.1.75 → 192.168.1.84 DNS 81 Standard query 0x1088 AAAA 2.debian.pool.ntp.org
   29 3.431759894 192.168.1.84 → 192.168.1.75 DNS 81 Standard query response 0xd68d Refused A 2.debian.pool.ntp.org
   30 3.431817585 192.168.1.84 → 192.168.1.75 DNS 81 Standard query response 0x1088 Refused AAAA 2.debian.pool.ntp.org
   31 3.432124723 192.168.1.75 → 9.9.9.9      DNS 81 Standard query 0xd68d A 2.debian.pool.ntp.org
   32 3.432196205 192.168.1.75 → 9.9.9.9      DNS 81 Standard query 0x1088 AAAA 2.debian.pool.ntp.org
   33 3.954789777 192.168.1.72 → 192.55.84.84 TLSv1.2 184 Application Data
   34 3.954828538 192.55.84.72 → 192.168.1.84 TLSv1.2 184 Application Data
   35 3.954793738 192.168.1.72 → 192.55.84.75 TLSv1.2 184 Application Data
   36 3.954846759 192.55.84.72 → 192.168.1.75 TLSv1.2 184 Application Data
   37 3.954952222 192.168.1.84 → 192.55.84.72 TCP 66 37656 → 5665 [ACK] Seq=1 Ack=119 Win=501 Len=0 TSval=41859048 TSecr=3343806058
   38 3.954972282 192.55.84.84 → 192.168.1.72 TCP 66 37656 → 5665 [ACK] Seq=1 Ack=119 Win=501 Len=0 TSval=41859048 TSecr=3343806058
   39 3.955101846 192.168.1.75 → 192.55.84.72 TCP 66 36226 → 5665 [ACK] Seq=1 Ack=119 Win=501 Len=0 TSval=1255805399 TSecr=2947728995
   40 3.955149107 192.55.84.75 → 192.168.1.72 TCP 66 36226 → 5665 [ACK] Seq=1 Ack=119 Win=501 Len=0 TSval=1255805399 TSecr=2947728995
   41 4.104168877 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=5/1280, ttl=64
   42 4.104321501 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=5/1280, ttl=64 (request in 41)
   43 4.656692213 192.168.1.84 → 9.9.9.9      DNS 81 Standard query 0x8791 A 3.debian.pool.ntp.org
   44 4.656775875 192.168.1.84 → 9.9.9.9      DNS 81 Standard query 0x3d93 AAAA 3.debian.pool.ntp.org
   45 5.128046193 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=6/1536, ttl=64
   46 5.128209487 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=6/1536, ttl=64 (request in 45)
   47 5.218226974 192.168.1.72 → 192.168.1.84 DNS 81 Standard query 0x7f74 A 1.debian.pool.ntp.org
   48 5.218230754 192.168.1.72 → 192.168.1.84 DNS 81 Standard query 0x9f4a AAAA 1.debian.pool.ntp.org
   49 5.218632444 192.168.1.84 → 192.168.1.72 DNS 81 Standard query response 0x7f74 Refused A 1.debian.pool.ntp.org
   50 5.218682315 192.168.1.84 → 192.168.1.72 DNS 81 Standard query response 0x9f4a Refused AAAA 1.debian.pool.ntp.org
   51 5.218891981 192.168.1.72 → 9.9.9.9      DNS 81 Standard query 0x7f74 A 1.debian.pool.ntp.org
   52 5.218895421 192.168.1.72 → 9.9.9.9      DNS 81 Standard query 0x9f4a AAAA 1.debian.pool.ntp.org
   53 5.223976364 b2:f4:c2:1c:fb:a4 → 7a:f8:9e:40:57:9b ARP 42 Who has 192.168.1.66? Tell 192.168.1.70
   54 5.223989745 7a:f8:9e:40:57:9b → b2:f4:c2:1c:fb:a4 ARP 42 192.168.1.66 is at 7a:f8:9e:40:57:9b
   55 5.256137426 7a:f8:9e:40:57:9b → b2:f4:c2:1c:fb:a4 ARP 42 Who has 192.168.1.70? Tell 192.168.1.66
   56 5.256260739 b2:f4:c2:1c:fb:a4 → 7a:f8:9e:40:57:9b ARP 42 192.168.1.70 is at b2:f4:c2:1c:fb:a4
   57 5.974119045 192.168.1.85 → 8.8.4.4      DNS 93 Standard query 0xe692 A 2.debian.pool.ntp.org.germany.com
