Cannot ping own public IPs from private network

[JackTheKnife]

All my servers are behind 1:1 NAT. I can ping IP of Google or Yahoo but I'm not able to ping any of my public IPs which are behind NAT from same private network.

For an example my server A has private IP 10.38.10.10 and public IP A.B.C.D and server B has private IP 10.38.10.11 and public IP X.Y.Z.Q From 10.38.10.10 I can ping 10.38.10.11 but when I try to ping A.B.C.D and vice versa it doesn't work. Also when I'm somewhere on the internet I can ping A.B.C.D or X.Y.Z.Q without any problem.

Any idea what is going on?


Thanks

 

[Innocence]

Is it all coming out the same router? Any system connecting back to it's own interface (with alias IPs, etc) is generally not going to work so hot. Depends a lot on what you're running.

 

[JackTheKnife]

Yes - all servers use same router from a data center. Between our servers and that router there is SonicWall NSA 2400

 

[Biznatch]

Is this done with 2 network adapters, 1 public 1 private? Are the public on the same switch?

 

[JackTheKnife]

- 2 network adapters but "bonded" for failover
- both are on 1:1 NAT (1 public to 1 private)
- public are on same switch

 

[Biznatch]

What switch? My guess is the switch only has a single entry for each adapter with the private IP. The pings for the public IP are going to the router instead of server B.

 

[JackTheKnife]

Well - there are two switches:
- Netgear DS524 between router and firewall
- HP V1910-24G between firewall and servers

Also I can ping router from Server A or Server B (router is in the same public IP range as both servers) but I cannot ping firewall (same public IP range). Does it means that router is not allowing to ping from private range own public IPs or Netgear switch is not good choice?

 

[mwarps]

Your router isn't allowing the "NAT redirection" (what it's called on Linksys home routers). meaning it's seeing a request for its front side IP from the back side, and it's dropping the packet. You need to configure the router (or the Sonicwall, that could be doing it too) to allow the traffic.

 

[mwarps]

What switch? My guess is the switch only has a single entry for each adapter with the private IP. The pings for the public IP are going to the router instead of server B.

There is only one IP active on the back end of the network for each. That's why it's called a NAT.

The router is supposed to rewrite the packet for the back end network.

The switches have nothing to do with it.

The pings ARE going to the router, however... But the router is dropping them on the floor.

 

[JackTheKnife]

Well, router is owned by a data center so I cannot do much there. Also I have connected regular Linksys router to the Netgear switch (is before SonicWall) and gave public IP to it, to see if issue is on a firewall. I can ping Linksys from the internet but not from Server A or B using public IP.