Hi All,

I am sitting with the following issue. I have 2x servers. One if on a public IP (ex. 100.100.100.100) and one on a private network (ex. 200.200.200.200), with internet breakout. My private servers cannot ping the public server (Firewalled on both instances) but I can ping the GW of the public server (This just proves that I do have comms to the subnet)

My public server does have an interface on the private server subnet (200.200.200.201), which usually makes inter-server comms possible. Due to some software restrictions, the API from my private server is contacting my public server to the public IP, but this isnt working.. This is not ICMP related problem though.

On the public server I have a route for ex. 200.200.200.0/24, which will route the private subnet between all my servers. It does seem though that when my 200.200.200.200 server routes to 100.100.100.100, this route is interfering with the return traffic. As soon as I remove the 200.200.200.0 route from my public server, connection is restored.

Even though my public / private network can route between each other (Physical Firewall between the networks), this is not correct process. This used to work fine when all these servers were on OL 7.9 (Still have servers on 7.9 with the same network logic, which are working just fine). These machines are on OL 8.9.

Firewalld is disabled on both these servers.

Anyone have an idea of where I can start?

Thanks

Are both servers connected to a common internet gateway? I would prefer that you had shown real private IPs at least. Left to speculate a bit here, since you haven't shown actual topology.

From your description, the server behind the internet GW tries to connect with another server connected directly to the public internet
SERVER 1<private IP>---<private IP router>INTERNET GW ROUTER<public GW IP>------<public IP server>SERVER 2
When it does so it's private IP will undergo NAT to to appear as coming from the 'public GW IP', so return traffic should come back to that IP address and the GW router takes care of forwarding the traffic to the server. You should show traceroute results from both servers.

Does the public server connect to the gateway directly? Is there any device between the two machines?