Re: routing issues to freebsd.org

[Erich Dollansky]

Hi,

On Mon, 8 Jul 2013 08:01:09 -0400
staticsafe  wrote:

> On Mon, Jul 08, 2013 at 09:57:59AM +0100, Paul Macdonald wrote:
> > 
> > On doing some updates this morning, am seeing a routing issue beyond
> > bgp1-ext.ysv.freebsd.org...
> > 
> > Updating Index
> > fetch: http://www.FreeBSD.org/ports/INDEX-9.bz2: No route to host
> > 
> > www.freebsd.org.513 IN  CNAME wfe0.ysv.freebsd.org.
> > wfe0.ysv.freebsd.org.   1690IN  A   8.8.178.110
> > 
> 
> Perhaps an issue on your end (probably on the reverse route)? 

it was the same story in Indonesia.

Erich
> 
> Traces look fine from multiple networks:
> http://sprunge.us/JFeS
> 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: routing issues to freebsd.org

[Johan Hendriks]

Paul Macdonald schreef:


On doing some updates this morning, am seeing a routing issue beyond 
bgp1-ext.ysv.freebsd.org...


Updating Index
fetch: http://www.FreeBSD.org/ports/INDEX-9.bz2: No route to host

www.freebsd.org.513 IN  CNAME wfe0.ysv.freebsd.org.
wfe0.ysv.freebsd.org.   1690IN  A   8.8.178.110

traceroute to 8.8.178.110 (8.8.178.110), 64 hops max, 52 byte packets
 1  -- 0.528 
ms  0.462 ms  0.428 ms
 2  490.net2.north.dc5.as20860.net (62.233.127.210)  0.267 ms 0.263 
ms  0.263 ms
 3  593.core1.thn.as20860.net (62.233.127.173)  111.922 ms  49.373 ms  
1.125 ms
 4  ae3-309.lon11.ip4.tinet.net (77.67.74.101)  1.080 ms  1.181 ms 
1.081 ms

 5  xe-9-1-0.sjc10.ip4.tinet.net (89.149.184.53)  145.580 ms 145.746 ms
xe-8-1-0.sjc10.ip4.tinet.net (89.149.183.17)  145.216 ms
 6  213.200.66.238 (213.200.66.238)  145.702 ms  188.823 ms
ge-0-3-9.pat1.sjc.yahoo.com (216.115.96.10)  219.331 ms
 7  bgp1-ext.ysv.freebsd.org (216.115.101.227)  146.013 ms 146.385 ms
ae-5.pat2.sjc.yahoo.com (216.115.105.19)  145.653 ms
 8  * * bgp1-ext.ysv.freebsd.org (216.115.101.227)  146.519 ms
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *


Paul.


I noticed FreeBSD was not accessable this morning.
svnup gives me the following.
 svnup stable
svnup: connect failure: Connection refused

earlier i could not even open www.freebsd.org, so something is or was 
not right.

Now www.freebsd.org works again

gr
Johan Hendriks



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: routing issues to freebsd.org

[staticsafe]

On Mon, Jul 08, 2013 at 09:57:59AM +0100, Paul Macdonald wrote:
> 
> On doing some updates this morning, am seeing a routing issue beyond
> bgp1-ext.ysv.freebsd.org...
> 
> Updating Index
> fetch: http://www.FreeBSD.org/ports/INDEX-9.bz2: No route to host
> 
> www.freebsd.org.513 IN  CNAME wfe0.ysv.freebsd.org.
> wfe0.ysv.freebsd.org.   1690IN  A   8.8.178.110
> 

Perhaps an issue on your end (probably on the reverse route)? 

Traces look fine from multiple networks:
http://sprunge.us/JFeS

-- 
staticsafe
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
Please don't top post.
Please don't CC! I'm subscribed to whatever list I just posted on.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Routing Woes

[Adam Vande More]

On Sat, Sep 3, 2011 at 8:16 PM, Monkeyfoahead wrote:

>I have a question that I thought that you could probably answer. I
> have setup a freebsd seedbox in my apartment.  This box has two internet
> connections (multi-homed server.). One is an ethernet connection behind a
> firewall that is connected to a Comcast modem. The other is my apartment's
> wifi. I desire to use the wifi for torrenting and my connection for
> http,ftp, and ssh access. The proper ports have been forwarded to the
> freebsd server from the firewall on the Comcast connection.  My problem is
> when the default route is set to go over the wifi, i cannot access the
> server from the comcast modem address. When my default route is set to go
> over the modem, my server is accessible to the outside world.
>
> Due to the nature of the torrent-dameon i am using. I must have the default
> route go over the wifi connection. Is there a route i can add that will fix
> my problem?
>

I believe you'll want to use fib's eg setfib(1) and assign your torrent
client to use the fib associated with your wifi.


-- 
Adam Vande More
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: routing to a directly attached subnet without an address in this subnet

[Lionel Fourquaux]

On Mon, Apr 25, 2011 at 10:17:40PM +1000, Daniel Marsh wrote:

What you need to verify is the default routes on the client hosts. It's very
likely your packets and your initial route add commands on your dual host
machine are correct, yet the return route on the other clients are
incorrect.


I have checked that. Actually, I can ping the router from the clients. 
What does not work is initiating a packet exchange from the router's side.


Short reminder:
 em0 has addresses fe80::1234:56ff:fe78:9abc and 2001:db8::1
 em1 has address fe80::1234:56ff:fe78:9abd
 default route is to em0
 2001:db8:0:1::/64 is router to em1 
  (route add -inet6 2001:db8:0:1::/64 -iface em1)
 clients connected to em1 have addresses in 2001:db8:0:1::/64 and default 
  route to fe80::1234:56ff:fe78:9abd


If I reboot the router, then try to ping a client in 2001:db8:0:1::/64, 
directly connected to em1, ping6 fails with "sendmsg: Operation not 
permitted". tcpdump does not show anything being sent to this client. The 
client's MAC does not show up in "ndp -a".


If I ping the router from the client, I get answers. The client's MAC 
show up in the NDP table, and I can ping the client from the router as 
long as it is still listed in the NDP table. If I clear the table with 
"ndp -c", I can't ping from the router any more. If I reboot and add 
a static entry for the client in the NDP table, I can ping this client.


All this seems to point to NDP as the root of the problem: it looks like 
it is not aware of the addition of 2001:db8:0:1::/64 to the routing 
table. I do not see any way to give the missing information to NDP 
other than adding an address to em1. (Adding static entries for all the 
clients would not be manageable in the long run).


Google seems to turn up some mentions of "cloning routes" that look like 
a way to solve this (I'm not quite sure), but this was apparently 
removed in a recent reimplementation of ARP+NDP (arp-v2). Maybe some 
functionality was lost in the process, but I don't know about this.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: routing to a directly attached subnet without an address in this subnet

[Lionel Fourquaux]

On Sun, Apr 24, 2011 at 06:43:11PM -0500, Robert Bonomi wrote:

Sorry, it _is_ impossible.


:(


simply put, to communicate _on_ a network, you have to be *ON* that
network, i.e., 'have an address in that network's address-space'.


I don't quite see why this would be required, as long as packets are 
routed as they should.



It is perfectly legitimate for two (or more) separate networks to share
the same physical media.


Yes.


*ONLY* the address of the device distinguishes which network the trafic
goes to/from.


But this is the destination address on packets. The point here is, why 
would the router need an address that is never used as source or 
destination?



I can't see any strong reason for requiring that em1 have
an address for every directly attached subnet packets are routed
to.


Think about how 'reply' packets have to be routed by other machines
on that subnet.


Packets from other machines are routed to fe80::1234:56ff:fe78:9abd 
(link local address of the router), so this part is fine.


Thanks!

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: routing to a directly attached subnet without an address in this subnet

[Lionel Fourquaux]

On Sun, Apr 24, 2011 at 08:50:53PM -0400, David Scheidt wrote:

On Apr 24, 2011, at 4:29 PM, Lionel Fourquaux wrote:

em0 has addresses fe80::1234:56ff:fe78:9abc and 2001:db8::1
em1 has address fe80::1234:56ff:fe78:9abd
Network 2001:db8::/64 is directly attached to em0, and network 
2001:db8:0:1::/64 is directly attached to em1. The default route points to em0. 
I would like to route packets addressed to 2001:db8:0:1::/64 to interface em1, 
without allocating an address in 2001:db8:0:1::/64 for em1. (Or to understand 
why this would be impossible).



Why do you want to do this?


Because I think it would look better that way.


 How do you expect the hosts on the attached networks to get packets to you?


They are already using fe80::1234:56ff:fe78:9abd as default gateway, so 
this is not a problem.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: routing to a directly attached subnet without an address in this subnet

[David Scheidt]

On Apr 24, 2011, at 4:29 PM, Lionel Fourquaux wrote:

> Dear FreeBSD users,
> 
> Consider an IPv6 router with two interfaces, e.g. em0 and em1.
> em0 has addresses fe80::1234:56ff:fe78:9abc and 2001:db8::1
> em1 has address fe80::1234:56ff:fe78:9abd
> Network 2001:db8::/64 is directly attached to em0, and network 
> 2001:db8:0:1::/64 is directly attached to em1. The default route points to 
> em0. I would like to route packets addressed to 2001:db8:0:1::/64 to 
> interface em1, without allocating an address in 2001:db8:0:1::/64 for em1. 
> (Or to understand why this would be impossible).
> 

Why do you want to do this?  How do you expect the hosts on the attached 
networks to get packets to you?  

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Routing issue?

[Ryan Coleman]

As mentioned before, this is already solved.


On Nov 12, 2010, at 3:08 AM, Wojciech Puchar wrote:

>> ff02::%lo0/32 fe80::1%lo0   U   
>> lo0
>> 
>> ifconfig_em0="inet 70.89.123.5  netmask 255.255.255.248"
>> ifconfig_em1="inet 70.89.123.4 netmask 255.255.255.248"
>> defaultrouter="70.89.123.6"
>> hostname="se**.somehtingelse.biz"
>> 
>> 
>> I tried to add the gateway for link2 but it's not taking since it already 
>> exists, and I've run multiple IP'd servers before without issue.
>> 
>> I'm really lost.___
> you can't have 2 gateways.
> 
> but you may configure ipfw firewall and use it's fwd function to define 
> exactly what is routed through what, whatever your wish is.
> 
> not that long ago i had 7 links to my server doing ISP business, as there was 
> no way to get single large link that place.
> 
> no problems
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Routing issue?

[Wojciech Puchar]

ff02::%lo0/32 fe80::1%lo0   U   lo0

ifconfig_em0="inet 70.89.123.5  netmask 255.255.255.248"
ifconfig_em1="inet 70.89.123.4 netmask 255.255.255.248"
defaultrouter="70.89.123.6"
hostname="se**.somehtingelse.biz"


I tried to add the gateway for link2 but it's not taking since it already 
exists, and I've run multiple IP'd servers before without issue.

I'm really lost.___

you can't have 2 gateways.

but you may configure ipfw firewall and use it's fwd function to define 
exactly what is routed through what, whatever your wish is.


not that long ago i had 7 links to my server doing ISP business, as there 
was no way to get single large link that place.


no problems
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

{Solved} Re: Routing issue?

[Ryan Coleman]

It didn't work until I bridged the connections.

[r...@server /usr/home/ryan]# ifconfig bridge create
bridge0
[r...@server /usr/home/ryan]# ifconfig bridge0
bridge0: flags=8802 metric 0 mtu 1500
ether 0a:df:a2:b3:3e:96
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0
[r...@server /usr/home/ryan]# ifconfig bridge0 addm em0 addm em1 up


On Nov 11, 2010, at 10:00 PM, Gary Gatten wrote:

> What exactly isn't working? You don't have two L3 nets, but two ips on the 
> same net - nothing to route, except the default.
> 
> - Original Message -
> From: owner-freebsd-questi...@freebsd.org 
> 
> To: Free BSD Questions list 
> Sent: Thu Nov 11 21:41:40 2010
> Subject: Routing issue?
> 
> I'm trying to get the other half of my business up on my second IP.
> 
> It's not routing. This is not a multi-homed system, but two IPs in the same 
> subnet.
> 
> 
> [r...@server /usr/home/ryan]# netstat -nr 
> Routing tables
> 
> Internet:
> DestinationGatewayFlagsRefs  Use  Netif Expire
> default70.89.123.6UGS 7 1090em0
> 70.89.123.0/29 link#1 U   2  837em0
> 70.89.123.4link#2 UHS 0   25lo0
> 70.89.123.5link#1 UHS 00lo0
> 127.0.0.1  link#5 UH  0  863lo0
> 
> Internet6:
> Destination   Gateway   Flags  
> Netif Expire
> ::1   ::1   UH  
> lo0
> fe80::%lo0/64 link#5U   
> lo0
> fe80::1%lo0   link#5UHS 
> lo0
> ff01:5::/32   fe80::1%lo0   U   
> lo0
> ff02::%lo0/32 fe80::1%lo0   U   
> lo0
> 
> ifconfig_em0="inet 70.89.123.5  netmask 255.255.255.248"
> ifconfig_em1="inet 70.89.123.4 netmask 255.255.255.248"
> defaultrouter="70.89.123.6"
> hostname="se**.somehtingelse.biz"
> 
> 
> I tried to add the gateway for link2 but it's not taking since it already 
> exists, and I've run multiple IP'd servers before without issue.
> 
> I'm really lost.___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
> 
> 
> 
> 
> 
> 
> 
> 
> "This email is intended to be reviewed by only the intended recipient
> and may contain information that is privileged and/or confidential.
> If you are not the intended recipient, you are hereby notified that
> any review, use, dissemination, disclosure or copying of this email
> and its attachments, if any, is strictly prohibited.  If you have
> received this email in error, please immediately notify the sender by
> return email and delete this email from your system."
> 
> 
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Routing issue?