   58 5.974172826 192.168.1.85 → 8.8.4.4      DNS 93 Standard query 0x1894 AAAA 2.debian.pool.ntp.org.germany.com
   59 6.152134235 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=7/1792, ttl=64
   60 6.152297019 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=7/1792, ttl=64 (request in 59)
   61 6.729262615 192.168.1.79 → 192.168.1.84 DNS 93 Standard query 0x14fb A 2.debian.pool.ntp.org.germany.com
   62 6.729266364 192.168.1.79 → 192.168.1.84 DNS 93 Standard query 0x33ff AAAA 2.debian.pool.ntp.org.germany.com
   63 6.729601813 192.168.1.84 → 192.168.1.79 DNS 155 Standard query response 0x14fb No such name A 2.debian.pool.ntp.org.germany.com SOA ns1.germany.com
   64 6.741876045 192.168.1.84 → 192.168.1.79 DNS 155 Standard query response 0x33ff No such name AAAA 2.debian.pool.ntp.org.germany.com SOA ns1.germany.com
   65 6.742190443 192.168.1.79 → 192.168.1.84 DNS 81 Standard query 0x0882 A 3.debian.pool.ntp.org
   66 6.742192273 192.168.1.79 → 192.168.1.84 DNS 81 Standard query 0xb185 AAAA 3.debian.pool.ntp.org
   67 6.742456050 192.168.1.84 → 192.168.1.79 DNS 81 Standard query response 0x0882 Refused A 3.debian.pool.ntp.org
   68 6.742528482 192.168.1.84 → 192.168.1.79 DNS 81 Standard query response 0xb185 Refused AAAA 3.debian.pool.ntp.org
   69 6.742605714 192.168.1.79 → 9.9.9.9      DNS 81 Standard query 0x0882 A 3.debian.pool.ntp.org
   70 6.742607854 192.168.1.79 → 9.9.9.9      DNS 81 Standard query 0xb185 AAAA 3.debian.pool.ntp.org
   71 7.176141203 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=8/2048, ttl=64
   72 7.176306458 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=8/2048, ttl=64 (request in 71)
   73 8.200044999 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=9/2304, ttl=64
   74 8.200195623 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=9/2304, ttl=64 (request in 73)
   75 8.432438134 192.168.1.75 → 192.168.1.84 DNS 81 Standard query 0xd68d A 2.debian.pool.ntp.org
   76 8.432468265 192.168.1.75 → 192.168.1.84 DNS 81 Standard query 0x1088 AAAA 2.debian.pool.ntp.org
   77 8.432927797 192.168.1.84 → 192.168.1.75 DNS 81 Standard query response 0xd68d Refused A 2.debian.pool.ntp.org
   78 8.432960487 192.168.1.84 → 192.168.1.75 DNS 81 Standard query response 0x1088 Refused AAAA 2.debian.pool.ntp.org
   79 8.433392709 192.168.1.75 → 9.9.9.9      DNS 93 Standard query 0xd8d0 A 2.debian.pool.ntp.org.germany.com
   80 8.433470271 192.168.1.75 → 9.9.9.9      DNS 93 Standard query 0xfcd6 AAAA 2.debian.pool.ntp.org.germany.com
   81 8.955583759 192.168.1.72 → 192.55.84.75 TLSv1.2 184 Application Data
   82 8.955631221 192.55.84.72 → 192.168.1.75 TLSv1.2 184 Application Data
   83 8.955662501 192.168.1.72 → 192.55.84.84 TLSv1.2 184 Application Data
   84 8.955672922 192.55.84.72 → 192.168.1.84 TLSv1.2 184 Application Data
   85 8.955801895 192.168.1.84 → 192.55.84.72 TCP 66 37656 → 5665 [ACK] Seq=1 Ack=237 Win=501 Len=0 TSval=41864049 TSecr=3343811059
   86 8.955823706 192.55.84.84 → 192.168.1.72 TCP 66 37656 → 5665 [ACK] Seq=1 Ack=237 Win=501 Len=0 TSval=41864049 TSecr=3343811059
