Re: Quick Routing Question
Jason Morgan [EMAIL PROTECTED] wrote: I am setting up a wireless subnet and, while the gateway (FreeBSD system) is communicating fine with the wireless router, my other subnet is not able to connect to the wireless router. Here is a diagram of my network, I think it's fairly typical. Wired Subnet (10.0.0.x) / / Internet -- FreeBSD Machine \ \ Wireless Subnet (192.168.1.x) The 'wired' interface on the FreeBSD machine has an IP of 10.0.0.1, with the 'wireless' IP being 192.168.1.1. Now, the FreeBSD machine and the wireless router (192.168.1.2) communicate fine as does the wired subnet; however, I am not able to connect from a 10.0.0.x client to the wireless router. After running traceroute, etc, it seems that the FreeBSD machine is simply not routing the data from one subnet to the other. I've verified that it's not the firewall blocking packets. How do I get these subnets to communicate? Did you put gateway_enable=YES in rc.conf? Did you read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html? Fabian -- http://www.fabiankeil.de/ pgpKy9iNTkdy8.pgp Description: PGP signature
RE: Quick Routing Question
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fabian Keil Sent: Tuesday, November 01, 2005 5:58 AM To: Jason Morgan Cc: FreeBSD Questions Subject: Re: Quick Routing Question Jason Morgan [EMAIL PROTECTED] wrote: I am setting up a wireless subnet and, while the gateway (FreeBSD system) is communicating fine with the wireless router, my other subnet is not able to connect to the wireless router. Here is a diagram of my network, I think it's fairly typical. Wired Subnet (10.0.0.x) / / Internet -- FreeBSD Machine \ \ Wireless Subnet (192.168.1.x) The 'wired' interface on the FreeBSD machine has an IP of 10.0.0.1, with the 'wireless' IP being 192.168.1.1. Now, the FreeBSD machine and the wireless router (192.168.1.2) communicate fine as does the wired subnet; however, I am not able to connect from a 10.0.0.x client to the wireless router. After running traceroute, etc, it seems that the FreeBSD machine is simply not routing the data from one subnet to the other. I've verified that it's not the firewall blocking packets. How do I get these subnets to communicate? Did you put gateway_enable=YES in rc.conf? Did you read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/net work-routing.html? Also, what does: # netstat -rn ...output? Steve Fabian -- http://www.fabiankeil.de/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Tue, Nov 01, 2005 at 09:03:11AM -0500, Steve Bertrand wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fabian Keil Sent: Tuesday, November 01, 2005 5:58 AM To: Jason Morgan Cc: FreeBSD Questions Subject: Re: Quick Routing Question Jason Morgan [EMAIL PROTECTED] wrote: I am setting up a wireless subnet and, while the gateway (FreeBSD system) is communicating fine with the wireless router, my other subnet is not able to connect to the wireless router. Here is a diagram of my network, I think it's fairly typical. Wired Subnet (10.0.0.x) / / Internet -- FreeBSD Machine \ \ Wireless Subnet (192.168.1.x) The 'wired' interface on the FreeBSD machine has an IP of 10.0.0.1, with the 'wireless' IP being 192.168.1.1. Now, the FreeBSD machine and the wireless router (192.168.1.2) communicate fine as does the wired subnet; however, I am not able to connect from a 10.0.0.x client to the wireless router. After running traceroute, etc, it seems that the FreeBSD machine is simply not routing the data from one subnet to the other. I've verified that it's not the firewall blocking packets. How do I get these subnets to communicate? Did you put gateway_enable=YES in rc.conf? Did you read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/net work-routing.html? Yes, the FreeBSD machine has been acting as a router/gateway/firewall for the wired network for quite some time. I did look at the handbook, that's usually my first stop. Also, what does: # netstat -rn ...output? # netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default70.183.13.193 UGS 024701xl0 10/24 link#3 UC 00 fxp0 10.0.0.1 00:d0:b7:44:f9:c6 UHLW0 903lo0 10.0.0.2 00:50:8d:e5:a5:41 UHLW0 322468 fxp0572 10.0.0.4 00:e0:98:04:01:f6 UHLW0 1131 fxp0 1140 70.183.13.192/26 link#2 UC 00xl0 70.183.13.193 00:13:5f:00:f0:ee UHLW10xl0 1188 70.183.13.213 00:50:04:cf:52:8a UHLW0 18lo0 127.0.0.1 127.0.0.1 UH 00lo0 192.168.1 link#1 UC 00dc0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%dc0/64 link#1 UC dc0 fe80::204:5aff:fe42:5084%dc0 00:04:5a:42:50:84UHLlo0 fe80::%xl0/64 link#2 UC xl0 fe80::250:4ff:fecf:528a%xl0 00:50:04:cf:52:8aUHLlo0 fe80::%fxp0/64link#3 UC fxp0 fe80::2d0:b7ff:fe44:f9c6%fxp0 00:d0:b7:44:f9:c6UHLlo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#4 UHLlo0 ff01::/32 ::1 U lo0 ff02::%dc0/32 link#1 UC dc0 ff02::%xl0/32 link#2 UC xl0 ff02::%fxp0/32link#3 UC fxp0 ff02::%lo0/32 ::1 UC lo0 Also, made one small error in my initial post. The wireless router has IP 192.168.1.1 and the server's 'wireless' interface is 192.168.1.2 (going to switch these as soon as I get access to the wireless router settings). I've tried setting static routes between various interfaces on the FreeBSD machine, it hasn't worked, but I may be doing it wrong. I thought routed should take care of this dynamically, but I'm a bit unsure about that. Steve Fabian -- http://www.fabiankeil.de/ Thanks alot for the replies. I appreciate it. Jason ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