[Gary Gatten]

What exactly isn't working? You don't have two L3 nets, but two ips on the same 
net - nothing to route, except the default.

- Original Message -
From: owner-freebsd-questi...@freebsd.org 
To: Free BSD Questions list 
Sent: Thu Nov 11 21:41:40 2010
Subject: Routing issue?

I'm trying to get the other half of my business up on my second IP.

It's not routing. This is not a multi-homed system, but two IPs in the same 
subnet.


[r...@server /usr/home/ryan]# netstat -nr 
Routing tables

Internet:
DestinationGatewayFlagsRefs  Use  Netif Expire
default70.89.123.6UGS 7 1090em0
70.89.123.0/29 link#1 U   2  837em0
70.89.123.4link#2 UHS 0   25lo0
70.89.123.5link#1 UHS 00lo0
127.0.0.1  link#5 UH  0  863lo0

Internet6:
Destination   Gateway   Flags  
Netif Expire
::1   ::1   UH  lo0
fe80::%lo0/64 link#5U   lo0
fe80::1%lo0   link#5UHS lo0
ff01:5::/32   fe80::1%lo0   U   lo0
ff02::%lo0/32 fe80::1%lo0   U   lo0

ifconfig_em0="inet 70.89.123.5  netmask 255.255.255.248"
ifconfig_em1="inet 70.89.123.4 netmask 255.255.255.248"
defaultrouter="70.89.123.6"
hostname="se**.somehtingelse.biz"


I tried to add the gateway for link2 but it's not taking since it already 
exists, and I've run multiple IP'd servers before without issue.

I'm really lost.___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"








"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Routing Question

[Nikos Vassiliadis]

On 8/27/2010 9:09 PM, Doug Hardie wrote:


On 27 August 2010, at 05:07, Patrick Lamaiziere wrote:


Le Thu, 26 Aug 2010 18:17:19 -0700, Doug Hardie  a
écrit :


PF's route_to will return the packets to the proper router, but I
have not been able to figure out which ones those would be.  The
source IP address can be any on either network and its highly
likely that we will see packets from the same source network on
both at the same time.  The only distinction I see in the input
packets between the two paths is the MAC address of the router.
I don't see any way in pf or the system to use that to affect the
return path though.


the filter option "reply-to" looks to be what you need. It works
by keeping the state of a connection (see pf.conf(5)).


That works great on the output if you can figure out which packets to
use it on.  The only way I can see to separate the traffic is using
the router MAC address.  I don't find anything in pf that will look
at that.


Yes, pf cannot use the MAC address to classify a packet. The most
sensible sollution would be installing a single router to handle
both lines but I know it's not always feasible to do so for several
reasons. ipfw can use MAC addresses for classification, perhaps you
hack some rules using fwd, skipto and mac.

Nikos
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Routing Question

[Doug Hardie]

On 27 August 2010, at 05:07, Patrick Lamaiziere wrote:

> Le Thu, 26 Aug 2010 18:17:19 -0700,
> Doug Hardie  a écrit :
> 
>> PF's route_to will return the packets to the proper router, but I have not
>> been able to figure out which ones those would be.  The source IP
>> address can be any on either network and its highly likely that we
>> will see packets from the same source network on both at the same
>> time.  The only distinction I see in the input packets between the
>> two paths is the MAC address of the router.  I don't see any way in
>> pf or the system to use that to affect the return path
>> though.
> 
> the filter option "reply-to" looks to be what you need. It works by
> keeping the state of a connection (see pf.conf(5)).

That works great on the output if you can figure out which packets to use it 
on.  The only way I can see to separate the traffic is using the router MAC 
address.  I don't find anything in pf that will look at 
that.___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Routing Question

[Patrick Lamaiziere]

Le Thu, 26 Aug 2010 18:17:19 -0700,
Doug Hardie  a écrit :

>  PF's route_to will return the packets to the proper router, but I have not
> been able to figure out which ones those would be.  The source IP
> address can be any on either network and its highly likely that we
> will see packets from the same source network on both at the same
> time.  The only distinction I see in the input packets between the
> two paths is the MAC address of the router.  I don't see any way in
> pf or the system to use that to affect the return path
> though.

the filter option "reply-to" looks to be what you need. It works by
keeping the state of a connection (see pf.conf(5)).
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Routing to internet addresses ending with 255

[Wojciech Puchar]

but WHAT are external IP's of these routers. this is important.

if the "problem" host is A.B.C.255 check if routers external IP isn't 
A.B.C.something


No, I just checked again with DynDNS update logs and all three routers had 
very different IP addresses at the time I was trying.



try freebsd 6 (from livecd etc.) in place of freebsd 7 on the same 
computer. you will check if it's FreeBSD 7 problem (i DO NOT think so) or 
this crappy router.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing to internet addresses ending with 255

[Manolis Kiagias]

Wojciech Puchar wrote:
i don't think it's freebsd version dependent, unless developers made 
a bug.



all these systems are behind ADSL routers and use NAT. Their internal 
addresses are in the 192.168.0.X range.
I could easily consider this a problem of the (cheap) ADSL routers, 
but  6


very likely. yesterday i configured chinese 5 WLAN/LAN switch/routers, 
it looks like it's software was written by someone during single lunch 
break ;)


i found 2 bugs not even searching much. but - as just a LAN/WLAN 
bridges they work fine.


I too, am very well aware of the "quality" of these systems :)


and 7 use the same model (OTOH, there may be different firmware 
versions).


but WHAT are external IP's of these routers. this is important.

if the "problem" host is A.B.C.255 check if routers external IP isn't 
A.B.C.something


No, I just checked again with DynDNS update logs and all three routers 
had very different IP addresses at the time I was trying.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing to internet addresses ending with 255

[Wojciech Puchar]

i don't think it's freebsd version dependent, unless developers made a bug.


all these systems are behind ADSL routers and use NAT. Their internal 
addresses are in the 192.168.0.X range.

I could easily consider this a problem of the (cheap) ADSL routers, but  6


very likely. yesterday i configured chinese 5 WLAN/LAN switch/routers, it 
looks like it's software was written by someone during single lunch break ;)


i found 2 bugs not even searching much. but - as just a LAN/WLAN bridges 
they work fine.



and 7 use the same model (OTOH, there may be different firmware versions).


but WHAT are external IP's of these routers. this is important.

if the "problem" host is A.B.C.255 check if routers external IP isn't 
A.B.C.something



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing to internet addresses ending with 255

[Manolis Kiagias]

Wojciech Puchar wrote:


I have two home servers, on different locations, on two ADSL lines 
using

dynamic DNS. One is running Debian, the other FreeBSD 7.0-RELEASE.

I usually ssh from one to the other. Today, the debian server had a
public (internet) IP ending in 255. The FreeBSD 7.0 system refused to
communicate with it. Another 6.3 system had no problem. The 6.3 and 7.0


doesn't your 7.0 system has same first 3 bytes of IP, and badly set 
netmask to /24 instead of narrower?


i don't think it's freebsd version dependent, unless developers made a 
bug.



all these systems are behind ADSL routers and use NAT. Their internal 
addresses are in the 192.168.0.X range.
I could easily consider this a problem of the (cheap) ADSL routers, but  
6 and 7 use the same model (OTOH, there may be different firmware versions).

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing to internet addresses ending with 255

[Wojciech Puchar]

I have two home servers, on different locations, on two ADSL lines using
dynamic DNS. One is running Debian, the other FreeBSD 7.0-RELEASE.

I usually ssh from one to the other. Today, the debian server had a
public (internet) IP ending in 255. The FreeBSD 7.0 system refused to
communicate with it. Another 6.3 system had no problem. The 6.3 and 7.0


doesn't your 7.0 system has same first 3 bytes of IP, and badly set 
netmask to /24 instead of narrower?


i don't think it's freebsd version dependent, unless developers made a 
bug.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing to internet addresses ending with 255

[Manolis Kiagias]

Nikos Vassiliadis wrote:

On Friday 16 May 2008 12:32:35 Manolis Kiagias wrote:
  

I had this weird problem today, and I would like to know what caused it:

I have two home servers, on different locations, on two ADSL lines using
dynamic DNS. One is running Debian, the other FreeBSD 7.0-RELEASE.

I usually ssh from one to the other. Today, the debian server had a
public (internet) IP ending in 255. The FreeBSD 7.0 system refused to
communicate with it. Another 6.3 system had no problem. The 6.3 and 7.0
system have identical adsl routers.

Trying a traceroute from 7.0, it would seem the debian system was one
hop away, which is of course incorrect.

I understand that x.x.x.255 is ethernet's broadcast address. 



No, it's not. Since these days IP is classless, a network
(and thus its broadcast address) is completely local information,
not known to remote hosts. What might look to an external observer
as a /24 network, may be something else. For example 213.0.0.255/24
may be the broadcast address for net 213.0.0.0/24, but it's not the
broadcast address for net 213.0.0.0/23, which would be 213.0.1.255.

Also, regadless of being the broadcast address or not, to the external
observer that address is just an IP address. The router of the network
will handle specially(will broadcast) the packet if it's destined for the
broadcast address.

  


I guessed it would be like this. Thank you for clarifying it.

However 6.3 
had no problem connecting to it, while 7.0 would not. Has something

changed in FreeBSD, is this the intended behaviour or a bug?



This looks like a bug. Can you post more info about it?

  


Problem is I've already reset the router that had the .255 address.  All 
other actions had no effect:


- Restarting the network interface in 7.0
- Restarting routing / erasing and reconfiguring routing table in 7.0
- Trying the IP address directly instead of the dyndns.org name (clearly 
not any type of DNS problem)

- Restarting the router connected to 7.0

Traceroute gave a result like:

traceroute xxx.dyndns.org
traceroute to xxx.dyndns.org (xxx.xxx.xxx.255), 64 hops max, 40 byte packets
1  xxx.dyndns.org (xxx.xxx.xxx.255)  1.008 ms  1.084 ms  0.928 ms

Clearly wrong, since everything goes through my router:

traceroute www.otenet.gr
traceroute to www.otenet.gr (62.103.128.215), 64 hops max, 40 byte packets
1  router (192.168.0.55)  1.014 ms  0.948 ms  0.941 ms
2  athe10kt-l1.otenet.net (62.103.129.42)  19.399 ms  20.362 ms  19.892 ms
...

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing to internet addresses ending with 255

[Nikos Vassiliadis]

On Friday 16 May 2008 12:32:35 Manolis Kiagias wrote:
> I had this weird problem today, and I would like to know what caused it:
>
> I have two home servers, on different locations, on two ADSL lines using
> dynamic DNS. One is running Debian, the other FreeBSD 7.0-RELEASE.
>
> I usually ssh from one to the other. Today, the debian server had a
> public (internet) IP ending in 255. The FreeBSD 7.0 system refused to
> communicate with it. Another 6.3 system had no problem. The 6.3 and 7.0
> system have identical adsl routers.
>
> Trying a traceroute from 7.0, it would seem the debian system was one
> hop away, which is of course incorrect.
>
> I understand that x.x.x.255 is ethernet's broadcast address. 

No, it's not. Since these days IP is classless, a network
(and thus its broadcast address) is completely local information,
not known to remote hosts. What might look to an external observer
as a /24 network, may be something else. For example 213.0.0.255/24
may be the broadcast address for net 213.0.0.0/24, but it's not the
broadcast address for net 213.0.0.0/23, which would be 213.0.1.255.

Also, regadless of being the broadcast address or not, to the external
observer that address is just an IP address. The router of the network
will handle specially(will broadcast) the packet if it's destined for the
broadcast address.

> However 6.3 
> had no problem connecting to it, while 7.0 would not. Has something
> changed in FreeBSD, is this the intended behaviour or a bug?

This looks like a bug. Can you post more info about it?

> Furthermore, is it valid for my ISP to assign me an address ending in
> 255?

Yes, assuming that you speak of a PPP connection. There is no
network concept in PPP. The two peer addresses are totally
unrelated. For example, a PPP interface configured with
10.0.0.1 --> 172.16.255.255 is perfectly valid configuration.

HTH, Nikos
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing question

[Laszlo Nagy]

Laszlo Nagy írta:



- ping from pc on 0.0 network to 192.168.2.138
  
Well, I cannot do this from here. Those computers are X terminals, 
they do not run inetd nor sshd. I cannot login from here and I cannot 
leave now, but I can do it later if necessary.



- sysctl -a net.inet.ip.forwarding (on the GatewayComp)
  

cassiopeia# sysctl -a net.inet.ip.forwarding
net.inet.ip.forwarding: 1
cassiopeia#


I can answer the missed question in about an hour.


I'm sorry, not today. I'll try tomorrow.
I did it. It was not working: could not ping 192.168.2.138 from 
192.168.0.114.  Then I added a static route


-net 192.168.2.0 192.168.0.1 255.255.255.0

and it started to work. But here is something I still do not understand. 
The given gateway 192.168.0.1 was already the default gateway. Why do I 
need to add another gateway to the routing table to make it work? I have 
similar installations and specifing one default gateway did the work so far.


Thanks,

  Laszlo

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing question

[Laszlo Nagy]

- ping from pc on 0.0 network to 192.168.2.138
  
Well, I cannot do this from here. Those computers are X terminals, 
they do not run inetd nor sshd. I cannot login from here and I cannot 
leave now, but I can do it later if necessary.



- sysctl -a net.inet.ip.forwarding (on the GatewayComp)
  

cassiopeia# sysctl -a net.inet.ip.forwarding
net.inet.ip.forwarding: 1
cassiopeia#


I can answer the missed question in about an hour.