   87 8.955835676 192.168.1.75 → 192.55.84.72 TCP 66 36226 → 5665 [ACK] Seq=1 Ack=237 Win=501 Len=0 TSval=1255810400 TSecr=2947733996
   88 8.955870697 192.55.84.75 → 192.168.1.72 TCP 66 36226 → 5665 [ACK] Seq=1 Ack=237 Win=501 Len=0 TSval=1255810400 TSecr=2947733996
   89 9.224181980 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=10/2560, ttl=64
   90 9.224323964 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=10/2560, ttl=64 (request in 89)
   91 9.656890459 192.168.1.84 → 8.8.8.8      DNS 81 Standard query 0x8791 A 3.debian.pool.ntp.org
   92 9.656928590 192.168.1.84 → 8.8.8.8      DNS 81 Standard query 0x3d93 AAAA 3.debian.pool.ntp.org
   93 10.223415942 192.168.1.72 → 8.8.4.4      DNS 81 Standard query 0x7f74 A 1.debian.pool.ntp.org
   94 10.223419632 192.168.1.72 → 8.8.4.4      DNS 81 Standard query 0x9f4a AAAA 1.debian.pool.ntp.org
   95 10.248164040 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=11/2816, ttl=64
   96 10.248309254 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=11/2816, ttl=64 (request in 95)
   97 11.064030580 aa:ba:41:8e:8f:41 → 7a:f8:9e:40:57:9b ARP 42 Who has 192.168.1.66? Tell 192.168.1.85
   98 11.064050270 7a:f8:9e:40:57:9b → aa:ba:41:8e:8f:41 ARP 42 192.168.1.66 is at 7a:f8:9e:40:57:9b
   99 11.272163358 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=12/3072, ttl=64
  100 11.272318392 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=12/3072, ttl=64 (request in 99)
  101 11.748166629 192.168.1.79 → 192.168.1.84 DNS 81 Standard query 0x0882 A 3.debian.pool.ntp.org
  102 11.748170639 192.168.1.79 → 192.168.1.84 DNS 81 Standard query 0xb185 AAAA 3.debian.pool.ntp.org
  103 11.748580020 192.168.1.84 → 192.168.1.79 DNS 81 Standard query response 0x0882 Refused A 3.debian.pool.ntp.org
  104 11.762597347 192.168.1.84 → 192.168.1.79 DNS 81 Standard query response 0xb185 Refused AAAA 3.debian.pool.ntp.org
  105 11.762825733 192.168.1.79 → 9.9.9.9      DNS 81 Standard query 0x0882 A 3.debian.pool.ntp.org
  106 11.762828993 192.168.1.79 → 9.9.9.9      DNS 81 Standard query 0xb185 AAAA 3.debian.pool.ntp.org
  107 11.957108219 fe:1b:8a:19:be:d3 → 7a:f8:9e:40:57:9b ARP 42 Who has 192.168.1.66? Tell 192.168.1.79
  108 11.957124160 7a:f8:9e:40:57:9b → fe:1b:8a:19:be:d3 ARP 42 192.168.1.66 is at 7a:f8:9e:40:57:9b
  109 11.957111829 fe:1b:8a:19:be:d3 → be:74:6e:1b:15:9c ARP 42 Who has 192.168.1.84? Tell 192.168.1.79
  110 11.957268514 be:74:6e:1b:15:9c → fe:1b:8a:19:be:d3 ARP 42 192.168.1.84 is at be:74:6e:1b:15:9c
  111 11.972426031 192.168.1.85 → 8.8.8.8      DNS 81 Standard query 0x3912 A 3.debian.pool.ntp.org
  112 11.972476462 192.168.1.85 → 8.8.8.8      DNS 81 Standard query 0x9011 AAAA 3.debian.pool.ntp.org
  113 12.296190117 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=13/3328, ttl=64
  114 12.296377342 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=13/3328, ttl=64 (request in 113)
  115 12.657522777 192.168.1.84 → 9.9.9.9      DNS 93 Standard query 0xebfa A 3.debian.pool.ntp.org.germany.com