At 06:34 AM 11/1/2005, Jason Morgan wrote: On Tue, Nov 01, 2005 at 09:03:11AM -0500, Steve Bertrand wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fabian Keil Sent: Tuesday, November 01, 2005 5:58 AM To: Jason Morgan Cc: FreeBSD Questions Subject: Re: Quick Routing Question Jason Morgan [EMAIL PROTECTED] wrote: I am setting up a wireless subnet and, while the gateway (FreeBSD system) is communicating fine with the wireless router, my other subnet is not able to connect to the wireless router. Here is a diagram of my network, I think it's fairly typical. Wired Subnet (10.0.0.x) / / Internet -- FreeBSD Machine \ \ Wireless Subnet (192.168.1.x) The 'wired' interface on the FreeBSD machine has an IP of 10.0.0.1, with the 'wireless' IP being 192.168.1.1. Now, the FreeBSD machine and the wireless router (192.168.1.2) communicate fine as does the wired subnet; however, I am not able to connect from a 10.0.0.x client to the wireless router. After running traceroute, etc, it seems that the FreeBSD machine is simply not routing the data from one subnet to the other. I've verified that it's not the firewall blocking packets. How do I get these subnets to communicate? Did you put gateway_enable=YES in rc.conf? Did you read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/nethttp://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/net work-routing.html? Yes, the FreeBSD machine has been acting as a router/gateway/firewall for the wired network for quite some time. I did look at the handbook, that's usually my first stop. Also, what does: # netstat -rn ...output? # netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default70.183.13.193 UGS 024701xl0 10/24 link#3 UC 00 fxp0 10.0.0.1 00:d0:b7:44:f9:c6 UHLW0 903lo0 10.0.0.2 00:50:8d:e5:a5:41 UHLW0 322468 fxp0572 10.0.0.4 00:e0:98:04:01:f6 UHLW0 1131 fxp0 1140 70.183.13.192/26 link#2 UC 00xl0 70.183.13.193 00:13:5f:00:f0:ee UHLW10xl0 1188 70.183.13.213 00:50:04:cf:52:8a UHLW0 18lo0 127.0.0.1 127.0.0.1 UH 00lo0 192.168.1 link#1 UC 00dc0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%dc0/64 link#1 UC dc0 fe80::204:5aff:fe42:5084%dc0 00:04:5a:42:50:84UHLlo0 fe80::%xl0/64 link#2 UC xl0 fe80::250:4ff:fecf:528a%xl0 00:50:04:cf:52:8aUHLlo0 fe80::%fxp0/64link#3 UC fxp0 fe80::2d0:b7ff:fe44:f9c6%fxp0 00:d0:b7:44:f9:c6UHLlo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#4 UHLlo0 ff01::/32 ::1 U lo0 ff02::%dc0/32 link#1 UC dc0 ff02::%xl0/32 link#2 UC xl0 ff02::%fxp0/32link#3 UC fxp0 ff02::%lo0/32 ::1 UC lo0 Also, made one small error in my initial post. The wireless router has IP 192.168.1.1 and the server's 'wireless' interface is 192.168.1.2 (going to switch these as soon as I get access to the wireless router settings). I've tried setting static routes between various interfaces on the FreeBSD machine, it hasn't worked, but I may be doing it wrong. I thought routed should take care of this dynamically, but I'm a bit unsure about that. This sounds a lot like the freebsd machine does not know how to route packets to the other side of the wireless router. Just to confirm how things are connected, ignoring the wired net for a moment, it sounds like you have something like this: internet -- A -- freebsd machine -- B -- wireless router/AP -- C -- wireless device You mention that the addresses in use for what I have marked as 'B' above, are 192.168.1.1 and 192.168.1.2. What about the other side of the wireless router/AP? What IP's are being used for the wireless devices? If those IP's are not in the same net as 'B' you'll need a static route in the freebsd machine so it knows to send packets for the 'C' network to the wireless router/AP. However, if the wireless router/AP is acting as a bridge, and the same
RE: Quick Routing Question