I'm sorry, not today. I'll try tomorrow.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing question

[Laszlo Nagy]

Steve Bertrand wrote:

Internet  -> [Hw Router]  (LAN1: 192.168.2.0/24)  ->  [
192.168.2.138 GatewayComp  192.168.0.1 ] -- (LAN2: 192.168.0.0/24)

I would like to access a computer from LAN1 to LAN2.



Perform the following and post the results of:

- ping from GatewayComp to pc on 0.0 network and a pc on 2.0 network
  

cassiopeia# ping 192.168.2.114
PING 192.168.2.114 (192.168.2.114): 56 data bytes
64 bytes from 192.168.2.114: icmp_seq=0 ttl=64 time=0.171 ms
64 bytes from 192.168.2.114: icmp_seq=1 ttl=64 time=0.184 ms
64 bytes from 192.168.2.114: icmp_seq=2 ttl=64 time=0.229 ms
^C
--- 192.168.2.114 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.171/0.195/0.229/0.025 ms
cassiopeia# ping 192.168.0.132
PING 192.168.0.132 (192.168.0.132): 56 data bytes
64 bytes from 192.168.0.132: icmp_seq=0 ttl=64 time=0.260 ms
64 bytes from 192.168.0.132: icmp_seq=1 ttl=64 time=0.235 ms
64 bytes from 192.168.0.132: icmp_seq=2 ttl=64 time=0.133 ms
^C
--- 192.168.0.132 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.133/0.209/0.260/0.055 ms
cassiopeia#

- ping from pc on 2.0 network to 192.168.0.1
  

office1adsl# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 data bytes
64 bytes from 192.168.0.1: icmp_seq=0 ttl=64 time=0.270 ms
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=0.456 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=0.178 ms
^C
--- 192.168.0.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.178/0.301/0.456/0.116 ms


- ping from pc on 0.0 network to 192.168.2.138
  
Well, I cannot do this from here. Those computers are X terminals, they 
do not run inetd nor sshd. I cannot login from here and I cannot leave 
now, but I can do it later if necessary.



- sysctl -a net.inet.ip.forwarding (on the GatewayComp)
  

cassiopeia# sysctl -a net.inet.ip.forwarding
net.inet.ip.forwarding: 1
cassiopeia#


I can answer the missed question in about an hour.
Thanks,

   Laszlo


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing question

[Steve Bertrand]

> Internet  -> [Hw Router]  (LAN1: 192.168.2.0/24)  ->  [
> 192.168.2.138 GatewayComp  192.168.0.1 ] -- (LAN2: 192.168.0.0/24)
> 
> I would like to access a computer from LAN1 to LAN2.

Perform the following and post the results of:

- ping from GatewayComp to pc on 0.0 network and a pc on 2.0 network
- ping from pc on 2.0 network to 192.168.0.1
- ping from pc on 0.0 network to 192.168.2.138
- sysctl -a net.inet.ip.forwarding (on the GatewayComp)

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Ian Smith]

On Sat, 24 Nov 2007, Alaor Barroso de Carvalho Neto wrote:
 > 2007/11/24, Ian Smith <[EMAIL PROTECTED]>:
 > >
 > > No I didn't mean that; use your own favourite packet filter, any of them
 > > can handle what you've described.  Bill suggested pf - lots of people
 > > seem to like it a lot - and I use ipfw because I (mostly) know how to.
 > 
 > 
 > I always had linux servers, so I'm very familiar with iptables, I don't have
 > a favorite BSD firewall yet, so that's why I'm asking. I choose ipfilter
 > because I liked the tutorial in the FreeBSD handbook, but I don't know any
 > features of the others, I even don't know ipfilter yet.

Yes, I suspect the handbook firewall sections were put together by an
ipfilter fan, even the ipfw section contains some oddities indicating
that, and the pf section so far lacks the basic and with-NAT firewall
setups that might encourage more people unfamiliar with pf to try it.

 > Ok.  Pasted output of 'ifconfig' and 'netstat -finet -nr' may help ..
 > > it's easier to parse familiar machine output than textual descriptions.
 > 
 > 
 > My BSD box don't have graphic interface and I must admit I'm suffering to
 > use it, so that's why I'm transcripting the configs, but I'm gonna change
 > that.

You can mark and copy with the mouse in text terminals on non-X boxes,
at a pinch.  I then use (say) ee to save the paste, though of course
it's a lot less tedious working from an xterm with multiple clipboard
buffers .. I've pasted up to 2000 lines from a Konsole at times :)

 > Dunno.  I'd just run tcpdump in a different terminal for each interface
 > > and watch the traffic; what gets forwarded, or not, what gets translated
 > > by NAT, or not.  As you said, pings are a useful start, as can be adding
 > > temporary firewall rules to log everything in and out per interface ..
 > >
 > > I know next to nothing about routed(8) and RIP, nor why you might prefer
 > > it to static and cloned routing, but taking it out of the mix might help
 > > with debugging until your basic routing and filtering works right?
 > 
 > 
 > I think it's hard to be NAT even because I've disabled ipfilter and the
 > problem still. I thought I would just set gateway_enable="YES" and things
 > would start working, at least that was how I've seem in the docs, but like
 > it didn't, I tried to set static routes. I don't know anything about routed
 > too, I just know that it's supposed to build the routes on demand, or

I think routed might only work in a network that's using RIP throughout,
but that's only from what I've read in Hunt's TCP/IP Network Admin book,
and I've seen next to no discussion of using RIP in recent times.  I'm
pretty sure you don't want to run routed(8) and that it would only add
to confusion for anyone trying to help you spot your problem here.

 > something like that. I'll copy the result of netstat on monday but the
 > routes seems to be OK, they're there like they're supposed to be, at least I
 > think they are right. Probably the problem is very stupid, but I feel like

Possibly just a little confusion re how freebsd routing tables are
presented compared to Linux, especially re default routes, perhaps? 

 > I've checked everything and I can't find the error, and like I'm not very
 > familiar with BSD I'm losing my hope. Next week I'll try some things and if
 > it don't work I think it's time to go back to linux. That's bad because I
 > liked a lot the freebsd way of do the things.

I suggest ending this thread here, and that you come back with a fresh
start on a fresh subject stating again what you want to do, your network
setup and layout, ifconfig and your full IPv4 routing tables, and clear
description of which packets via which interface/s are failing to get to
where you want them to go (and back!).  Your original message was fairly
clear about that, though it's got lost in the mists of time by now ..

Don't give up.  Perhaps spend a little time browsing the freebsd-net
list to see if that's worth joining for you, if you can't get sufficent
answers here, but with enough basic info I'm sure someone here can help. 

Cheers, Ian

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[RW]

On Sat, 24 Nov 2007 13:41:51 -0200
"Alaor Barroso de Carvalho Neto" <[EMAIL PROTECTED]> wrote:

> 2007/11/24, Ian Smith <[EMAIL PROTECTED]>:
> >
> > No I didn't mean that; use your own favourite packet filter, any of
> > them can handle what you've described.  Bill suggested pf - lots of
> > people seem to like it a lot - and I use ipfw because I (mostly)
> > know how to.
> 
> 
> I always had linux servers, so I'm very familiar with iptables, I
> don't have a favorite BSD firewall yet, so that's why I'm asking. I
> choose ipfilter because I liked the tutorial in the FreeBSD handbook,
> but I don't know any features of the others, I even don't know
> ipfilter yet.

IPFilter was OpenBSD's old firewall, but because of its restrictive
licence PF was developed  and IPFilter was dropped from OpenBSD.

The two firewalls use a very similar syntax. Unless you have a good
reason to use IPFilter, it's probably better to start with PF, the
documentation on the OpenBSD site is pretty good.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Alaor Barroso de Carvalho Neto]

2007/11/24, Ian Smith <[EMAIL PROTECTED]>:
>
> No I didn't mean that; use your own favourite packet filter, any of them
> can handle what you've described.  Bill suggested pf - lots of people
> seem to like it a lot - and I use ipfw because I (mostly) know how to.


I always had linux servers, so I'm very familiar with iptables, I don't have
a favorite BSD firewall yet, so that's why I'm asking. I choose ipfilter
because I liked the tutorial in the FreeBSD handbook, but I don't know any
features of the others, I even don't know ipfilter yet.

Ok.  Pasted output of 'ifconfig' and 'netstat -finet -nr' may help ..
> it's easier to parse familiar machine output than textual descriptions.


My BSD box don't have graphic interface and I must admit I'm suffering to
use it, so that's why I'm transcripting the configs, but I'm gonna change
that.

Dunno.  I'd just run tcpdump in a different terminal for each interface
> and watch the traffic; what gets forwarded, or not, what gets translated
> by NAT, or not.  As you said, pings are a useful start, as can be adding
> temporary firewall rules to log everything in and out per interface ..
>
> I know next to nothing about routed(8) and RIP, nor why you might prefer
> it to static and cloned routing, but taking it out of the mix might help
> with debugging until your basic routing and filtering works right?


I think it's hard to be NAT even because I've disabled ipfilter and the
problem still. I thought I would just set gateway_enable="YES" and things
would start working, at least that was how I've seem in the docs, but like
it didn't, I tried to set static routes. I don't know anything about routed
too, I just know that it's supposed to build the routes on demand, or
something like that. I'll copy the result of netstat on monday but the
routes seems to be OK, they're there like they're supposed to be, at least I
think they are right. Probably the problem is very stupid, but I feel like
I've checked everything and I can't find the error, and like I'm not very
familiar with BSD I'm losing my hope. Next week I'll try some things and if
it don't work I think it's time to go back to linux. That's bad because I
liked a lot the freebsd way of do the things.

Thankz the attention guyz, hugs!
Alaor
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Ian Smith]

On Sat, 24 Nov 2007, Alaor Barroso de Carvalho Neto wrote:
 > 2007/11/24, Ian Smith <[EMAIL PROTECTED]>:
 > >
 > > ipfw works fine too for these sorts of network policy separation :)
 > 
 > 
 > So ipfilter is not recommended by you guyz?

No I didn't mean that; use your own favourite packet filter, any of them
can handle what you've described.  Bill suggested pf - lots of people
seem to like it a lot - and I use ipfw because I (mostly) know how to. 

 > > I'm not saying this odd netmask explains your problem, nor that I fully
 > > understand the effect of non-contiguous netmasks, but it's worth fixing.
 > 
 > 
 > My fault again, the mask is 255.255.255.224, I messed up the things the 27
 > come from XXX.XXX.XXX.XXX/27, you're right! But in the config file it's
 > .224.

Ok.  Pasted output of 'ifconfig' and 'netstat -finet -nr' may help .. 
it's easier to parse familiar machine output than textual descriptions.

 > On which machine/s is NAT translation taking place?  Eg if 10.10/16 were
 > > allowed access to the internet via here, where would they get NAT'd to
 > > the external IP?
 > >
 > > Cheers, Ian
 > >
 > > The ipfilter was nating, but I'm not sure about the NAT rules inside the
 > config file, I must recheck it monday, I just tested the redirection rules,
 > do you think this can be the problem?

Dunno.  I'd just run tcpdump in a different terminal for each interface
and watch the traffic; what gets forwarded, or not, what gets translated
by NAT, or not.  As you said, pings are a useful start, as can be adding
temporary firewall rules to log everything in and out per interface ..

I know next to nothing about routed(8) and RIP, nor why you might prefer
it to static and cloned routing, but taking it out of the mix might help
with debugging until your basic routing and filtering works right?

HTH, Ian

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Alaor Barroso de Carvalho Neto]

2007/11/24, Ian Smith <[EMAIL PROTECTED]>:
>
> ipfw works fine too for these sorts of network policy separation :)


So ipfilter is not recommended by you guyz?

If that wasn't a typo, this is a non-contiguous netmask.  I suspect you
> want 255.255.255.224, assuming the default router is in the same subnet?
>
> Specifying CIDR notation with route and ifconfig can make netmask
> fatfingering a bit less likely (eg here XXX.XXX.XXX.130/27)
>
> I'm not saying this odd netmask explains your problem, nor that I fully
> understand the effect of non-contiguous netmasks, but it's worth fixing.


My fault again, the mask is 255.255.255.224, I messed up the things the 27
come from XXX.XXX.XXX.XXX/27, you're right! But in the config file it's
.224.


On which machine/s is NAT translation taking place?  Eg if 10.10/16 were
> allowed access to the internet via here, where would they get NAT'd to
> the external IP?
>
> Cheers, Ian
>
> The ipfilter was nating, but I'm not sure about the NAT rules inside the
config file, I must recheck it monday, I just tested the redirection rules,
do you think this can be the problem?

Alaor
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Ian Smith]

On Fri, 23 Nov 2007 12:33:26 -0200
 "Alaor Barroso de Carvalho Neto" <[EMAIL PROTECTED]> wrote:
 > 2007/11/23, Bill Moran <[EMAIL PROTECTED]>:
 > >
 > > "Alaor Barroso de Carvalho Neto" <[EMAIL PROTECTED]> wrote:

[..]

