VMWare ESXi virtual machine can contact the gateway but not the DNS server

by

I am having a bit of a strange issue. I have a VMWare ESXi server with two virtual machines running on it. They are running just fine and can communicate on the network without a problem.

I am now trying to add a third. I am installing Ubuntu 8.04 Server. I assign it a static IP address and it’s a fresh installation. Once installed I can ping the gateway but I cannot ping the DNS server. It’s on the same network with the other two VMs which are communicating just fine. I have tried to reinstall the operating system but it still fails to connect.

Here is /etc/network/interfaces

auto eth0
iface eth0 inet static
    address 192.168.1.23
    netmask 255.255.255.0
    network 192.168.1.0
    broadcast 192.168.1.255
    gateway 192.168.1.1
    dns-nameservers 208.67.222.222 #opendns
    dns-search mydomain.com

Here is route

Destination | Gateway     | Genmask       | Flags | Metric | Ref | Use | Iface
localnet    | *           | 255.255.255.0 | U     | 0      | 0   | 0   | eth0
default     | 192.168.1.1 | 0.0.0.0       | UG    | 100    | 0   | 0   | eth0

Since I’m running this behind a FortiGate this is what the sniff command gives me when I try to ping 208.67.222.222

arp who-has 192.168.1.1 tell 192.168.1.23
arp reply 192.168.1.1 is-at MAC
192.168.1.23 -> 208.67.222.222: icmp: echo request
192.168.1.23 -> 208.67.222.222: icmp: echo request
192.168.1.23 -> 208.67.222.222: icmp: echo request
192.168.1.23 -> 208.67.222.222: icmp: echo request
192.168.1.23 -> 208.67.222.222: icmp: echo request

As you can see it looks like I never get a response. One interesting thing I notice is the arp reply’s MAC doesn’t look right. I have cleared the FortiGate’s ARP cache though and checked the entry and it seems correct. The MAC it lists is the one for the router. However if I ping from a different virtual machine that is also Ubuntu 8.04 with a nearly identical configuration I get this.

192.168.1.22 -> 208.67.222.222: icmp: echo request
208.67.222.222 -> 192.168.1.22: icmp: echo reply
192.168.1.22 -> 208.67.222.222: icmp: echo request
208.67.222.222 -> 192.168.1.22: icmp: echo reply
192.168.1.22 -> 208.67.222.222: icmp: echo request
208.67.222.222 -> 192.168.1.22: icmp: echo reply

So, what could I be missing?

Thanks.

Answer

arp who-has 192.168.1.1 tell 192.168.1.23
arp reply 192.168.1.1 is-at MAC

the arp reply’s MAC doesn’t look
right. … The MAC it lists
is the one for the router

As it should. The VM asked for the MAC address of the router.

I’m guessing something on the FortiGate is setup wrong.

Can you swap the addresses on 192.168.1.22 and 192.168.1.23? one of two things will happen:

  1. The problem follows .22
  2. .22 works on the other machine and the new machine does not work with .23 either

also, can 192.168.1.22 ping 192.168.1.23? can 192.168.1.23 ping 192.168.1.22? I’m sure they can, but every bit of information helps.

one more thing, does that sniff command on the Fortigate let you specify the interface? Can you do a capture on the external interface?

you should see something like

your.ip.address. -> 208.67.222.222: icmp: echo request
208.67.222.222 -> your.ip.address: icmp: echo reply

Attribution
Source : Link , Question Author : Nathan Palmer , Answer Author : Justin

Leave a Comment