Re: [Efw-user] OpenVPN Net2Net routed mode not routing

Lane.Beneke Sat, 12 Apr 2008 12:39:39 -0700

Well, I spent some time with the firewall this weekend, and no joy.

Changing DHCP to be served by the EFW made no difference.  The route
pushed out simply pointed to the EFW as the default route.  Nothing
special there, but still no ping.


Dual connections with a branch_fw client connecting to the main_fw
server, and a main_fw client connecting to the branch_fw server were
created.  Still no ping.

The branch_fw's drives were completely wiped and EFW reinstalled and
reconfigured.  Still no ping.

At this point, by process of elimination, it would appear that EFW is
refusing to route to the main_fw's network because the addresses are
public rather than private.  Here is some info from the branch_fw
configuration.  I've included output from ifconfig, route, ping, and
traceroute.

-----------------------------------------------------

[EMAIL PROTECTED]:~ # ifconfig
br0       Link encap:Ethernet  HWaddr 00:13:20:36:BB:C2
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2835 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1245 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:207066 (202.2 KiB)  TX bytes:244570 (238.8 KiB)

eth0      Link encap:Ethernet  HWaddr 00:13:20:36:BB:C2
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:2837 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1245 errors:0 dropped:0 overruns:0 carrier:10
          collisions:11 txqueuelen:1000
          RX bytes:250527 (244.6 KiB)  TX bytes:244570 (238.8 KiB)

eth1      Link encap:Ethernet  HWaddr 00:03:47:42:9D:7C
          inet addr:22.22.22.22  Bcast:22.22.22.23  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5241 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1422 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:734722 (717.5 KiB)  TX bytes:175164 (171.0 KiB)

eth2      Link encap:Ethernet  HWaddr 00:03:47:42:9D:7D
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:135 errors:0 dropped:0 overruns:0 frame:0
          TX packets:135 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:12739 (12.4 KiB)  TX bytes:12739 (12.4 KiB)

tap1      Link encap:Ethernet  HWaddr 00:FF:CD:10:C6:BD
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:922 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:61941 (60.4 KiB)

tap2      Link encap:Ethernet  HWaddr 00:FF:AC:9C:34:2C
          inet addr:194.0.0.166  Bcast:194.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4225 errors:0 dropped:0 overruns:0 frame:0
          TX packets:488 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:417192 (407.4 KiB)  TX bytes:34650 (33.8 KiB)

[EMAIL PROTECTED]:~ # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
22.22.22.22     *               255.255.255.248 U     0      0        0
eth1
10.0.0.0        *               255.255.255.0   U     0      0        0
br0
194.0.0.0       *               255.255.255.0   U     0      0        0
tap2
default         22.22.22.20     0.0.0.0         UG    0      0        0
eth1

[EMAIL PROTECTED]:~ # ping 194.0.0.252
PING 194.0.0.252 (194.0.0.252) 56(84) bytes of data.
64 bytes from 194.0.0.252: icmp_seq=0 ttl=128 time=73.0 ms
64 bytes from 194.0.0.252: icmp_seq=1 ttl=128 time=71.8 ms
64 bytes from 194.0.0.252: icmp_seq=2 ttl=128 time=78.0 ms

--- 194.0.0.252 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 71.863/74.311/78.043/2.690 ms, pipe 2

[EMAIL PROTECTED]:~ # traceroute 194.0.0.252
traceroute to 194.0.0.252 (194.0.0.252), 30 hops max, 38 byte packets
 1  194.0.0.252 (194.0.0.252)  77.268 ms  74.136 ms  71.854 ms

-----------------------------------------------------

And here is the information from a Windows XP machine on the 10.0.0.0
network.  Included is route print, ping, and tracert.

-----------------------------------------------------

C:\Documents and Settings\laneb>route print
========================================================================
===
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 de b5 05 8b ...... Intel(R) PRO/Wireless 3945ABG Network
Connection - Packet Scheduler Miniport
0x3 ...00 16 36 b3 d5 a2 ...... Intel(R) PRO/100 VE Network Connection -
Packet Scheduler Miniport
0x4 ...00 ff c7 3c 56 ae ...... TAP-Win32 Adapter V8 - Packet Scheduler
Miniport
========================================================================
===
========================================================================
===
Active Routes:
Network Destination        Netmask          Gateway       Interface
Metric
          0.0.0.0          0.0.0.0         10.0.0.1      10.0.0.100
30
         10.0.0.0    255.255.255.0       10.0.0.100      10.0.0.100
30
       10.0.0.100  255.255.255.255        127.0.0.1       127.0.0.1
30
   10.255.255.255  255.255.255.255       10.0.0.100      10.0.0.100
30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1
1
        224.0.0.0        240.0.0.0       10.0.0.100      10.0.0.100
30
  255.255.255.255  255.255.255.255       10.0.0.100               2
1
  255.255.255.255  255.255.255.255       10.0.0.100      10.0.0.100
1
  255.255.255.255  255.255.255.255       10.0.0.100               4
1
Default Gateway:          10.0.0.1
========================================================================
===
Persistent Routes:
  None

C:\Documents and Settings\laneb>ping 194.0.0.252

Pinging 194.0.0.252 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 194.0.0.252:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Documents and Settings\laneb>tracert 194.0.0.252

Tracing route to spcsrv2.spcdomain.local [194.0.0.252]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.0.0.1
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5  ^C

-----------------------------------------------------

Any thoughts you have would be appreciated.  If this cannot be resolved
I'll have to scrap EFW, which I really don't want to do.

Thanks,
Lane Beneke

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user

Re: [Efw-user] OpenVPN Net2Net routed mode not routing

Reply via email to