 > > > > > em0 external world XXX.XXX.XXX.XXX
 > > > > > rl0 adm 192.168.1.80
 > > > > > rl1 acad 192.168.2.90
 > > > > > rl3 database 10.10.0.50
 > > > > >
 > > > > > They are all separated networks. What I want: 192.168.2 should only 
 > > > > > access
 > > > > > the internet, shouldn't have access to 192.168.1 or 10.10/16.
 > > > > > 192.168.1should access the internet and
 > > > > > 10.10/16, but shouldn't access the academic network. 10.10/16 should 
 > > > > > access
 > > > > > only the 192.168.1 network, but it's not a problem if they had 
 > > > > > access to
 > > > > > internet too.
 > > > > >
 > > > > > How I would set up my rc.conf with my static routes?
 > > > >
 > > > > This is beyond the scope of routing.  You'll need to install a packet
 > > > > filter.  The best at this time is probably pf:

ipfw works fine too for these sorts of network policy separation :)

 > > > Yes, I have IPFIlTER installed, but if I would want to everybody ping to
 > > > everybody and then block the things in the firewall, it isn't about 
 > > > routes?
 > > > because neighter of my networks are pinging to any other right now. By 
 > > > ping
 > > > I mean have access. I thought it would have something to do with setting
 > > > routes. BTW, my ipfilter now just pass everything because I'm building 
 > > > the
 > > > server, but I already have a config file with the blocks that I would 
 > > > apply.
 > >
 > > That's a completely different scenario than the one you described in
 > > your previous message.
 > >
 > > Do you have gatetway_enable="YES" in /etc/rc.conf?
 > >
 > > --
 > > Bill Moran
 > > http://www.potentialtech.com

Just to add a couple of points to what Bill's pursuing here:

 > Yeah, I know, I was trying to make it work with only adm and external, but
 > the real scenario I have is this. Yes I have this line, my rc.conf is like
 > this:
 > [...]
 > gateway_enable="yes"
 > defaultrouter="XXX.XXX.XXX.158" (the external ip)
 > ifconfig_em0="inet XXX.XXX.XXX.130 netmask 255.255.255.227"

If that wasn't a typo, this is a non-contiguous netmask.  I suspect you
want 255.255.255.224, assuming the default router is in the same subnet?

Specifying CIDR notation with route and ifconfig can make netmask
fatfingering a bit less likely (eg here XXX.XXX.XXX.130/27)

I'm not saying this odd netmask explains your problem, nor that I fully
understand the effect of non-contiguous netmasks, but it's worth fixing.

 > ifconfig_rl0="inet 192.168.1.80 netmask 255.255.255.0"
 > ifconfig_rl1="inet 192.168.2.90 netmask 255.255.255.0"
 > ifconfig_rl2="inet 10.10.0.50 netmask 255.255.0.0"
 > [...]

On which machine/s is NAT translation taking place?  Eg if 10.10/16 were
allowed access to the internet via here, where would they get NAT'd to
the external IP? 

Cheers, Ian

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Alaor Barroso de Carvalho Neto]

2007/11/23, Bill Moran <[EMAIL PROTECTED]>:
>
> > I'm going to the server room to test the command. And yes, the DNS is
> > working properly. I just came from the room and I did the command dig @
> > 192.168.1.1 google.ca and it said no server reached, then I did dig @
> > 127.0.0.1 google.ca and it worked!
>
> Is this on the FreeBSD machine?  I have a sneaking suspicion that your
> ipfilter rules are blocking everything.


 Yes, that's on the FreeBSD machine. I'm not sure about the RIP, I must
check. About the ipfilter, I disabled it in rc.conf and it still not
working. I'm not in my work anymore, only in monday I'll be able to run the
netstat, but I'm losing my hope.

Have a nice weekend brother.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Bill Moran]

"Alaor Barroso de Carvalho Neto" <[EMAIL PROTECTED]> wrote:
>
> >
> > First off, what's the output of "sysctl net.inet.ip.forwarding"?  If
> > it is 0, then reboot and see if it starts working.
> 
> The return was: net.inet.ip.forwarding 1

OK.  That's not the problem then ... did you disable ipfilter and try
without it?

> Routed is running, named is running, the server itself can ping to any
> network, I don't know what else to test.

Do you have RIP on your network?  Based on your description, it seems
unlikely that RIP is in use on your network ... I don't know what the
default behaviour is for routed when it can't acquire routing information.
What is the output of "netstat -rn"?

-- 
Bill Moran
http://www.potentialtech.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Alaor Barroso de Carvalho Neto]

>
> First off, what's the output of "sysctl net.inet.ip.forwarding"?  If
> it is 0, then reboot and see if it starts working.


The return was: net.inet.ip.forwarding 1
Routed is running, named is running, the server itself can ping to any
network, I don't know what else to test.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Alaor Barroso de Carvalho Neto]

>
> By ping, mean ping.  I don't know what "have access" means, but I know
> what
> "ping" means.


Well I say have access because the icpm would be blocked, but I would still
have communicationwith the network even if I didn't ping. But yeah, for
meright now ping and have access is the same once the firewall s passing
anything.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Alaor Barroso de Carvalho Neto]

2007/11/23, Bill Moran <[EMAIL PROTECTED]>:
>
> "Alaor Barroso de Carvalho Neto" <[EMAIL PROTECTED]> wrote:
> >
> > 2007/11/23, Bill Moran <[EMAIL PROTECTED]>:
> > >
> > > "Alaor Barroso de Carvalho Neto" <[EMAIL PROTECTED]> wrote:
> > >
> > > > Yes, I have IPFIlTER installed, but if I would want to everybody
> ping to
> > > > everybody and then block the things in the firewall, it isn't about
> routes?
> > > > because neighter of my networks are pinging to any other right now.
> By ping
> > > > I mean have access.
>
> By ping, mean ping.  I don't know what "have access" means, but I know
> what
> "ping" means.
>
> So what do you really mean ... what are you actually doing?  If you run
> ping 192.168.1.[some working IP] from a machine on the 192.168.2.0/24
> network, what is the result?
>
> > > > I thought it would have something to do with setting
> > > > routes. BTW, my ipfilter now just pass everything because I'm
> building the
> > > > server, but I already have a config file with the blocks that I
> would apply.
> > >
> > > That's a completely different scenario than the one you described in
> > > your previous message.
> > >
> > > Do you have gatetway_enable="YES" in /etc/rc.conf?
> >
> > Yeah, I know, I was trying to make it work with only adm and external,
> but
> > the real scenario I have is this. Yes I have this line, my rc.conf is
> like
> > this:
> > [...]
> > gateway_enable="yes"
> > defaultrouter="XXX.XXX.XXX.158" (the external ip)
> > ifconfig_em0="inet XXX.XXX.XXX.130 netmask 255.255.255.227"
> > ifconfig_rl0="inet 192.168.1.80 netmask 255.255.255.0"
> > ifconfig_rl1="inet 192.168.2.90 netmask 255.255.255.0"
> > ifconfig_rl2="inet 10.10.0.50 netmask 255.255.0.0"
> > [...]
> >
> > I don't know if that matters, but the yes should be YES to things work?
> I'd
> > kill myself if this is the problem.
>
> Don't kill yourself.  At least, if you do, will me all your stuff.
>
> The parameter is case-insensitive, I just prefer the caps.
>
> First off, what's the output of "sysctl net.inet.ip.forwarding"?  If
> it is 0, then reboot and see if it starts working.
>
> Once you're sure that sysctl is being properly set (which is all that
> gateway_enable="yes" does), if you're still having problems, disable
> ipfilter altogether and see if it starts working.  If it does, then
> it becomes a discussion of firewall rules.
>
> Also, is your DNS working properly?  I don't know how many times I've
> seen DNS timeouts mistaken for network problems.  99% of the programs
> out there will _seem_ to have a network problem if the DNS isn't working
> properly.
>
> --
> Bill Moran
> http://www.potentialtech.com
>


I don't have that much stuff at all, only some bills to pay, we have a deal?
;)

I'm going to the server room to test the command. And yes, the DNS is
working properly. I just came from the room and I did the command dig @
192.168.1.1 google.ca and it said no server reached, then I did dig @
127.0.0.1 google.ca and it worked! Then I gone to the DNS machine and tried
to ping to the IP that dig gave me, it can't. I changed the ip of the
FreeBSD box to 192.168.1.240 and turned on the linux machine back with the
ip 192.168.1.80 and did dig @192.168.1.1 googla.ca and it worked! Gone to
the DNS machine and pinged to the IP dig gave me and it worked. It seems
like the dns machine have no access to the external network..
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Bill Moran]

"Alaor Barroso de Carvalho Neto" <[EMAIL PROTECTED]> wrote:
>
> 2007/11/23, Bill Moran <[EMAIL PROTECTED]>:
> >
> > "Alaor Barroso de Carvalho Neto" <[EMAIL PROTECTED]> wrote:
> >
> > > Yes, I have IPFIlTER installed, but if I would want to everybody ping to
> > > everybody and then block the things in the firewall, it isn't about 
> > > routes?
> > > because neighter of my networks are pinging to any other right now. By 
> > > ping
> > > I mean have access.

By ping, mean ping.  I don't know what "have access" means, but I know what
"ping" means.

So what do you really mean ... what are you actually doing?  If you run
ping 192.168.1.[some working IP] from a machine on the 192.168.2.0/24
network, what is the result?

> > > I thought it would have something to do with setting
> > > routes. BTW, my ipfilter now just pass everything because I'm building the
> > > server, but I already have a config file with the blocks that I would 
> > > apply.
> >
> > That's a completely different scenario than the one you described in
> > your previous message.
> >
> > Do you have gatetway_enable="YES" in /etc/rc.conf?
> 
> Yeah, I know, I was trying to make it work with only adm and external, but
> the real scenario I have is this. Yes I have this line, my rc.conf is like
> this:
> [...]
> gateway_enable="yes"
> defaultrouter="XXX.XXX.XXX.158" (the external ip)
> ifconfig_em0="inet XXX.XXX.XXX.130 netmask 255.255.255.227"
> ifconfig_rl0="inet 192.168.1.80 netmask 255.255.255.0"
> ifconfig_rl1="inet 192.168.2.90 netmask 255.255.255.0"
> ifconfig_rl2="inet 10.10.0.50 netmask 255.255.0.0"
> [...]
> 
> I don't know if that matters, but the yes should be YES to things work? I'd
> kill myself if this is the problem.

Don't kill yourself.  At least, if you do, will me all your stuff.

The parameter is case-insensitive, I just prefer the caps.

First off, what's the output of "sysctl net.inet.ip.forwarding"?  If
it is 0, then reboot and see if it starts working.

Once you're sure that sysctl is being properly set (which is all that
gateway_enable="yes" does), if you're still having problems, disable
ipfilter altogether and see if it starts working.  If it does, then
it becomes a discussion of firewall rules.

Also, is your DNS working properly?  I don't know how many times I've
seen DNS timeouts mistaken for network problems.  99% of the programs
out there will _seem_ to have a network problem if the DNS isn't working
properly.

-- 
Bill Moran
http://www.potentialtech.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Alaor Barroso de Carvalho Neto]

2007/11/23, Bill Moran <[EMAIL PROTECTED]>:
>
> "Alaor Barroso de Carvalho Neto" <[EMAIL PROTECTED]> wrote:
> >
> > 2007/11/23, Bill Moran <[EMAIL PROTECTED]>:
> > >
> > > "Alaor Barroso de Carvalho Neto" <[EMAIL PROTECTED]> wrote:
> > > >
> > > > OK guyz, I did some tests and I found the error, like you said, it's
> a
> > > > config problem with the routes, I thought the routed daemon would
> care of it
> > > > for me but it seems like it don't. Please I ask you to forget the
> scenario I
> > > > said before, now what i have is:
> > > >
> > > > The dns server is now with the IP 192.168.1.1. But to turn things
> more easy
> > > > I installed it in the FreeBSD box that is gonna be my gateway and
> proxy
> > > > machine, so the problem isn't about the dns anymore.
> > > >
> > > > I work in a school and I have now this sccenario two local networks,
> > > > 192.168.1/24, an administrative network and 192.168.2/24, an
> academic
> > > > network, plus I must have access to a network of other school with
> the ip
> > > > 10.10/16, because they share their database serverwith us. So the
> FreeBSD
> > > > machine have four network cards:
> > > >
> > > > em0 external world XXX.XXX.XXX.XXX
> > > > rl0 adm 192.168.1.80
> > > > rl1 acad 192.168.2.90
> > > > rl3 database 10.10.0.50
> > > >
> > > > They are all separated networks. What I want: 192.168.2 should only
> access
> > > > the internet, shouldn't have access to 192.168.1 or 10.10/16.
> > > > 192.168.1should access the internet and
> > > > 10.10/16, but shouldn't access the academic network. 10.10/16 should
> access
> > > > only the 192.168.1 network, but it's not a problem if they had
> access to
> > > > internet too.
> > > >
> > > > How I would set up my rc.conf with my static routes?
> > >
> > > This is beyond the scope of routing.  You'll need to install a packet
> > > filter.  The best at this time is probably pf:
> > >
> > >
> http://www.freebsd.org/cgi/man.cgi?query=pfctl&sektion=8&apropos=0&manpath=FreeBSD+6.2-RELEASE
> > >
> > >
> http://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=FreeBSD+6.2-RELEASE&format=html
> >
> > Yes, I have IPFIlTER installed, but if I would want to everybody ping to
> > everybody and then block the things in the firewall, it isn't about
> routes?
> > because neighter of my networks are pinging to any other right now. By
> ping
> > I mean have access. I thought it would have something to do with setting
> > routes. BTW, my ipfilter now just pass everything because I'm building
> the
> > server, but I already have a config file with the blocks that I would
> apply.
>
> That's a completely different scenario than the one you described in
> your previous message.
>
> Do you have gatetway_enable="YES" in /etc/rc.conf?
>
> --
> Bill Moran
> http://www.potentialtech.com
>

Yeah, I know, I was trying to make it work with only adm and external, but
the real scenario I have is this. Yes I have this line, my rc.conf is like
this:
[...]
gateway_enable="yes"
defaultrouter="XXX.XXX.XXX.158" (the external ip)
ifconfig_em0="inet XXX.XXX.XXX.130 netmask 255.255.255.227"
ifconfig_rl0="inet 192.168.1.80 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.2.90 netmask 255.255.255.0"
ifconfig_rl2="inet 10.10.0.50 netmask 255.255.0.0"
[...]