Do you have gateway_enable=YES in your rc.conf? Brian E. Conklin, MCP+I, MCSE Director of Information Services Mason General Hospital http://www.masongeneral.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Morgan Sent: Monday, October 31, 2005 9:42 PM To: FreeBSD Questions Subject: Quick Routing Question I am setting up a wireless subnet and, while the gateway (FreeBSD system) is communicating fine with the wireless router, my other subnet is not able to connect to the wireless router. Here is a diagram of my network, I think it's fairly typical. Wired Subnet (10.0.0.x) / / Internet -- FreeBSD Machine \ \ Wireless Subnet (192.168.1.x) The 'wired' interface on the FreeBSD machine has an IP of 10.0.0.1, with the 'wireless' IP being 192.168.1.1. Now, the FreeBSD machine and the wireless router (192.168.1.2) communicate fine as does the wired subnet; however, I am not able to connect from a 10.0.0.x client to the wireless router. After running traceroute, etc, it seems that the FreeBSD machine is simply not routing the data from one subnet to the other. I've verified that it's not the firewall blocking packets. How do I get these subnets to communicate? Thanks, Jason ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] = Mason General Hospital 901 Mt. View Drive PO Box 1668 Shelton, WA 98584 http://www.masongeneral.com (360) 426-1611 = This message is intended for the sole use of the individual and entity to whom it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee nor authorized to receive for the addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone this message or any information contained in the message. If you have received this message in error, please immediately notify the sender and delete the message. Replying to this message constitutes consent to electronic monitoring of this message. Thank you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Quick Routing Question
DestinationGatewayFlagsRefs Use Netif Expire default70.183.13.193 UGS 024701xl0 10/24 link#3 UC 00 fxp0 10.0.0.1 00:d0:b7:44:f9:c6 UHLW0 903lo0 10.0.0.2 00:50:8d:e5:a5:41 UHLW0 322468 fxp0572 10.0.0.4 00:e0:98:04:01:f6 UHLW0 1131 fxp0 1140 70.183.13.192/26 link#2 UC 00xl0 70.183.13.193 00:13:5f:00:f0:ee UHLW10 xl0 1188 70.183.13.213 00:50:04:cf:52:8a UHLW0 18lo0 127.0.0.1 127.0.0.1 UH 00lo0 192.168.1 link#1 UC 00dc0 Ok, this looks ok. The 10/24 network *should* be able to see/route anything back and forth to the 192.168.1/24 network without difficulty. Now, I can't remember if you said how this was cabled, but this is how I set up my wifi networks: - plug the wireless network interface in the FBSD router into one of the LAN switch ports on the wireless AP/router (if indeed it is a router). The IP address on the LAN side of the AP is irrelevant, so long as you don't conflict with another IP. - Give the wireless laptop a static IP inside the wireless IP subnet - Have nothing plugged into the WAN side of the wireless AP, as you don't want routing with that unit, you just want a layer-2 (bridged/switched) AP. - effectively, if you have wireless connectivity from the laptop to the AP, you should be able to ping the FW, and vice-versa If it doesn't work, cable up the laptop to the LAN side of the AP, ensuring it has a proper IP in the wifi range, and then ping. If all else fails, set up a round of say 100 pings from the laptop to the FBSD box, and on the FBSD box, do this: # tcpdump -n -i fxp0 where fxp0 is the interface the AP is plugged into. This will show you first, if the pings are getting from the wifi subnet to the FBSD box, and also if they are being returned. Inbound pings but no outbound pings could indicate a deeper routing issue or FW issue. No inbound pings could indicate a problem with IP allocation or subnet issues. tcpdump (1) is a great tool, and may even help further troubleshoot the issue. If you can ping from wifi to FBSD wifi interface, then push the scope of the test further, trying to ping the cabled side of the FBSD box. let us know what you find, as the more detail we have after certain tests, will enable us to provide further recommendations. Also, an ifconfig output could help too, so long everything is all connected. Regards, Steve Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%dc0/64 link#1 UC dc0 fe80::204:5aff:fe42:5084%dc0 00:04:5a:42:50:84UHLlo0 fe80::%xl0/64 link#2 UC xl0 fe80::250:4ff:fecf:528a%xl0 00:50:04:cf:52:8aUHLlo0 fe80::%fxp0/64link#3 UC fxp0 fe80::2d0:b7ff:fe44:f9c6%fxp0 00:d0:b7:44:f9:c6UHLlo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#4 UHLlo0 ff01::/32 ::1 U lo0 ff02::%dc0/32 link#1 UC dc0 ff02::%xl0/32 link#2 UC xl0 ff02::%fxp0/32link#3 UC fxp0 ff02::%lo0/32 ::1 UC lo0 Also, made one small error in my initial post. The wireless router has IP 192.168.1.1 and the server's 'wireless' interface is 192.168.1.2 (going to switch these as soon as I get access to the wireless router settings). I've tried setting static routes between various interfaces on the FreeBSD machine, it hasn't worked, but I may be doing it wrong. I thought routed should take care of this dynamically, but I'm a bit unsure about that. Steve Fabian -- http://www.fabiankeil.de/ Thanks alot for the replies. I appreciate it. Jason ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Tue, Nov 01, 2005 at 07:03:26AM -0800, Brian E. Conklin wrote: Do you have gateway_enable=YES in your rc.conf? Yes, I do. The FreeBSD works fine for routing to the outside, it's between the subnets where I run into issues. Brian E. Conklin, MCP+I, MCSE Director of Information Services Mason General Hospital http://www.masongeneral.