Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Hetzner: server is reflecting packets destined to your additional IPs back to the gateway.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Hetzner: server is reflecting packets destined to your additional IPs back to the gateway.

I've just received an email from hetzner like the following. I've tried to search through google but having absolutely no idea on whats going on.

All I currently know is the new ip I've brought is still new and haven't assign to any kvm yet

new ip:
65.108.16.235
65.108.16.236

Does anybody know what's happening? Thanks

Email:


Unfortunately we have had to lock the IP address(es) below due to network issues.

We have noticed that your server is reflecting packets destined to your additional IPs back to the gateway.

We have therefore deactivated your server as a precautionary measure.

See the log history attached at the end of this email.

2022-08-10 19:28:29 213.133.119.7 info local3 fpc11 PFE_FW_SYSLOG_ETH_IP: FW:
et-101/0/1.100 D 0064:0800 6c:b3:11:07:27:a0 -> 00:cc:34:21:b4:3a tcp
103.133.105.59 65.108.16.235 42205 82 (1 packets)
2022-08-10 19:28:29 213.133.119.7 info local3 fpc0 PFE_FW_SYSLOG_ETH_IP: FW:
et-101/0/1.100 D 0064:0800 6c:b3:11:07:27:a0 -> 00:cc:34:21:b4:3a tcp
103.133.105.59 65.108.16.235 42205 12542 (1 packets)
2022-08-10 19:28:29 213.133.119.7 info local3 fpc0 PFE_FW_SYSLOG_ETH_IP: FW:
et-101/0/1.100 D 0064:0800 6c:b3:11:07:27:a0 -> 00:cc:34:21:b4:3a tcp
192.241.222.118 65.108.16.236 52169 808 (1 packets)

Comments

  • How did you add the IPs to the server to begin with? Do you have ip_forward enabled?
    cat /proc/sys/net/ipv4/ip_forward

  • @luckypenguin said:
    How did you add the IPs to the server to begin with? Do you have ip_forward enabled?
    cat /proc/sys/net/ipv4/ip_forward

    I haven't add those IP yet. Just brought them but haven't start using them. Normally I'll create a kvm with a corresponding mac address so Hetzner will assign the IP to the kvm. But I've just brought a few new ips but haven't create any kvm using it yet

  • jtkjtk Member

    What does your networking config look like? Interfaces, addressing, masks, and routes for example.

  • @jtk said:
    What does your networking config look like? Interfaces, addressing, masks, and routes for example.

    source /etc/network/interfaces.d/*

    auto lo
    iface lo inet loopback

    iface lo inet6 loopback

    iface enp1s0 inet manual

    auto vmbr0
    iface vmbr0 inet static
    address [main ip...the one being banned]/26
    gateway 65.21.127.193
    bridge_ports enp1s0
    bridge_stp off
    bridge_fd 1
    bridge_hello 2
    bridge_maxage 12

    Mac Bind Address

    iface enp1s0 inet6 static
    address 2a01:4f9:3b:578b::2/64
    gateway fe80::1

    auto vmbr1
    iface vmbr1 inet static
    address 10.0.0.1
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr1/proxy_arp
    post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -j MASQUERADE

    NAT Passthrough

  • ralfralf Member
    edited August 2022

    Firstly, you should probably ask a mod to edit your first post to remove your IP addresses.

    @MixWP said:

    address [main ip...the one being banned]/26
    gateway 65.21.127.193
    

    This means that the subnet is a /26, not that you are claiming the whole /26

    For each additional IP, you'd want something like this:

    iface vmbr0:1
        address extra_ip1
    
    iface vmbr0:2
        address extra_ip2
    

    Otherwise, yes, exactly as per the ticket, your machine will just be sending those packets back to the gateway (assuming you have forwarding enabled).

    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    

    Which you do.

  • @ralf said:
    Firstly, you should probably ask a mod to edit your first post to remove your IP addresses.

    @MixWP said:

    address [main ip...the one being banned]/26
    gateway 65.21.127.193
    

    This means that the subnet is a /26, not that you are claiming the whole /26

    For each additional IP, you'd want something like this:

    iface vmbr0:1
        address extra_ip1
    
    iface vmbr0:2
        address extra_ip2
    

    Otherwise, yes, exactly as per the ticket, your machine will just be sending those packets back to the gateway (assuming you have forwarding enabled).

    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    

    Which you do.

    But if I assigned all the ip address to kvm with mac address, will it solve this problem? Since I've never got this problem on my old server

  • jmgcaguiclajmgcaguicla Member
    edited August 2022

    @MixWP said:
    But if I assigned all the ip address to kvm with mac address, will it solve this problem? Since I've never got this problem on my old server

    Yes (generally, unless you have some weird ass routing setup).

    You're reflecting back the packets being sent to those IPs because your machine isn't configured to handle packets for those (e.g. it isn't assigned to any interface) and since you have forwarding setup it just yeets it back out the configured route which is usually the default gateway.

    Thanked by 1Falzo
Sign In or Register to comment.