I don't know if that matters, but the yes should be YES to things work? I'd
kill myself if this is the problem.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Bill Moran]

"Alaor Barroso de Carvalho Neto" <[EMAIL PROTECTED]> wrote:
>
> 2007/11/23, Bill Moran <[EMAIL PROTECTED]>:
> >
> > "Alaor Barroso de Carvalho Neto" <[EMAIL PROTECTED]> wrote:
> > >
> > > OK guyz, I did some tests and I found the error, like you said, it's a
> > > config problem with the routes, I thought the routed daemon would care of 
> > > it
> > > for me but it seems like it don't. Please I ask you to forget the 
> > > scenario I
> > > said before, now what i have is:
> > >
> > > The dns server is now with the IP 192.168.1.1. But to turn things more 
> > > easy
> > > I installed it in the FreeBSD box that is gonna be my gateway and proxy
> > > machine, so the problem isn't about the dns anymore.
> > >
> > > I work in a school and I have now this sccenario two local networks,
> > > 192.168.1/24, an administrative network and 192.168.2/24, an academic
> > > network, plus I must have access to a network of other school with the ip
> > > 10.10/16, because they share their database serverwith us. So the FreeBSD
> > > machine have four network cards:
> > >
> > > em0 external world XXX.XXX.XXX.XXX
> > > rl0 adm 192.168.1.80
> > > rl1 acad 192.168.2.90
> > > rl3 database 10.10.0.50
> > >
> > > They are all separated networks. What I want: 192.168.2 should only access
> > > the internet, shouldn't have access to 192.168.1 or 10.10/16.
> > > 192.168.1should access the internet and
> > > 10.10/16, but shouldn't access the academic network. 10.10/16 should 
> > > access
> > > only the 192.168.1 network, but it's not a problem if they had access to
> > > internet too.
> > >
> > > How I would set up my rc.conf with my static routes?
> >
> > This is beyond the scope of routing.  You'll need to install a packet
> > filter.  The best at this time is probably pf:
> >
> > http://www.freebsd.org/cgi/man.cgi?query=pfctl&sektion=8&apropos=0&manpath=FreeBSD+6.2-RELEASE
> >
> > http://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=FreeBSD+6.2-RELEASE&format=html
> 
> Yes, I have IPFIlTER installed, but if I would want to everybody ping to
> everybody and then block the things in the firewall, it isn't about routes?
> because neighter of my networks are pinging to any other right now. By ping
> I mean have access. I thought it would have something to do with setting
> routes. BTW, my ipfilter now just pass everything because I'm building the
> server, but I already have a config file with the blocks that I would apply.

That's a completely different scenario than the one you described in
your previous message.

Do you have gatetway_enable="YES" in /etc/rc.conf?

-- 
Bill Moran
http://www.potentialtech.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Bill Moran]

"Alaor Barroso de Carvalho Neto" <[EMAIL PROTECTED]> wrote:
>
> OK guyz, I did some tests and I found the error, like you said, it's a
> config problem with the routes, I thought the routed daemon would care of it
> for me but it seems like it don't. Please I ask you to forget the scenario I
> said before, now what i have is:
> 
> The dns server is now with the IP 192.168.1.1. But to turn things more easy
> I installed it in the FreeBSD box that is gonna be my gateway and proxy
> machine, so the problem isn't about the dns anymore.
> 
> I work in a school and I have now this sccenario two local networks,
> 192.168.1/24, an administrative network and 192.168.2/24, an academic
> network, plus I must have access to a network of other school with the ip
> 10.10/16, because they share their database serverwith us. So the FreeBSD
> machine have four network cards:
> 
> em0 external world XXX.XXX.XXX.XXX
> rl0 adm 192.168.1.80
> rl1 acad 192.168.2.90
> rl3 database 10.10.0.50
> 
> They are all separated networks. What I want: 192.168.2 should only access
> the internet, shouldn't have access to 192.168.1 or 10.10/16.
> 192.168.1should access the internet and
> 10.10/16, but shouldn't access the academic network. 10.10/16 should access
> only the 192.168.1 network, but it's not a problem if they had access to
> internet too.
> 
> How I would set up my rc.conf with my static routes?

This is beyond the scope of routing.  You'll need to install a packet
filter.  The best at this time is probably pf:
http://www.freebsd.org/cgi/man.cgi?query=pfctl&sektion=8&apropos=0&manpath=FreeBSD+6.2-RELEASE
http://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=FreeBSD+6.2-RELEASE&format=html

-- 
Bill Moran
http://www.potentialtech.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Alaor Barroso de Carvalho Neto]

2007/11/23, Bill Moran <[EMAIL PROTECTED]>:
>
> "Alaor Barroso de Carvalho Neto" <[EMAIL PROTECTED]> wrote:
> >
> > OK guyz, I did some tests and I found the error, like you said, it's a
> > config problem with the routes, I thought the routed daemon would care
> of it
> > for me but it seems like it don't. Please I ask you to forget the
> scenario I
> > said before, now what i have is:
> >
> > The dns server is now with the IP 192.168.1.1. But to turn things more
> easy
> > I installed it in the FreeBSD box that is gonna be my gateway and proxy
> > machine, so the problem isn't about the dns anymore.
> >
> > I work in a school and I have now this sccenario two local networks,
> > 192.168.1/24, an administrative network and 192.168.2/24, an academic
> > network, plus I must have access to a network of other school with the
> ip
> > 10.10/16, because they share their database serverwith us. So the
> FreeBSD
> > machine have four network cards:
> >
> > em0 external world XXX.XXX.XXX.XXX
> > rl0 adm 192.168.1.80
> > rl1 acad 192.168.2.90
> > rl3 database 10.10.0.50
> >
> > They are all separated networks. What I want: 192.168.2 should only
> access
> > the internet, shouldn't have access to 192.168.1 or 10.10/16.
> > 192.168.1should access the internet and
> > 10.10/16, but shouldn't access the academic network. 10.10/16 should
> access
> > only the 192.168.1 network, but it's not a problem if they had access to
> > internet too.
> >
> > How I would set up my rc.conf with my static routes?
>
> This is beyond the scope of routing.  You'll need to install a packet
> filter.  The best at this time is probably pf:
>
> http://www.freebsd.org/cgi/man.cgi?query=pfctl&sektion=8&apropos=0&manpath=FreeBSD+6.2-RELEASE
>
> http://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=FreeBSD+6.2-RELEASE&format=html
>
> --
> Bill Moran
> http://www.potentialtech.com
>

Yes, I have IPFIlTER installed, but if I would want to everybody ping to
everybody and then block the things in the firewall, it isn't about routes?
because neighter of my networks are pinging to any other right now. By ping
I mean have access. I thought it would have something to do with setting
routes. BTW, my ipfilter now just pass everything because I'm building the
server, but I already have a config file with the blocks that I would apply.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Alaor Barroso de Carvalho Neto]

OK guyz, I did some tests and I found the error, like you said, it's a
config problem with the routes, I thought the routed daemon would care of it
for me but it seems like it don't. Please I ask you to forget the scenario I
said before, now what i have is:

The dns server is now with the IP 192.168.1.1. But to turn things more easy
I installed it in the FreeBSD box that is gonna be my gateway and proxy
machine, so the problem isn't about the dns anymore.

I work in a school and I have now this sccenario two local networks,
192.168.1/24, an administrative network and 192.168.2/24, an academic
network, plus I must have access to a network of other school with the ip
10.10/16, because they share their database serverwith us. So the FreeBSD
machine have four network cards:

em0 external world XXX.XXX.XXX.XXX
rl0 adm 192.168.1.80
rl1 acad 192.168.2.90
rl3 database 10.10.0.50

They are all separated networks. What I want: 192.168.2 should only access
the internet, shouldn't have access to 192.168.1 or 10.10/16.
192.168.1should access the internet and
10.10/16, but shouldn't access the academic network. 10.10/16 should access
only the 192.168.1 network, but it's not a problem if they had access to
internet too.

How I would set up my rc.conf with my static routes?

Thankz for the attention you're having with me guyz, hugs!


2007/11/21, Steve Bertrand <[EMAIL PROTECTED]>:
>
> Alaor Barroso de Carvalho Neto wrote:
> > Sorry,
> >  searchdomain ...
> > nameserver 192.168.1.2
> >
> > not 192.168.1.1 as I've said before.
>
> What about:
>
> # dig @192.168.1.2 google.ca
>
> Also, I don't know if it has any impact, but my resolv.conf shows just
> 'search mydomain.com' as opposed to searchdomain. Perhaps you could fix
> that to see if it helps.
>
> Steve
>
>


-- 
Atenciosamente,
Alaor Neto
CEFET Campos/UNED Macaé
Coordenação de Tecnologia da Informação
(22) 9217-3198 / (22) 2773-6530 ramal 2035
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Steve Bertrand]

Alaor Barroso de Carvalho Neto wrote:
> Sorry,
>  searchdomain ...
> nameserver 192.168.1.2
> 
> not 192.168.1.1 as I've said before.

What about:

# dig @192.168.1.2 google.ca

Also, I don't know if it has any impact, but my resolv.conf shows just
'search mydomain.com' as opposed to searchdomain. Perhaps you could fix
that to see if it helps.

Steve

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Alaor Barroso de Carvalho Neto]

The nameserver is the 192.168.1.2 in the resolv.conf, sorry my fault. I'm
gonna copy the rc.conf and paste here. But the routes are OK and still OK
for any time when the machine is not the main gateway and have some few
clients using it as gateway, if it was a config problem it wouldn't work
never, no? Is there any chance of the traffic of the network be the
responsible for that???
Thankz the help


2007/11/21, Bill Moran <[EMAIL PROTECTED]>:
>
> In response to "Alaor Barroso de Carvalho Neto" <[EMAIL PROTECTED]>:
>
> > Sorry my english skills, I'm brazilian and I'm not very familiar with
> the
> > language, but I'm gonna try to explain it clearly:
> >
> > LINUX SERVER
> > private network 192.168.1.1
> > external network x.x.x.x
> >
> > FREEBSD SERVER
> > private network 192.168.1.240
> > external network x.x.x.x
> >
> > DNS SERVER
> > private network 192.168.1.2
> >
> > The LINUX machine is the network gateway, I want the FREEBSD to be the
> > gateway, so I tested the freebsd machine configuring some clients
> manually
> > to use the 192.168.1.240 as gateway, 3 machines, everything worked. So I
> > thought: time to replace the linux server. So I turned off the linux
> machine
> > and changed the ip of freebsd to 192.168.1.1, just it, and then it stop
> > working, it can resolv dns for some seconds and then stop. Something
> I've
> > noticed, when it's not the network gateway in fact, with just some
> machines
> > using it as gateway, the return of netstat -r is ok, with the routes of
> the
> > machines accessing it, the active conections, if I just change the ip
> and
> > turn off the LINUX machine, the netstat -r return me no routes at all.
> > Pretty strange.
> >
> > My nameserver is just
> > searchdomain ...
> > nameserver 192.168.1.1
>
> You've pointed the FreeBSD machine at itself for DNS.  Do you have a DNS
> server running on this system?  If not, you need to point it at a valid
> DNS server.
>
> If routes are missing then something is configured wrong.  If you'd post
> the contents of /etc/rc.conf, it's more likely that we could provide
> more detailed assistance.
>
> --
> Bill Moran
> http://www.potentialtech.com
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> [EMAIL PROTECTED]"
>



-- 
Atenciosamente,
Alaor Neto
CEFET Campos/UNED Macaé
Coordenação de Tecnologia da Informação
(22) 9217-3198 / (22) 2773-6530 ramal 2035
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Bill Moran]

In response to "Alaor Barroso de Carvalho Neto" <[EMAIL PROTECTED]>:

> Sorry my english skills, I'm brazilian and I'm not very familiar with the
> language, but I'm gonna try to explain it clearly:
> 
> LINUX SERVER
> private network 192.168.1.1
> external network x.x.x.x
> 
> FREEBSD SERVER
> private network 192.168.1.240
> external network x.x.x.x
> 
> DNS SERVER
> private network 192.168.1.2
> 
> The LINUX machine is the network gateway, I want the FREEBSD to be the
> gateway, so I tested the freebsd machine configuring some clients manually
> to use the 192.168.1.240 as gateway, 3 machines, everything worked. So I
> thought: time to replace the linux server. So I turned off the linux machine
> and changed the ip of freebsd to 192.168.1.1, just it, and then it stop
> working, it can resolv dns for some seconds and then stop. Something I've
> noticed, when it's not the network gateway in fact, with just some machines
> using it as gateway, the return of netstat -r is ok, with the routes of the
> machines accessing it, the active conections, if I just change the ip and
> turn off the LINUX machine, the netstat -r return me no routes at all.
> Pretty strange.
> 
> My nameserver is just
> searchdomain ...
> nameserver 192.168.1.1

You've pointed the FreeBSD machine at itself for DNS.  Do you have a DNS
server running on this system?  If not, you need to point it at a valid
DNS server.

If routes are missing then something is configured wrong.  If you'd post
the contents of /etc/rc.conf, it's more likely that we could provide
more detailed assistance.