  116 12.657550937 192.168.1.84 → 9.9.9.9      DNS 93 Standard query 0x80f9 AAAA 3.debian.pool.ntp.org.germany.com
  117 13.226775999 192.168.1.72 → 192.168.1.84 DNS 81 Standard query 0x7f74 A 1.debian.pool.ntp.org
  118 13.226779769 192.168.1.72 → 192.168.1.84 DNS 81 Standard query 0x9f4a AAAA 1.debian.pool.ntp.org
  119 13.227251642 192.168.1.84 → 192.168.1.72 DNS 81 Standard query response 0x7f74 Refused A 1.debian.pool.ntp.org
  120 13.227304423 192.168.1.84 → 192.168.1.72 DNS 81 Standard query response 0x9f4a Refused AAAA 1.debian.pool.ntp.org
  121 13.227689273 192.168.1.72 → 9.9.9.9      DNS 93 Standard query 0x0bf8 A 1.debian.pool.ntp.org.germany.com
  122 13.227692693 192.168.1.72 → 9.9.9.9      DNS 93 Standard query 0x0bfe AAAA 1.debian.pool.ntp.org.germany.com
  123 13.320175925 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=14/3584, ttl=64
  124 13.320386351 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=14/3584, ttl=64 (request in 123)
  125 13.433778299 192.168.1.75 → 192.168.1.84 DNS 93 Standard query 0xd8d0 A 2.debian.pool.ntp.org.germany.com
  126 13.433807729 192.168.1.75 → 192.168.1.84 DNS 93 Standard query 0xfcd6 AAAA 2.debian.pool.ntp.org.germany.com
  127 13.434202930 192.168.1.84 → 192.168.1.75 DNS 155 Standard query response 0xd8d0 No such name A 2.debian.pool.ntp.org.germany.com SOA ns1.germany.com
  128 13.434248841 192.168.1.84 → 192.168.1.75 DNS 155 Standard query response 0xfcd6 No such name AAAA 2.debian.pool.ntp.org.germany.com SOA ns1.germany.com
  129 13.955557889 192.168.1.72 → 192.55.84.75 TLSv1.2 184 Application Data
  130 13.955590750 192.55.84.72 → 192.168.1.75 TLSv1.2 184 Application Data
  131 13.955561070 192.168.1.72 → 192.55.84.84 TLSv1.2 184 Application Data
  132 13.955609981 192.55.84.72 → 192.168.1.84 TLSv1.2 184 Application Data
  133 13.955777405 192.168.1.84 → 192.55.84.72 TCP 66 37656 → 5665 [ACK] Seq=1 Ack=355 Win=501 Len=0 TSval=41869048 TSecr=3343816059
  134 13.955802256 192.55.84.84 → 192.168.1.72 TCP 66 37656 → 5665 [ACK] Seq=1 Ack=355 Win=501 Len=0 TSval=41869048 TSecr=3343816059
  135 13.955815586 192.168.1.75 → 192.55.84.72 TCP 66 36226 → 5665 [ACK] Seq=1 Ack=355 Win=501 Len=0 TSval=1255815400 TSecr=2947738996
  136 13.955865658 192.55.84.75 → 192.168.1.72 TCP 66 36226 → 5665 [ACK] Seq=1 Ack=355 Win=501 Len=0 TSval=1255815400 TSecr=2947738996
  137 13.960136060 7a:f8:9e:40:57:9b → d6:78:aa:1d:71:99 ARP 42 Who has 192.168.1.72? Tell 192.168.1.66
  138 13.960135890 7a:f8:9e:40:57:9b → 12:27:a3:31:1e:6f ARP 42 Who has 192.168.1.75? Tell 192.168.1.66
  139 13.960315494 12:27:a3:31:1e:6f → 7a:f8:9e:40:57:9b ARP 42 192.168.1.75 is at 12:27:a3:31:1e:6f
  140 13.960319385 d6:78:aa:1d:71:99 → 7a:f8:9e:40:57:9b ARP 42 192.168.1.72 is at d6:78:aa:1d:71:99
  141 14.344167854 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=15/3840, ttl=64
  142 14.344318347 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=15/3840, ttl=64 (request in 141)
  143 14.430895365 192.168.1.75 → 9.9.9.9      DNS 81 Standard query 0x5cb9 A 3.debian.pool.ntp.org