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Morgan Sent: Monday, October 31, 2005 9:42 PM To: FreeBSD Questions Subject: Quick Routing Question I am setting up a wireless subnet and, while the gateway (FreeBSD system) is communicating fine with the wireless router, my other subnet is not able to connect to the wireless router. Here is a diagram of my network, I think it's fairly typical. Wired Subnet (10.0.0.x) / / Internet -- FreeBSD Machine \ \ Wireless Subnet (192.168.1.x) The 'wired' interface on the FreeBSD machine has an IP of 10.0.0.1, with the 'wireless' IP being 192.168.1.1. Now, the FreeBSD machine and the wireless router (192.168.1.2) communicate fine as does the wired subnet; however, I am not able to connect from a 10.0.0.x client to the wireless router. After running traceroute, etc, it seems that the FreeBSD machine is simply not routing the data from one subnet to the other. I've verified that it's not the firewall blocking packets. How do I get these subnets to communicate? Thanks, Jason ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] = Mason General Hospital 901 Mt. View Drive PO Box 1668 Shelton, WA 98584 http://www.masongeneral.com (360) 426-1611 = This message is intended for the sole use of the individual and entity to whom it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee nor authorized to receive for the addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone this message or any information contained in the message. If you have received this message in error, please immediately notify the sender and delete the message. Replying to this message constitutes consent to electronic monitoring of this message. Thank you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Tue, Nov 01, 2005 at 10:25:25AM -0500, Steve Bertrand wrote: DestinationGatewayFlagsRefs Use Netif Expire default70.183.13.193 UGS 024701xl0 10/24 link#3 UC 00 fxp0 10.0.0.1 00:d0:b7:44:f9:c6 UHLW0 903lo0 10.0.0.2 00:50:8d:e5:a5:41 UHLW0 322468 fxp0572 10.0.0.4 00:e0:98:04:01:f6 UHLW0 1131 fxp0 1140 70.183.13.192/26 link#2 UC 00xl0 70.183.13.193 00:13:5f:00:f0:ee UHLW10 xl0 1188 70.183.13.213 00:50:04:cf:52:8a UHLW0 18lo0 127.0.0.1 127.0.0.1 UH 00lo0 192.168.1 link#1 UC 00dc0 Ok, this looks ok. The 10/24 network *should* be able to see/route anything back and forth to the 192.168.1/24 network without difficulty. Now, I can't remember if you said how this was cabled, but this is how I set up my wifi networks: - plug the wireless network interface in the FBSD router into one of the LAN switch ports on the wireless AP/router (if indeed it is a router). The IP address on the LAN side of the AP is irrelevant, so long as you don't conflict with another IP. Yes, that's what I've done. - Give the wireless laptop a static IP inside the wireless IP subnet As soon as I can get the Linksys set up, I will. - Have nothing plugged into the WAN side of the wireless AP, as you don't want routing with that unit, you just want a layer-2 (bridged/switched) AP. Correct. - effectively, if you have wireless connectivity from the laptop to the AP, you should be able to ping the FW, and vice-versa Checking to make sure the wireless router is routing now, but I can ping from the FreeBSD gateway to the router (as well as hit the web setup with lynx). If it doesn't work, cable up the laptop to the LAN side of the AP, ensuring it has a proper IP in the wifi range, and then ping. If all else fails, set up a round of say 100 pings from the laptop to the FBSD box, and on the FBSD box, do this: # tcpdump -n -i fxp0 where fxp0 is the interface the AP is plugged into. This will show you first, if the pings are getting from the wifi subnet to the FBSD box, and also if they are being returned. Inbound pings but no outbound pings could indicate a deeper routing issue or FW issue. No inbound pings could indicate a problem with IP allocation or subnet issues. tcpdump (1) is a great tool, and may even help further troubleshoot the issue. Thanks for the suggestions. Never played with tcpdump before. If you can ping from wifi to FBSD wifi interface, then push the scope of the test further, trying to ping the cabled side of the FBSD box. let us know what you find, as the more detail we have after certain tests, will enable us to provide further recommendations. Also, an ifconfig output could help too, so long everything is all connected. I'll move a client from the 'wired' side to the 'wireless' side here shortly. Thanks for the help. -Jason Regards, Steve Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%dc0/64 link#1 UC dc0 fe80::204:5aff:fe42:5084%dc0 00:04:5a:42:50:84UHLlo0 