-- 
Bill Moran
http://www.potentialtech.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Alaor Barroso de Carvalho Neto]

Sorry,
 searchdomain ...
nameserver 192.168.1.2

not 192.168.1.1 as I've said before.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Alaor Barroso de Carvalho Neto]

Sorry my english skills, I'm brazilian and I'm not very familiar with the
language, but I'm gonna try to explain it clearly:

LINUX SERVER
private network 192.168.1.1
external network x.x.x.x

FREEBSD SERVER
private network 192.168.1.240
external network x.x.x.x

DNS SERVER
private network 192.168.1.2

The LINUX machine is the network gateway, I want the FREEBSD to be the
gateway, so I tested the freebsd machine configuring some clients manually
to use the 192.168.1.240 as gateway, 3 machines, everything worked. So I
thought: time to replace the linux server. So I turned off the linux machine
and changed the ip of freebsd to 192.168.1.1, just it, and then it stop
working, it can resolv dns for some seconds and then stop. Something I've
noticed, when it's not the network gateway in fact, with just some machines
using it as gateway, the return of netstat -r is ok, with the routes of the
machines accessing it, the active conections, if I just change the ip and
turn off the LINUX machine, the netstat -r return me no routes at all.
Pretty strange.

My nameserver is just
searchdomain ...
nameserver 192.168.1.1

2007/11/21, Steve Bertrand <[EMAIL PROTECTED]>:

> Alaor Barroso de Carvalho Neto wrote:
> > If I turn off linux and set the rl0 to 192.168.1.1 it
> > stop resolving names but can ping to anywhere. Help!!!
> > in the rc.conf
> > gateway_enable="YES"
> > defaultrouter="X.X.X.X"
>
> I don't know if I quite understand on which machine things are breaking,
> but if it is a FreeBSD box, can you post the output to:
>
> # cat /etc/resolv.conf
>
> ...and
>
> # dig @192.168.1.2 google.ca
>
> Steve
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing problem

[Steve Bertrand]

Alaor Barroso de Carvalho Neto wrote:
> If I turn off linux and set the rl0 to 192.168.1.1 it
> stop resolving names but can ping to anywhere. Help!!!
> in the rc.conf
> gateway_enable="YES"
> defaultrouter="X.X.X.X"

I don't know if I quite understand on which machine things are breaking,
but if it is a FreeBSD box, can you post the output to:

# cat /etc/resolv.conf

...and

# dig @192.168.1.2 google.ca

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing between subnets

[Eygene Ryabinkin]

Neo, good day.

Fri, May 04, 2007 at 07:27:20PM +0200, Neo [GC] wrote:
> Config at home (deleted all unnessesary):
> 
> Output of ifconfig:
> fxp0: flags=8843 mtu 1500
> options=8
> inet 192.168.2.2 netmask 0xff00 broadcast 192.168.2.255
> tun0: flags=8051 mtu 1500
> inet 10.10.0.6 --> 10.10.0.5 netmask 0x
> 
> 
> Config at the VPN-server:
> 
> Output of ifconfig:
> tun0: flags=8051 mtu 1500
> inet 10.10.0.1 --> 10.10.0.2 netmask 0x

It will be good if you will provide the picture of the network: I
see two tunnels here (10.10.0.6:10.10.0.5 and 10.10.0.1:10.10.0.2)
and no signs of how these are connected to each other and where
the endpoints of tunnels are situated.
-- 
Eygene
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing problem

[Jonathan Chen]

On Thu, Feb 08, 2007 at 12:10:07PM +0200, George Vanev wrote:
> I have FreeBSD 6.2 box with 1 NIC and 2 IPs.
> The first IP is to access internet, the second
> is for the ISP's LAN.
> Unfortunately I have internet, but no access to
> the other network.

We need network IP configuration details; ie addresses, netmasks, et
al.
-- 
Jonathan Chen <[EMAIL PROTECTED]>
--
  "Opportunity does not knock,
   it presents itself when you beat down the door" - W.E. Channing
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing problem

[George Vanev]

Nothing?  You're able to arp 192.168.64.1 and 192.168.64.3, can you ping
them?

Since you have an RFC-1918 address on both the inside and the outside, I
assume you're running nat on this machine to translate internal machine
traffic.  It looks like you have all the routes you need, so my _guess_
at this point is that when the public address is up, the nat is preventing
traffic from going out that interface without being translated.  Once it
has a public address, it can't route properly on the 192.168.64/22 space.

Have a look at what you're using for nat.  If you can't see anything
obviously at odds, post your nat/firewall/related config.

--
Bill Moran
Collaborative Fusion Inc.


No I can't ping them.
Just to be sure I switched off the natd... It's the same.
I want the FreeBSD box to connect to both - internet and 192.168.64/22
and the I'll think of the nat


--
George Vanev
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing problem

[Bill Moran]

In response to "George Vanev" <[EMAIL PROTECTED]>:

> On 2/8/07, Bill Moran <[EMAIL PROTECTED]> wrote:
> >
> > In response to "George Vanev" <[EMAIL PROTECTED]>:
> >
> > > I have FreeBSD 6.2 box with 1 NIC and 2 IPs.
> > > The first IP is to access internet, the second
> > > is for the ISP's LAN.
> > > Unfortunately I have internet, but no access to
> > > the other network.
> > >
> > > I made a test. I assigned to the NIC only the local
> > > IP and removed the defaultrouter. Then, of course,
> > > I have no internet but was able to access the ISP's
> > > network.
> > >
> > > I've tried everything I know, but still nothing
> >
> > Consider providing more details, such as the output of ifconfig and
> > netstat -rn.
> >
> > Sure sounds like a routing issue, but I doubt anyone can say anything
> > more without details.
> 
> You are right.
> 
> ifconfig
> --
> rl0: flags=8843 mtu 1500
> options=8
> inet 212.25.37.96 netmask 0xff00 broadcast 212.25.37.255
> inet 192.168.67.41 netmask 0xfc00 broadcast 192.168.67.255
> ether 00:17:31:e7:92:18
> media: Ethernet autoselect (100baseTX )
> status: active
> rl1: flags=8843 mtu 1500
> options=8
> inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
> ether 00:50:bf:d5:f1:33
> media: Ethernet autoselect (100baseTX )
> status: active
> plip0: flags=108810 mtu 1500
> lo0: flags=8049 mtu 16384
> inet 127.0.0.1 netmask 0xff00
> 
> 
> 
> 
> Routing tables
> 
> Internet:
> DestinationGatewayFlagsRefs  Use  Netif Expire
> default212.25.37.1UGS 0   458268rl0
> 10/24  link#2 UC  00rl1
> 10.0.0.2   00:15:60:ae:f7:61  UHLW1   231827rl1922
> 10.0.0.3   00:17:08:2d:08:26  UHLW1 1686rl1   1004
> 10.0.0.255 ff:ff:ff:ff:ff:ff  UHLWb   1   67rl1
> 127.0.0.1  127.0.0.1  UH  00lo0
> 192.168.64/22  link#1 UC  00rl0
> 192.168.64.1   00:02:a5:90:a9:b6  UHLW10rl0   1200
> 192.168.64.3   00:17:08:58:83:8d  UHLW10rl0   1113
> 212.25.37  link#1 UC  00rl0
> 212.25.37.100:02:a5:90:a9:b6  UHLW20rl0   1195
> In this case I can't access nothing from 192.168.64/22

Nothing?  You're able to arp 192.168.64.1 and 192.168.64.3, can you ping
them?

Since you have an RFC-1918 address on both the inside and the outside, I
assume you're running nat on this machine to translate internal machine
traffic.  It looks like you have all the routes you need, so my _guess_
at this point is that when the public address is up, the nat is preventing
traffic from going out that interface without being translated.  Once it
has a public address, it can't route properly on the 192.168.64/22 space.

Have a look at what you're using for nat.  If you can't see anything
obviously at odds, post your nat/firewall/related config.

-- 
Bill Moran
Collaborative Fusion Inc.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing problem

[George Vanev]

On 2/8/07, Bill Moran <[EMAIL PROTECTED]> wrote:


In response to "George Vanev" <[EMAIL PROTECTED]>:

> I have FreeBSD 6.2 box with 1 NIC and 2 IPs.
> The first IP is to access internet, the second
> is for the ISP's LAN.
> Unfortunately I have internet, but no access to
> the other network.
>
> I made a test. I assigned to the NIC only the local
> IP and removed the defaultrouter. Then, of course,
> I have no internet but was able to access the ISP's
> network.
>
> I've tried everything I know, but still nothing

Consider providing more details, such as the output of ifconfig and
netstat -rn.

Sure sounds like a routing issue, but I doubt anyone can say anything
more without details.

--
Bill Moran
Collaborative Fusion Inc.



You are right.

ifconfig
--
rl0: flags=8843 mtu 1500
   options=8
   inet 212.25.37.96 netmask 0xff00 broadcast 212.25.37.255
   inet 192.168.67.41 netmask 0xfc00 broadcast 192.168.67.255
   ether 00:17:31:e7:92:18
   media: Ethernet autoselect (100baseTX )
   status: active
rl1: flags=8843 mtu 1500
   options=8
   inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
   ether 00:50:bf:d5:f1:33
   media: Ethernet autoselect (100baseTX )
   status: active
plip0: flags=108810 mtu 1500
lo0: flags=8049 mtu 16384
   inet 127.0.0.1 netmask 0xff00




Routing tables

Internet:
DestinationGatewayFlagsRefs  Use  Netif Expire
default212.25.37.1UGS 0   458268rl0
10/24  link#2 UC  00rl1
10.0.0.2   00:15:60:ae:f7:61  UHLW1   231827rl1922
10.0.0.3   00:17:08:2d:08:26  UHLW1 1686rl1   1004
10.0.0.255 ff:ff:ff:ff:ff:ff  UHLWb   1   67rl1
127.0.0.1  127.0.0.1  UH  00lo0
192.168.64/22  link#1 UC  00rl0
192.168.64.1   00:02:a5:90:a9:b6  UHLW10rl0   1200
192.168.64.3   00:17:08:58:83:8d  UHLW10rl0   1113
212.25.37  link#1 UC  00rl0
212.25.37.100:02:a5:90:a9:b6  UHLW20rl0   1195
In this case I can't access nothing from 192.168.64/22

rl0: flags=8843 mtu 1500
   options=8
   inet 192.168.67.41 netmask 0xfc00 broadcast 192.168.67.255
   ether 00:17:31:e7:92:18
   media: Ethernet autoselect (100baseTX )
   status: active
rl1: flags=8843 mtu 1500
   options=8
   inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
   ether 00:50:bf:d5:f1:33
   media: Ethernet autoselect (100baseTX )
   status: active
plip0: flags=108810 mtu 1500
lo0: flags=8049 mtu 16384
   inet 127.0.0.1 netmask 0xff00



Routing tables

Internet:
DestinationGatewayFlagsRefs  Use  Netif Expire
10/24  link#2 UC  00rl1
10.0.0.2   00:15:60:ae:f7:61  UHLW1   232034rl1784
10.0.0.3   00:17:08:2d:08:26  UHLW1 1712rl1866
10.0.0.255 ff:ff:ff:ff:ff:ff  UHLWb   1   67rl1
127.0.0.1  127.0.0.1  UH  00lo0
192.168.64/22  link#1 UC  00rl0

In this case I don't have internet, but I can access 192.168.64/22


--
George Vanev
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing problem

[Bill Moran]

In response to "George Vanev" <[EMAIL PROTECTED]>:

> I have FreeBSD 6.2 box with 1 NIC and 2 IPs.
> The first IP is to access internet, the second
> is for the ISP's LAN.
> Unfortunately I have internet, but no access to
> the other network.
> 
> I made a test. I assigned to the NIC only the local
> IP and removed the defaultrouter. Then, of course,
> I have no internet but was able to access the ISP's
> network.
> 
> I've tried everything I know, but still nothing

Consider providing more details, such as the output of ifconfig and
netstat -rn.

Sure sounds like a routing issue, but I doubt anyone can say anything
more without details.

-- 
Bill Moran
Collaborative Fusion Inc.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: routing and networking help. (urgent help please)

[Marwan Sultan]

FIXED, ignore this email..

However no one has answered.


Hello Gurus,

   This is an Urgent help, as everything pending, waiting.. a FreeBSD 
Solution.
   and I appologize if I will explain in details, please be  patient with 
me.


   Just yesterday, our ISP installed 2 routers (both 3com) at our main 
office.
   One router acting for Datalink between the office and the branch 
(datarouter)

   One for the internet connection.(internet router)

   one short cable connected from the internet router to datalink router
   So everyone on the WAN has internet access which we donot want.
   So we decided to have our FreeBSD 6.1-R server, managing all the job.

   So I installed a FreeBSD box, with NATd enabled, this is how it works
   Internet router <--->  rl0 192.168.0.3 freebsd dc0 192.168.1.1 <---> 
switch <---> all clinets

   also a cat5 cable hookedup from the datalink router to the switch.
   So the switch having the clinets+datalink router + lan freebsd cable.
   The datalink router connected to the branch site also WAN.

   the internet router has the following configurations.
   IP 192.168.0.2 gateway 192.168.0.254
   and the datalink configuration has the follow
   gateway 192.168.0.253
   WAN (branch site)
   IPs of 192.168.2.xx gateway 192.168.0.254
   ALL can ping each other and see each other..(if there is no freebsd 
server)

   also wan works perfectly.. with no FreeBSD server..
   Here is the problem

   the problem when I configure my fbsd lan interface to 192.168.1.1
   and my clinets will have the IP
   192.168.1.x/24 with gateway 192.168.0.254
   wthey will have the internet.. and will NOT see any datalink clients,
   nor will see the WAN on the branch site. (diffrences of IPs and 
gateways)
   because clinets directed to the fbsd server which regonize 192.168.0.254 
(internet router)


   If I configure my clients behind fbsd nat server to IPs of
   192.168.0.x/24 and gateway 192.168.0.253 (Insted of 192.168.1.x and gw 
192.168.0.254)

   they will see the datalink and wan but no internet.