  144 14.430961606 192.168.1.75 → 9.9.9.9      DNS 81 Standard query 0xaebd AAAA 3.debian.pool.ntp.org
  145 15.368164843 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=16/4096, ttl=64
  146 15.368307287 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=16/4096, ttl=64 (request in 145)
  147 16.279774019 192.168.1.75 → 192.55.84.72 TLSv1.2 149 Application Data
  148 16.279811231 192.55.84.75 → 192.168.1.72 TLSv1.2 149 Application Data
  149 16.280042957 192.168.1.72 → 192.55.84.75 TCP 66 5665 → 36226 [ACK] Seq=355 Ack=84 Win=501 Len=0 TSval=2947741320 TSecr=1255817724
  150 16.280074687 192.55.84.72 → 192.168.1.75 TCP 66 5665 → 36226 [ACK] Seq=355 Ack=84 Win=501 Len=0 TSval=2947741320 TSecr=1255817724
  151 16.392107831 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=17/4352, ttl=64
  152 16.392274465 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=17/4352, ttl=64 (request in 151)
  153 16.413636814 192.168.1.72 → 192.55.84.75 TLSv1.2 149 Application Data
  154 16.413649724 192.55.84.72 → 192.168.1.75 TLSv1.2 149 Application Data
  155 16.413817019 192.168.1.75 → 192.55.84.72 TCP 66 36226 → 5665 [ACK] Seq=84 Ack=438 Win=501 Len=0 TSval=1255817858 TSecr=2947741454
  156 16.413839440 192.55.84.75 → 192.168.1.72 TCP 66 36226 → 5665 [ACK] Seq=84 Ack=438 Win=501 Len=0 TSval=1255817858 TSecr=2947741454
  157 16.768340660 192.168.1.79 → 192.168.1.84 DNS 93 Standard query 0xbca9 A 3.debian.pool.ntp.org.germany.com
  158 16.768344510 192.168.1.79 → 192.168.1.84 DNS 93 Standard query 0x43d3 AAAA 3.debian.pool.ntp.org.germany.com
  159 16.768826313 192.168.1.84 → 192.168.1.79 DNS 155 Standard query response 0xbca9 No such name A 3.debian.pool.ntp.org.germany.com SOA ns1.germany.com
  160 16.782116921 192.168.1.84 → 192.168.1.79 DNS 155 Standard query response 0x43d3 No such name AAAA 3.debian.pool.ntp.org.germany.com SOA ns1.germany.com
  161 16.782423809 192.168.1.79 → 192.168.1.84 DNS 81 Standard query 0x585d A 0.debian.pool.ntp.org
  162 16.782427159 192.168.1.79 → 192.168.1.84 DNS 81 Standard query 0x5c5c AAAA 0.debian.pool.ntp.org
  163 16.782794059 192.168.1.84 → 192.168.1.79 DNS 81 Standard query response 0x585d Refused A 0.debian.pool.ntp.org
  164 16.782919942 192.168.1.84 → 192.168.1.79 DNS 81 Standard query response 0x5c5c Refused AAAA 0.debian.pool.ntp.org
  165 16.783062366 192.168.1.79 → 9.9.9.9      DNS 81 Standard query 0x585d A 0.debian.pool.ntp.org
  166 16.783066176 192.168.1.79 → 9.9.9.9      DNS 81 Standard query 0x5c5c AAAA 0.debian.pool.ntp.org
  167 16.972712271 192.168.1.85 → 8.8.4.4      DNS 81 Standard query 0x3912 A 3.debian.pool.ntp.org
  168 16.972752232 192.168.1.85 → 8.8.4.4      DNS 81 Standard query 0x9011 AAAA 3.debian.pool.ntp.org
  169 17.416176471 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=18/4608, ttl=64
  170 17.416336205 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=18/4608, ttl=64 (request in 169)
  171 17.657632363 192.168.1.84 → 8.8.8.8      DNS 93 Standard query 0xebfa A 3.debian.pool.ntp.org.germany.com