fe80::%xl0/64 link#2 UC xl0 fe80::250:4ff:fecf:528a%xl0 00:50:04:cf:52:8aUHLlo0 fe80::%fxp0/64link#3 UC fxp0 fe80::2d0:b7ff:fe44:f9c6%fxp0 00:d0:b7:44:f9:c6UHLlo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#4 UHLlo0 ff01::/32 ::1 U lo0 ff02::%dc0/32 link#1 UC dc0 ff02::%xl0/32 link#2 UC xl0 ff02::%fxp0/32link#3 UC fxp0 ff02::%lo0/32 ::1 UC lo0 Also, made one small error in my initial post. The wireless router has IP 192.168.1.1 and the server's 'wireless' interface is 192.168.1.2 (going to switch these as soon as I get access to the wireless router settings). I've tried setting static routes between various interfaces on the FreeBSD machine, it hasn't worked, but I may be doing it wrong. I thought routed should take care of this dynamically, but I'm a bit unsure about that. Steve Fabian -- http://www.fabiankeil.de/ Thanks alot for the replies. I appreciate it. Jason ___ freebsd-questions@freebsd.org mailing list
RE: Quick Routing Question
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Morgan Sent: Tuesday, November 01, 2005 11:03 AM To: FreeBSD Questions Subject: Re: Quick Routing Question On Tue, Nov 01, 2005 at 10:25:25AM -0500, Steve Bertrand wrote: DestinationGatewayFlagsRefs Use Netif Expire default70.183.13.193 UGS 0 24701xl0 10/24 link#3 UC 0 0 fxp0 10.0.0.1 00:d0:b7:44:f9:c6 UHLW0 903lo0 10.0.0.2 00:50:8d:e5:a5:41 UHLW0 322468 fxp0572 10.0.0.4 00:e0:98:04:01:f6 UHLW0 1131 fxp0 1140 70.183.13.192/26 link#2 UC 0 0xl0 70.183.13.193 00:13:5f:00:f0:ee UHLW10 xl0 1188 70.183.13.213 00:50:04:cf:52:8a UHLW0 18lo0 127.0.0.1 127.0.0.1 UH 0 0lo0 192.168.1 link#1 UC 0 0dc0 Ok, this looks ok. The 10/24 network *should* be able to see/route anything back and forth to the 192.168.1/24 network without difficulty. Now, I can't remember if you said how this was cabled, but this is how I set up my wifi networks: - plug the wireless network interface in the FBSD router into one of the LAN switch ports on the wireless AP/router (if indeed it is a router). The IP address on the LAN side of the AP is irrelevant, so long as you don't conflict with another IP. Yes, that's what I've done. - Give the wireless laptop a static IP inside the wireless IP subnet As soon as I can get the Linksys set up, I will. - Have nothing plugged into the WAN side of the wireless AP, as you don't want routing with that unit, you just want a layer-2 (bridged/switched) AP. Correct. - effectively, if you have wireless connectivity from the laptop to the AP, you should be able to ping the FW, and vice-versa Checking to make sure the wireless router is routing now, but I can ping from the FreeBSD gateway to the router (as well as hit the web setup with lynx). Ok, slick...you are more than half way there. Carry on with bringing over a client to the wireless side of things (even if it's just cabled into the Linksys for now), to see if you can get through the AP, to the router. Then proceed to try to ping the cabled iface of the FBSD box from said client. If you can do that, then try a wireless client, to ensure the problem doesn't stem from wifi connectivity. And again, tcpdump is a very good tool. The -i switch tells it what interface to listen on, so if the wireless side of the router works but you can't ping across to the cabled side, then apply the cabled interface to the -i switch and you'll be able to see if traffic is making that far, and if it is, if it's even attempting to go back. Cheers, and good luck! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Tue, Nov 01, 2005 at 11:24:59AM -0500, Steve Bertrand wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Morgan Sent: Tuesday, November 01, 2005 11:03 AM To: FreeBSD Questions Subject: Re: Quick Routing Question On Tue, Nov 01, 2005 at 10:25:25AM -0500, Steve Bertrand wrote: DestinationGatewayFlagsRefs Use Netif Expire default70.183.13.193 UGS 0 24701xl0 10/24 link#3 UC 0 0 fxp0 10.0.0.1 00:d0:b7:44:f9:c6 UHLW0 903lo0 10.0.0.2 00:50:8d:e5:a5:41 UHLW0 322468 fxp0572 10.0.0.4 00:e0:98:04:01:f6 UHLW0 1131 fxp0 1140 70.183.13.192/26 link#2 UC 0 0xl0 70.183.13.193 00:13:5f:00:f0:ee UHLW10 xl0 1188 70.183.13.213 00:50:04:cf:52:8a UHLW0 18lo0 127.0.0.1 127.0.0.1 UH 0 0lo0 192.168.1 link#1 UC 0 0dc0 Ok, this looks ok. The 10/24 network *should* be able to see/route anything back and forth to the 192.168.1/24 network without difficulty. Now, I can't remember if you said how this was cabled, but this is how I set up my wifi networks: - plug the wireless network interface in the FBSD router into one of the LAN switch ports on the wireless AP/router (if indeed it is a router). The IP address on the LAN side of the AP is irrelevant, so long as you don't conflict with another IP. Yes, that's what I've done. - Give the wireless laptop a static IP inside the wireless IP subnet As soon as I can get the Linksys set up, I will. - Have nothing plugged into the WAN side of the