   How would I make all clinets have my fbsd lan ips 192.168.1.x/24
   and freebsd will have the ability to see the two gateways
   192.168.0.254 (internet router) and 192.168.0.253 (datalink router)

   In short words, all clinets should be connected to FreeBSD server lan 
interface
   but in the same time, freebsd will route and manage to the requests for 
wan.


   Second problem:
   If i have rl0 to host my internet router real IP
   and defautlrouter to the NAT ip, internet will not work.
   ifconfig_rl0="inet 62.215.x.6  netmask 255.255.255.252"
   defaultrouter="62.215.x.5" #internet router IP
   No Internet.
   but if i host my rl0 to 192.168.0.3
   and defaultrouter to 192.168.0.254 (internet router gateway)
   internet will work...
   ifconfig_rl0="inet 192.168.0.3  netmask 255.255.255.0"
   defaultrouter="192.168.0.254"

   The first case, disabling nat from router and having it to freebsd only
   second case, having the router to NAT and again freebsd doing another 
nat.


   Sorry Gurus for the long emails, excuse me, and waiting your reply asap.

   -Marwan Sultan.

_
FREE pop-up blocking with the new MSN Toolbar - get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Routing

[Michael K. Smith - Adhost]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:owner-freebsd-
> [EMAIL PROTECTED] On Behalf Of Office of the CIO-rithy4u.NET
> Sent: Monday, January 01, 2007 2:17 AM
> To: freebsd-questions@freebsd.org
> Subject: Routing
> 
> I try to do dual routing on my freebsd box but its was not
> sucecssfull. any one can help?
> 

Hello:

With very little information, I'm guessing you mean, "how do I route
through a FreeBSD box from one NIC to another?"

First, as root, 'sysctl net.inet.ip.forwarding=1' and then update
/etc/sysctl.conf with 'net.inet.ip.forwarding=1' so it is available
after reboot.

Second, in /etc/rc.conf, put 'gateway_enable="YES"'

After that, you'll have to provide more information about your
configuration to receive more specific information about configuration
guidelines.

Regards,

Mike
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing

[Michael P. Soulier]

On 1/1/07, Office of the CIO-rithy4u.NET <[EMAIL PROTECTED]> wrote:

I try to do dual routing on my freebsd box but its was not
sucecssfull. any one can help?


Not with the information that you've provided. Perhaps you could
explain what you tried, and what you mean by "not successful"? Details
are important.

Cheers,
Mike
--
Michael P. Soulier <[EMAIL PROTECTED]>
"Any intelligent fool can make things bigger and more complex... It takes a
touch of genius - and a lot of courage to move in the opposite direction."
--Albert Einstein
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing

[Odhiambo Washington]

* On 01/01/07 17:17 +0700, Office of the CIO-rithy4u.NET wrote:
| I try to do dual routing on my freebsd box but its was not  
| sucecssfull. any one can help?

Explain what is dual routing. What exactly are you trying to achieve?


-Wash

http://www.netmeister.org/news/learn2quote.html

DISCLAIMER: See http://www.wananchi.com/bms/terms.php

--
+==+
|\  _,,,---,,_ | Odhiambo Washington<[EMAIL PROTECTED]>
Zzz /,`.-'`'-.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
   |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
  '---''(_/--'  `-'\_) | GSM: +254 722 743223   +254 733 744121
+==+

Everything is controlled by a small evil group to which, unfortunately,
no one we know belongs.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing Question

[Bill Moran]

In response to "Bret J Esquivel" <[EMAIL PROTECTED]>:
> 
> I have a cable modem at my office with a /28 allocated. I have a FreeBSD 6.1
> firewall/router in between the cable modem and the switch to other nodes. My
> question is how could I add static routes to say my web server having an
> external IP address but still going through the firewall box? NAT is not an
> option.
> 
> INET (70.164.48.225/28) -> [xl0] Firewall (70.164.48.226) [xl1] -> [xl0] Web
> server (70.164.48.227)

I could have swore that someone else recommended bridging, so I won't
bother to bring it up.

The other option is to set that system up as a router, and build a proper
routing table.  Your ISP will need to be involved so they know to route
traffic to your subnet through your gateway system.

You need to enable forwarding in /etc/rc.conf.  Then you'll need to
subnet your range properly.  Something like:

70.164.48.225/29 -> external 
70.164.48.241/29 -> internal

Then set your external interface on the router to 70.164.48.226 and
the internal interface to 70.164.48.242.  They you can use
70.164.48.243 - 249 on the inside.

Configuring the FreeBSD machine as a bridging firewall will simplify
the process, however, and is the approach I would recommend.

-- 
Bill Moran
Collaborative Fusion Inc.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing Question

[Vince Hoffman]

Bret J Esquivel wrote:

Hi,

 


I have a cable modem at my office with a /28 allocated. I have a FreeBSD 6.1
firewall/router in between the cable modem and the switch to other nodes. My
question is how could I add static routes to say my web server having an
external IP address but still going through the firewall box? NAT is not an
option.

 


INET (70.164.48.225/28) -> [xl0] Firewall (70.164.48.226) [xl1] -> [xl0] Web
server (70.164.48.227)

  
Only really one choice if you really don't want NAT (i've run web 
servers with a static nat many times though so i wouldn't rule it out if 
i were you)


Routing wouldn't work in this scenario as you dont have enough control, 
you would have to bridge the interfaces on your firewall. man if_bridge.
Bridging xl0 and xl1 on your firewall will make it act like a 2 port 
hub, but pf ,ipfw and ipf can still filter packets going across it.


Personally in this situation i'd just add the IPs to the freebsd box and 
set static NATs up for anything that needs to be externally visible but 
a bridging firewall should work too.



Vince

 


Thanks in advance.

 


Bret

 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
  


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing Question

[Nikos Vassiliadis]

On Tuesday 12 December 2006 09:49, Bret J. Esquivel wrote:
> Hi,
> 
>  
> 
> I have a cable modem at my office with a /28 allocated. I have a FreeBSD 6.1
> firewall/router in between the cable modem and the switch to other nodes. My
> question is how could I add static routes to say my web server having an
> external IP address but still going through the firewall box? NAT is not an
> option.
> 
>  
> 
> INET (70.164.48.225/28) -> [xl0] Firewall (70.164.48.226) [xl1] -> [xl0] Web
> server (70.164.48.227)

You can bridge xl0 and xl1. Then you'll use one address e.g. 70.164.48.225/28
on you xl0 and that will be reachable from your lan too. xl1 doesn't have to
have an IP address. Check man if_bridge.

But is this the topology? in many cases there is a PPP interface
which connects you to the world, a WAN interface. And there is a
network routed through this. Something like this:
 W AN  L
  A  N
(a.b.c.d/32) <-> (a.b.c.e/32 router d.e.f.a/28) <-> (d.e.f.b/28 other boxes)

Hope this help, Nikos
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing Issue?

[Garrett Cooper]

Yousef Adnan Raffah wrote:

Hello Everyone,

I have a FreeBSD 6.1-RELEASE box that has two network cards (Dual
Homed?). Each card is on a different network, as following
(from /etc/rc.conf):

ifconfig_fxp0="inet 192.168.20.36 netmask 255.255.255.0"
ifconfig_rl0="inet 192.168.210.6 netmask 255.255.255.0"
defaultrouter="192.168.210.1"
route_servers="-net 192.168.2.0 192.168.20.1"
static_routes="net1 net2"
route_net1="-net 172.20.68.0 192.168.20.1 255.255.254.0"
route_net2="-net 192.168.2.0 192.168.20.1"

The fxp0 is connected to the outside world while the rl0 is connected to
the internal networks. I noticed whenever I ssh or try to telnet to port
25 on this box from 192.168.2.x for example, it delays the response by
something like 10 seconds, I even have a tcpdump of that!

Can someone explain what is wrong with my setup? Should I have routed
running? (I personally don't feel it is needed)

Thanks in advance for your help and guidance.

P.S. I got the above setup based on my understanding of the handbook, so
forgive me if I didn't understand it correctly :)



	I believe the actual fault is that you don't understand how networks 
are done, based on the /etc/rc.conf entries you've listed above.
	I suggest that you pick up Computer Networks: A System Approach by 
Peterson and Davie to pick up a basic idea of how networking and routing 
works, and maybe consult  
as a basis for planning out how things will be done, in particular with 
network addresses.
	Providing netstat -nr" output would be beneficial as well when 
troubleshooting issues with routing, as well as any firewall rules you 
have in place.

-Garrett
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing with external interface doesn't work after a while

[Erik Norgaard]

Martin Turgeon wrote:


You're right on this, the filtering rules aren't written with the brackets.
But isn't pf routing the packets to an interface instead of an IP address.


I can't tell you if this affects your setup since I have't seen the 
ruleset.


You're going to tag then nat and then filter the packets. If any of 
these steps you apply non-dynamic rules, that is you use $ext_if instead 
of ($ext_if) for the ip address on the external interface, then you're 
likely to have things behave unexpectedly.


Things suddenly stop working after weeks without problems, just sounds 
very much like your firewall setup doesn't follow changes of the 
interface configuration. Without knowing the details of your setup, I 
can't tell you much more.


What also confuses me is that you have tags in your nat rules - you 
might add a tag for later use in filtering, but you also check if a tag 
exist, and I don't know how or where this is set.


Cheers, Erik
--
Ph: +34.666334818  web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Routing with external interface doesn't work after a while

[Martin Turgeon]

You're right on this, the filtering rules aren't written with the brackets.
But isn't pf routing the packets to an interface instead of an IP address.

Thanks a lot

Martin

-Message d'origine-
De : Erik Norgaard [mailto:[EMAIL PROTECTED] 
Envoyé : 18 octobre 2006 12:41
À : Martin Turgeon
Cc : freebsd-pf@freebsd.org; [EMAIL PROTECTED];
freebsd-questions@freebsd.org
Objet : Re: Routing with external interface doesn't work after a while

Martin Turgeon wrote:
> The NAT rules are already written that way:
> 
> nat on $wan_if tag LAN_WAN_NAT tagged LAN_WAN -> ($wan_if)
> nat on $wan_if tag WLS_WAN_NAT tagged WLS_WAN -> ($wan_if)
> nat on $wan_if tag AP_WAN_NAT tagged AP_WAN -> ($wan_if)
> nat on $wan_if tag VPN_WAN_NAT tagged VPN_WAN -> ($wan_if)

How are your tags created? If somewhere in the nat/tag/filtering process 
  you've missed the dynamic update of the external ip it may fail there...

Cheers, Erik
-- 
Ph: +34.666334818  web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing with external interface doesn't work after a while

[Erik Norgaard]

Martin Turgeon wrote:

The NAT rules are already written that way:

nat on $wan_if tag LAN_WAN_NAT tagged LAN_WAN -> ($wan_if)
nat on $wan_if tag WLS_WAN_NAT tagged WLS_WAN -> ($wan_if)
nat on $wan_if tag AP_WAN_NAT tagged AP_WAN -> ($wan_if)
nat on $wan_if tag VPN_WAN_NAT tagged VPN_WAN -> ($wan_if)


How are your tags created? If somewhere in the nat/tag/filtering process 
 you've missed the dynamic update of the external ip it may fail there...


Cheers, Erik
--
Ph: +34.666334818  web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing with external interface doesn't work after a while

[Erik Norgaard]

Martin Turgeon wrote:


I've been reading the mailing list for a while, but it's my first post. I'm
not sure what is causing the problem so I'm posting to multiple lists. I'm
running FreeBSD 6.1 on a Celeron 2.8GHz with 512Mo of RAM. It looks likes
after a while (a couple of weeks) the routing isn't working anymore, but
only with the external interface (the one connected to my cable modem from
Videotron in Montreal). The box is acting as the gateway of the network with
PF, OpenVPN 2.0.5-1 and ISC-DHCPd 3.0.3-1 running. The problem also occurred
on FreeBSD 6.0 on another box.


OK, this can take a long time to solve if the problem reoccurs after 
some weeks - can you reproduce at a faster rate?



The routing table looks ok.

The external interface is still receiving ARP requests but nothing is going
out from my internal network.


OK, so your internal network can't get out. But can you get out from the 
gateway? I mean, try login to the gateway and ping the default gateway. 
Do you get replies? do you see packets going out when sniffing?



Here's what I tried with no result:

I tried to flush the states with pfctl -Fs
I tried to reload the NAT with pfctl -N

The solution was to renew the address of the external interface with
dhclient fxp0.

I looked back at the routing table after the dhclient fxp0 and nothing
changed except the address of the default gateway because my IP address
changed of subnetwork.


While the gateway is working take dump output of ifconfig and "route get 
default" into a file. When it stops working do it again. Repeat after 
you have restored the connection.


Did any thing change from it worked till it stopped working?

Cheers, Erik
--
Ph: +34.666334818  web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Routing with external interface doesn't work after a while

[Martin Turgeon]

The NAT rules are already written that way:

nat on $wan_if tag LAN_WAN_NAT tagged LAN_WAN -> ($wan_if)
nat on $wan_if tag WLS_WAN_NAT tagged WLS_WAN -> ($wan_if)
nat on $wan_if tag AP_WAN_NAT tagged AP_WAN -> ($wan_if)
nat on $wan_if tag VPN_WAN_NAT tagged VPN_WAN -> ($wan_if)

Thanks anyway

Martin

-Message d'origine-
De : Erik Norgaard [mailto:[EMAIL PROTECTED] 
Envoyé : 18 octobre 2006 10:30
À : Martin Turgeon
Cc : freebsd-pf@freebsd.org; [EMAIL PROTECTED];
freebsd-questions@freebsd.org
Objet : Re: Routing with external interface doesn't work after a while

Martin Turgeon wrote:

> I've been reading the mailing list for a while, but it's my first post.
I'm
> not sure what is causing the problem so I'm posting to multiple lists. I'm
> running FreeBSD 6.1 on a Celeron 2.8GHz with 512Mo of RAM. It looks likes
> after a while (a couple of weeks) the routing isn't working anymore, but
> only with the external interface (the one connected to my cable modem from
> Videotron in Montreal). The box is acting as the gateway of the network
with
> PF, OpenVPN 2.0.5-1 and ISC-DHCPd 3.0.3-1 running. The problem also
occurred
> on FreeBSD 6.0 on another box.