  172 17.657675904 192.168.1.84 → 8.8.8.8      DNS 93 Standard query 0x80f9 AAAA 3.debian.pool.ntp.org.germany.com
  173 17.971754227 192.168.1.84 → 192.55.84.72 TLSv1.2 149 Application Data
  174 17.971806518 192.55.84.84 → 192.168.1.72 TLSv1.2 149 Application Data
  175 17.972025324 192.168.1.72 → 192.55.84.84 TCP 66 5665 → 37656 [ACK] Seq=355 Ack=84 Win=501 Len=0 TSval=3343820075 TSecr=41873064
  176 17.972042274 192.55.84.72 → 192.168.1.84 TCP 66 5665 → 37656 [ACK] Seq=355 Ack=84 Win=501 Len=0 TSval=3343820075 TSecr=41873064
  177 18.117020189 192.168.1.72 → 192.55.84.84 TLSv1.2 149 Application Data
  178 18.117039979 192.55.84.72 → 192.168.1.84 TLSv1.2 149 Application Data
  179 18.117156122 192.168.1.84 → 192.55.84.72 TCP 66 37656 → 5665 [ACK] Seq=84 Ack=438 Win=501 Len=0 TSval=41873210 TSecr=3343820220
  180 18.117167353 192.55.84.84 → 192.168.1.72 TCP 66 37656 → 5665 [ACK] Seq=84 Ack=438 Win=501 Len=0 TSval=41873210 TSecr=3343820220
  181 18.233287942 192.168.1.72 → 8.8.4.4      DNS 93 Standard query 0x0bf8 A 1.debian.pool.ntp.org.germany.com
  182 18.233291092 192.168.1.72 → 8.8.4.4      DNS 93 Standard query 0x0bfe AAAA 1.debian.pool.ntp.org.germany.com
  183 18.326042860 be:74:6e:1b:15:9c → d6:78:aa:1d:71:99 ARP 42 Who has 192.168.1.72? Tell 192.168.1.84
  184 18.326198124 d6:78:aa:1d:71:99 → be:74:6e:1b:15:9c ARP 42 192.168.1.72 is at d6:78:aa:1d:71:99
  185 18.440184788 192.168.1.66 → 192.168.1.70 ICMP 98 Echo (ping) request  id=0x1e75, seq=19/4864, ttl=64
  186 18.440385314 192.168.1.70 → 192.168.1.66 ICMP 98 Echo (ping) reply    id=0x1e75, seq=19/4864, ttl=64 (request in 185)
  187 18.955975122 192.168.1.72 → 192.55.84.75 TLSv1.2 184 Application Data
  188 18.955990673 192.55.84.72 → 192.168.1.75 TLSv1.2 184 Application Data
  189 18.956015674 192.168.1.72 → 192.55.84.84 TLSv1.2 184 Application Data
  190 18.956025114 192.55.84.72 → 192.168.1.84 TLSv1.2 184 Application Data
  191 18.956122276 192.168.1.84 → 192.55.84.72 TCP 66 37656 → 5665 [ACK] Seq=84 Ack=556 Win=501 Len=0 TSval=41874049 TSecr=3343821059
  192 18.956132447 192.55.84.84 → 192.168.1.72 TCP 66 37656 → 5665 [ACK] Seq=84 Ack=556 Win=501 Len=0 TSval=41874049 TSecr=3343821059
  193 18.956215789 192.168.1.75 → 192.55.84.72 TCP 66 36226 → 5665 [ACK] Seq=84 Ack=556 Win=501 Len=0 TSval=1255820400 TSecr=2947743996
  194 18.956262300 192.55.84.75 → 192.168.1.72 TCP 66 36226 → 5665 [ACK] Seq=84 Ack=556 Win=501 Len=0 TSval=1255820400 TSecr=2947743996
  195 19.431284165 192.168.1.75 → 192.168.1.84 DNS 81 Standard query 0x5cb9 A 3.debian.pool.ntp.org
  196 19.431303516 192.168.1.75 → 192.168.1.84 DNS 81 Standard query 0xaebd AAAA 3.debian.pool.ntp.org
  197 19.431806889 192.168.1.84 → 192.168.1.75 DNS 81 Standard query response 0x5cb9 Refused A 3.debian.pool.ntp.org
  198 19.431872580 192.168.1.84 → 192.168.1.75 DNS 81 Standard query response 0xaebd Refused AAAA 3.debian.pool.ntp.org
  199 19.432584819 192.168.1.75 → 9.9.9.9      DNS 81 Standard query 0x5cb9 A 3.debian.pool.ntp.org
  200 19.432624480 192.168.1.75 → 9.9.9.9      DNS 81 Standard query 0xaebd AAAA 3.debian.pool.ntp.org