wireless AP, as you don't want routing with that unit, you just want a layer-2 (bridged/switched) AP. Correct. - effectively, if you have wireless connectivity from the laptop to the AP, you should be able to ping the FW, and vice-versa Checking to make sure the wireless router is routing now, but I can ping from the FreeBSD gateway to the router (as well as hit the web setup with lynx). Ok, slick...you are more than half way there. Carry on with bringing over a client to the wireless side of things (even if it's just cabled into the Linksys for now), to see if you can get through the AP, to the router. Then proceed to try to ping the cabled iface of the FBSD box from said client. If you can do that, then try a wireless client, to ensure the problem doesn't stem from wifi connectivity. And again, tcpdump is a very good tool. The -i switch tells it what interface to listen on, so if the wireless side of the router works but you can't ping across to the cabled side, then apply the cabled interface to the -i switch and you'll be able to see if traffic is making that far, and if it is, if it's even attempting to go back. Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? Thanks again for all the help. tcpdump helped a lot. Jason Cheers, and good luck! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
Jason Morgan [EMAIL PROTECTED] wrote: On Tue, Nov 01, 2005 at 11:24:59AM -0500, Steve Bertrand wrote: And again, tcpdump is a very good tool. The -i switch tells it what interface to listen on, so if the wireless side of the router works but you can't ping across to the cabled side, then apply the cabled interface to the -i switch and you'll be able to see if traffic is making that far, and if it is, if it's even attempting to go back. Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? Do you have NAT enabled between 192.168.1.0 and 10.0.0.0? If you do, the Linksys shouldn't see any 10.0.0.x addresses. If you don't, this is probably a security measure. Perhaps the Linksys supports a white list to allow access from non-local addresses. Fabian -- http://www.fabiankeil.de/ pgpYrvJUyBRPy.pgp Description: PGP signature
RE: Quick Routing Question
Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? No, this is not a NAT issue. You are not doing NAT in this situation (on exception through to the Internet)...the 10/24 and 192.168.1/24 subnets are routed (not NAT'd) through the FBSD box. They are communicating directly to one another, with no translation at all. The problem here (my opinion only), is that the Linksys sees the 10.x address and is not familiar with it (unless explicitly told to do so). What you need to do, is set a static route inside the Linksys that states that 10.0.0.x/24 should be routed to 192.168.1.2 (aka FBSD fw), out the LAN side of the device. Otherwise, what will happen is that the Linksys sees 10/24 as an *outside* address range, and it will forever trying to send it out it's WAN side, to it's default GW, even if there is not one configured. The Linksys may try to give up searching for the 10 network because the only addresses it knows how to route through the LAN side will be the 192 network. I hope I haven't confused you here. I've gotten quite busy so I'm typing faster tham I'm able to think :) Anyway, it's been a while since I've played with a Linksys, but I am certain you can add static routes. Again, what you want is a route that states: - if it needs to go to 10.0.0.0, 255.255.255.0, send it to 192.168.1.2. Now, one more thing...it may be possible that the Linksys interface may ONLY allow connection from it's own subnet, but you'll be able to enlighten me here :) Thanks again for all the help. tcpdump helped a lot. No problem. I'm glad I could be of help. Truly, what you are learning here is how the Internet as a whole works (as far as routing is concerned). The only difference is that you are playing with private IP address allocations, as opposed to public addresses. Steve Jason Cheers, and good luck! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Tue, Nov 01, 2005 at 06:37:16PM +0100, Fabian Keil wrote: Jason Morgan [EMAIL PROTECTED] wrote: On Tue, Nov 01, 2005 at 11:24:59AM -0500, Steve Bertrand wrote: And again, tcpdump is a very good tool. The -i switch tells it what interface to listen on, so if the wireless side of the router works but you can't ping across to the cabled side, then apply the cabled interface to the -i switch and you'll be able to see if traffic is making that far, and if it is, if it's even attempting to go back. Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? Do you have NAT enabled between 192.168.1.0 and 10.0.0.0? If you do, the Linksys shouldn't see any 10.0.0.x addresses. If you don't, this is probably a security measure. Perhaps the Linksys supports a white list to allow access from non-local addresses. I never explicity set the FreeBSD machine to enable NAT between these subnets. Should I do so? Do I just add another natd_interface to rc.conf? Right now, the NAT related entries in rc.conf on the gateway look like this: natd_enable=YES natd_interface=xl0 #public interface natd_flags=-dynamic -m Thanks again, Jason Fabian -- http://www.fabiankeil.de/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Tue, Nov 01, 2005 at 12:42:27PM -0500, Steve Bertrand wrote: Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? No, this is not a NAT issue. You are not doing NAT in this situation (on exception through to the Internet)...the 10/24 and 192.168.1/24 subnets are routed (not NAT'd) through the FBSD box. They are communicating directly to one another, with no translation at all. The problem here (my opinion only), is that the Linksys sees the 10.x address and is not familiar with it (unless explicitly told to do so). What you need to do, is set a static route inside the Linksys that states that 10.0.0.x/24 should be routed to 192.168.1.2 (aka FBSD fw), out the LAN side of the device. Otherwise, what will happen is that the Linksys sees 10/24 as an *outside* address range, and it will forever trying to send it out it's WAN side, to it's default GW, even if there is not one configured. The Linksys may try to give up searching for the 10 network because the only addresses it knows how to route through the LAN side will be the 192 network. I hope I haven't confused you here. I've gotten quite busy so I'm typing faster tham I'm able to think :) Anyway, it's been a while since I've played with a Linksys, but I am certain you can add static routes. Again, what you want is a route that states: - if it needs to go to 10.0.0.0, 255.255.255.0, send it to 192.168.1.2. Got it. I'll try that. The Linksys does allow you to specify static routes. -Jason Now, one more thing...it may be possible that the Linksys interface may ONLY allow connection from it's own subnet, but you'll be able to enlighten me here :) Thanks again for all the help. tcpdump helped a lot. No problem. I'm glad I could be of help. Truly, what you are learning here is how the Internet as a whole works (as far as routing is concerned). The only difference is that you are playing with private IP address allocations, as opposed to public addresses. Steve Jason Cheers, and good luck! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Quick Routing Question
I never explicity set the FreeBSD machine to enable NAT between these subnets. Should I do so? Do I just add another natd_interface to rc.conf? You do not want to do this. The below config in rc.conf is correct. It states that nat will only be enabled for the external interface, for both subnets. There is no need to nat between your two internal subnets. Steve Right now, the NAT related entries in rc.conf on the gateway look like this: natd_enable=YES natd_interface=xl0 #public interface natd_flags=-dynamic -m Thanks again, Jason Fabian -- http://www.fabiankeil.de/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Nov 1, 2005, at 11:15 AM, Jason Morgan wrote: ... Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? Most Linksys routers deny configuration from the WAN interface by default. You MUST configure the linksys router initially to enable administration via the WAN interface. At the very least, please set a reasonable password and enable https! - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Tue, Nov 01, 2005 at 03:10:44PM -0600, Eric F Crist wrote: On Nov 1, 2005, at 11:15 AM, Jason Morgan wrote: ... Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? Most Linksys routers deny configuration from the WAN interface by default. You MUST configure the linksys router initially to enable administration via the WAN interface. At the very least, please set a reasonable password and enable https! Yeah, the router was denying connections from 10.0.0.0. I have fixed this, changed the password, and disallowed alterations from the WAN. Once again, thanks everyone for the help. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Quick Routing Question
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Morgan Sent: Tuesday, November 01, 2005 6:47 PM To: freebsd-questions@freebsd.org Subject: Re: Quick Routing Question On Tue, Nov 01, 2005 at 03:10:44PM -0600, Eric F Crist wrote: On Nov 1, 2005, at 11:15 AM, Jason Morgan wrote: ... Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? Most Linksys routers deny configuration from the WAN interface by default. You MUST configure the linksys router initially to enable administration via the WAN interface. At the very least, please set a reasonable password and enable https! Yeah, the router was denying connections from 10.0.0.0. I have fixed this, changed the password, and disallowed alterations from the WAN. Great! However, to the previous poster... You may have missed it, but we had eliminated the WAN from the equation early on. He is using the AP on the layer-2 side only. The WAN is connected to nothing, so that was not the issue (so far as I was involved in this thread). I understand that the default on a Linksys does not allow WAN admin, but again, that was not the case here. Jason...what fixed it? Was it the addition of the new static route? Please enlighten me. Tks, Steve Once again, thanks everyone for the help. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Tue, Nov 01, 2005 at 07:49:54PM -0500, Steve Bertrand wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Morgan Sent: Tuesday, November 01, 2005 6:47 PM To: freebsd-questions@freebsd.org Subject: Re: Quick Routing Question On Tue, Nov 01, 2005 at 03:10:44PM -0600, Eric F Crist wrote: On Nov 1, 2005, at 11:15 AM, Jason Morgan wrote: ... Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? Most Linksys routers deny configuration from the WAN interface by default. You MUST configure the linksys router initially to enable administration via the WAN interface. At the very least, please set a reasonable password and enable https! Yeah, the router was denying connections from 10.0.0.0. I have fixed this, changed the password, and disallowed alterations from the WAN. Great! However, to the previous poster... You may have missed it, but we had eliminated the WAN from the equation early on. He is using the AP on the layer-2 side only. The WAN is connected to nothing, so that was not the issue (so far as I was involved in this thread). I understand that the default on a Linksys does not allow WAN admin, but again, that was not the case here. Jason...what fixed it? Was it the addition of the new static route? Please enlighten me. Bingo, it was the static route. The wireless router didn't like getting connection attempts from 10.0.0.0 addresses. Turns out, the FreeBSD machine was operating as advertised. Now it's time to get IPSEC set up. Cheers, Jason Tks, Steve Once again, thanks everyone for the help. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Quick Routing Question
Bingo, it was the static route. The wireless router didn't like getting connection attempts from 10.0.0.0 addresses. Turns out, the FreeBSD machine was operating as advertised. Now it's time to get IPSEC set up. Awesome :) You have any q's in your new venture that aren't related to FBSD directly, email me at [EMAIL PROTECTED], if they are IPSec questions via implementation with FBSD directly, hit me and the list. BTW..FBSD always works as advertised. It's seeking out the other nagging issues using FBSD as your test platform that usually seeks them out ;) Keep up the good work. You seem to have built a reasonable understanding of routing. I hope that you've actually understood/learned something from all this. I think you have. I'd say, if you have an extra nic, add a new 172.16/16 subnet in the mix, and see if you can get that to work too. Either way, move on with IPSec, and you'll have one nice, strong, segmented, subnetted, secure wireless and cabled infrastructure, right in your own home!! After you get IPSec working, we'll get you onto IPFW, and FW tweaking ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Quick Routing Question
I am setting up a wireless subnet and, while the gateway (FreeBSD system) is communicating fine with the wireless router, my other subnet is not able to connect to the wireless router. Here is a diagram of my network, I think it's fairly typical. Wired Subnet (10.0.0.x) / / Internet -- FreeBSD Machine \ \ Wireless Subnet (192.168.1.x) The 'wired' interface on the FreeBSD machine has an IP of 10.0.0.1, with the 'wireless' IP being 192.168.1.1. Now, the FreeBSD machine and the wireless router (192.168.1.2) communicate fine as does the wired subnet; however, I am not able to connect from a 10.0.0.x client to the wireless router. After running traceroute, etc, it seems that the FreeBSD machine is simply not routing the data from one subnet to the other. I've verified that it's not the firewall blocking packets. How do I get these subnets to communicate? Thanks, Jason ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Yes, a quick routing question...
It is possible. I have 2 routers. Each has 3 interfaces. If : I plug 2 interfaces on each to the other router, the third interface on each is for the local subnet, a route to the non-local subnet is added to each of the 2 interfaces on each router Subnet A-A===B-Subnet B Will the kernel load balance the traffic traveling between the 2 subnets over the 2 lines? I have done some reading earlier about OSPF, and zebra, but it is my understanding that the kernel needs to decide to load balance when there are 2 routes of equal weight to the same subnet. Thanks, Derek ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