Jetzt auf xxx.yy.zz.66, dem KVM-Host mit einem Ping gegen 192.168.1.70 und gemessen an vmbr1.

[Njuguna]

Okay, nach mehreren Tests glaube ich das Problem gefunden zu haben:
Direkt nach dem Reboot startet die Shorewall nicht, trotz:

Code: Alles auswählen

 cat /etc/default/shorewall 
# prevent startup with default configuration
# set the following variable to 1 in order to allow Shorewall to start

startup=1

Aber, jetzt habe ich das Problem vielleicht echt gefunden. Der Service "shorewall.service" war nicht "enabled" nach der Paketinstallation. Jetzt klappt es im Moment.

[Njuguna]

Aber, jetzt habe ich das Problem vielleicht echt gefunden. Der Service "shorewall.service" war nicht "enabled" nach der Paketinstallation. Jetzt klappt es im Moment.

Nein, das war's doch nicht. Zwischen 12:51 und 13:02 ist das NAT wieder ausgefallen. Ich hatte einen Cronjob alle 10 Minuten in Richtung Mailserver laufen

Code: Alles auswählen

ssh: connect to host xxx.yy.zz.70 port 52070: Connection timed out
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(231) [sender=3.2.7]

Das ist wirklich komisch. Beides shorewall und shorewall.service liefen noch.

[Njuguna]

Ich muss folgendes Procedere durchziehen, damit alles wieder funktioniert:

Code: Alles auswählen

cp interfaces.bak3 interfaces  #komplett andere Konfiguration
systemctl restart networking.service 
reboot

Nach Reboot funktioniert noch nichts. Dann

Code: Alles auswählen

cp interfaces.bak interfaces  # die funktionierende Konfiguration
systemctl restart networking.service 
reboot

Jetzt funktioniert das NAT wieder. Das ist aber keine sinnvolle Situation.

[Njuguna]

Nach 2:22 Stunden ist wieder timeout