Is your external ip configured with dhcp? I would guess this is because 
your ip on the external interface changes. Your NAT rules will still go 
to the old ip and hence nowhere. If reloading your pf ruleset solves the 
problem, then this is a strong indication.

There is some trick to handle that, IIRC something like this would do:

ext_if=fxp0 # external interface
nat on $ext_if from   to ! -> ($ext_if)

The () means that pf will lookup the ip on that interface, and update 
dynamically when the ip changes.

Well, that's how I remember it, I couldn't find where I've seen it, but 
there is a trick like this.

Cheers, Erik
-- 
Ph: +34.666334818  web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing with external interface doesn't work after a while

[Joe]

Erik Norgaard wrote:

There is some trick to handle that, IIRC something like this would do:

ext_if=fxp0 # external interface
nat on $ext_if from   to ! -> ($ext_if)

The () means that pf will lookup the ip on that interface, and update 
dynamically when the ip changes.



That is correct.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing with external interface doesn't work after a while

[Erik Norgaard]

Martin Turgeon wrote:


I've been reading the mailing list for a while, but it's my first post. I'm
not sure what is causing the problem so I'm posting to multiple lists. I'm
running FreeBSD 6.1 on a Celeron 2.8GHz with 512Mo of RAM. It looks likes
after a while (a couple of weeks) the routing isn't working anymore, but
only with the external interface (the one connected to my cable modem from
Videotron in Montreal). The box is acting as the gateway of the network with
PF, OpenVPN 2.0.5-1 and ISC-DHCPd 3.0.3-1 running. The problem also occurred
on FreeBSD 6.0 on another box.


Is your external ip configured with dhcp? I would guess this is because 
your ip on the external interface changes. Your NAT rules will still go 
to the old ip and hence nowhere. If reloading your pf ruleset solves the 
problem, then this is a strong indication.


There is some trick to handle that, IIRC something like this would do:

ext_if=fxp0 # external interface
nat on $ext_if from   to ! -> ($ext_if)

The () means that pf will lookup the ip on that interface, and update 
dynamically when the ip changes.


Well, that's how I remember it, I couldn't find where I've seen it, but 
there is a trick like this.


Cheers, Erik
--
Ph: +34.666334818  web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Routing problem

[Nicholas von Waltsleben]

In answer to my own question.  When I disable the firewall on the server
the routing issue is instantly resolved.  However for 90% of the time
the firewall runs without any apparent problems... I will start a new
thread of conversation and ask my now firewall related problem.  Sorry
for my apparent thickness :)

> Hi,
>
> I am running a 5.4 box as a gateway server / firewall / mail relay at
> our company.  Previously we had a 4.3-beta server which although
> horribly outdated hardly ever gave us any problems.  Since replacing
it
> with a Dell 850 and installing 5.4 I have experienced intermittent
> routing issues. The box will stop routing traffic correctly (I have
> included the output of a ping below).  I initially thought that the
box
> was just dropping the packets but after running a trafshow I saw that
> this was not the case.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing?

[Chuck Swiger]

Patrick Lindholm wrote:
[ ... ]
But the 192.168.0.6 Does´nt appear to be available for other computers 
on my LAN


So i checked out some manuals and used command: ARP -Ds 192.168.0.6 sl0 
pub  and 92.168.0.6 came visible to other computers on my LAN.


So now i thought that all i have to do is to put on my BSDBOX 
natd.confto redirect  all requests from 23 and 81 to 192.168.0.6  
right? and allow of course ports from Firewall  (My software with the 
SLIP has entrance via HTTP and TELNET)


Well nobody can´t still connect to my Linux software from outside?
 From my LAN it´works ok.

[ ... ]

The first problem was a result of trying to use ARP to a machine not on the 
local subnet, which the SLIP connection is not.  If you're going to use that, 
you either need to proxy arp for the box, or set up routing on both sides so 
that the 192.168.255.x and 129.168.0.y subnets know about each other.


Second, for NAT port forwarding to work, the Linux box has to route replies 
back via a path that goes to the FreeBSD box running NATD.  In other words, the 
default route of the Linux box may have to point back via the FreeBSD box.


There are other wordarounds available, such as using SSH portforwarding, netcat 
(nc), or the TIS FWTK plug-gw to proxy the connections to your internal net to 
avoid changing the routing, but you're getting into some complex networking...


--
-Chuck
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing question? second reply

[Dan Nelson]

In the last episode (Apr 14), Kurt Buff said:
> Dan Nelson wrote:
> >In the last episode (Apr 13), Kurt Buff said:
> >>I have a FreeBSD 5.3 box running
> >>postfix/amavisd-new/spamassassin/clamav. Currently, we have two
> >>entrances to our network, one is the Watchguard FBIII for our T1,
> >>the other is a PC running Win2k and Winproxy, serving our DSL line.
> >>The PC is starting to flake out, and I'd like to replace it with a
> >>Wachguard SOHO that we have laying around.
> >
> >It might be easier to just hang your DSL line off your External or
> >Optional network, so you can enable the FBIII's SMTP filtering on
> >both your DSL and T1 lines.  Hanging it off a SOHO in your Trusted
> >network is a bit less secure (but no worse than your winproxy
> >setup).
> 
> On further thought, this isn't going to work. Aside from layer 8
> issues, we also want to use the optional port for an IM solution for
> customer support, and eventually we're going to pull our web site
> into it. Unless I'm misunderstanding your thoughts...

You can still hang it off External if your external router has a spare
Ethernet port.  We did something similar here; terminated and NAT'ted a
56k line off our Cisco router, and the firebox just saw it as regular
internet traffic.  The Cisco took care of routing the NAT'ted traffic
through the 65k link.

Or upgrade to a newer 6-port firebox :)

-- 
Dan Nelson
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing question?

[Dan Nelson]

In the last episode (Apr 14), Kurt Buff said:
> Dan Nelson wrote:
> >In the last episode (Apr 13), Kurt Buff said:
> >>I have a FreeBSD 5.3 box running
> >>postfix/amavisd-new/spamassassin/clamav. Currently, we have two
> >>entrances to our network, one is the Watchguard FBIII for our T1,
> >>the other is a PC running Win2k and Winproxy, serving our DSL line.
> >>The PC is starting to flake out, and I'd like to replace it with a
> >>Wachguard SOHO that we have laying around.
> >> 
> >>The default gateway for the FreeBSD box is pointed at the WG FBIII,
> >>as that's the way most of our email comes through.
> >>
> >>What the PC with Winproxy does is accept inbound email connections
> >>to our secondary MX, and presents them to the FreeBSD box. I'm
> >>assuming that the Winproxy program was doing something funky to
> >>make all of this happen, but I'm really set on replacing it. This
> >>has been working for a year or two, but lately the Winproxy program
> >>on the PC is falling over several times a day. It's not a hardware
> >>error - all other programs on the machine work just fine, but
> >>Winproxy is dieing.
> >>
> >>When I hook up the SOHO, I can't get emails through the DSL line.
>
> Failure mode is that when I telnet to the external IP address of the
> soho on port 25, I get no answer. On the SOHO, I have port 25 set to
> allow inbound access, only to the IP address of the postfix box. It
> smells to me like what's happening is that the inbound packets are
> making it to and through the SOHO, but then the postfix box obeys its
> DG setting, and tries to send the responses out the FBIII, and they
> never make it back to the originating box.

That's possible, since the FBIII won't allow those outgoing packets
without having seen the full TCP handshake.

You could use ipfw fwd rules to force the outgoing packets to route via
the SOHO:

   ( Internet )

1.2.3.4/24  FBIII SOHO   12.1.2.3/32   (external)
  || 192.168.111.1/24 (internal)
  ||
  +--+--+--+---+
|
   BSD

The BSD machine would have three IPs:

1.2.3.10  (mx1.host.com, primary incoming mail)
1.2.3.11  (mail.host.com, outgoing mail)
192.168.111.2 (secondary incoming mail)

mx2.host.com would be set to 12.1.2.3 and the SOHO would be told to
forward port 25 to 192.168.111.2.  If you add this ipfw rule to BSD:

fwd 192.168.111.1 ip from 192.168.111.2 to any

, that should be enough to force all (and only) the DSL mail traffic
through the SOHO.
 
-- 
Dan Nelson
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing question? second reply

[Kurt Buff]

Dan Nelson wrote:
In the last episode (Apr 13), Kurt Buff said:
I have a FreeBSD 5.3 box running
postfix/amavisd-new/spamassassin/clamav. Currently, we have two
entrances to our network, one is the Watchguard FBIII for our T1, the
other is a PC running Win2k and Winproxy, serving our DSL line. The
PC is starting to flake out, and I'd like to replace it with a
Wachguard SOHO that we have laying around.

It might be easier to just hang your DSL line off your External or
Optional network, so you can enable the FBIII's SMTP filtering on both
your DSL and T1 lines.  Hanging it off a SOHO in your Trusted network
is a bit less secure (but no worse than your winproxy setup).
On further thought, this isn't going to work. Aside from layer 8 issues, 
we also want to use the optional port for an IM solution for customer 
support, and eventually we're going to pull our web site into it. Unless 
I'm misunderstanding your thoughts...

The default gateway for the FreeBSD box is pointed at the WG FBIII,
as that's the way most of our email comes through.
What the PC with Winproxy does is accept inbound email connections to
our secondary MX, and presents them to the FreeBSD box. I'm assuming
that the Winproxy program was doing something funky to make all of
this happen, but I'm really set on replacing it. This has been
working for a year or two, but lately the Winproxy program on the PC
is falling over several times a day. It's not a hardware error - all
other programs on the machine work just fine, but Winproxy is dieing.
When I hook up the SOHO, I can't get emails through the DSL line.

What fails?  Do you get connection refused?  Maybe you just need to
open port 25 incoming on the SOHO and redirect it to the FreeBSD box's
IP (set up an alias IP in the SOHO's default 192.168.111/24 network if
you can't get the SOHO to use your exisitng Trusted network as its
trusted network).
I have a Firebox 1000 and a SOHO at work but don't have the SOHO's
password on me so I can't tell you exactly what to set where :)
I've got someone at WG looking at the SOHO setup for me, and they're 
starting to come to my conclusion - it's going to require more smarts 
for the postfix box. I'm thinking zebra/quagga might be required, 
perhaps even if we put the postfix box in the DMZ/optional area of the 
FBIII, 'cause the postfix box needs to know where to pitch packets after 
receiving them.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing question?

[Kurt Buff]

Dan Nelson wrote:
In the last episode (Apr 13), Kurt Buff said:
I have a FreeBSD 5.3 box running
postfix/amavisd-new/spamassassin/clamav. Currently, we have two
entrances to our network, one is the Watchguard FBIII for our T1, the
other is a PC running Win2k and Winproxy, serving our DSL line. The
PC is starting to flake out, and I'd like to replace it with a
Wachguard SOHO that we have laying around.

It might be easier to just hang your DSL line off your External or
Optional network, so you can enable the FBIII's SMTP filtering on both
your DSL and T1 lines.  Hanging it off a SOHO in your Trusted network
is a bit less secure (but no worse than your winproxy setup).
That's worthy of some thought. It may not fulfill the layer 8 
requirements, however.

The default gateway for the FreeBSD box is pointed at the WG FBIII,
as that's the way most of our email comes through.
What the PC with Winproxy does is accept inbound email connections to
our secondary MX, and presents them to the FreeBSD box. I'm assuming
that the Winproxy program was doing something funky to make all of
this happen, but I'm really set on replacing it. This has been
working for a year or two, but lately the Winproxy program on the PC
is falling over several times a day. It's not a hardware error - all
other programs on the machine work just fine, but Winproxy is dieing.
When I hook up the SOHO, I can't get emails through the DSL line.

What fails?  Do you get connection refused?  Maybe you just need to
open port 25 incoming on the SOHO and redirect it to the FreeBSD box's
IP (set up an alias IP in the SOHO's default 192.168.111/24 network if
you can't get the SOHO to use your exisitng Trusted network as its
trusted network).
I have a Firebox 1000 and a SOHO at work but don't have the SOHO's
password on me so I can't tell you exactly what to set where :)
Failure mode is that when I telnet to the external IP address of the 
soho on port 25, I get no answer. On the SOHO, I have port 25 set to 
allow inbound access, only to the IP address of the postfix box. It 
smells to me like what's happening is that the inbound packets are 
making it to and through the SOHO, but then the postfix box obeys its DG 
setting, and tries to send the responses out the FBIII, and they never 
make it back to the originating box.

Kurt
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing question?

[Dan Nelson]

In the last episode (Apr 13), Kurt Buff said:
> I have a FreeBSD 5.3 box running
> postfix/amavisd-new/spamassassin/clamav. Currently, we have two
> entrances to our network, one is the Watchguard FBIII for our T1, the
> other is a PC running Win2k and Winproxy, serving our DSL line. The
> PC is starting to flake out, and I'd like to replace it with a
> Wachguard SOHO that we have laying around.

It might be easier to just hang your DSL line off your External or
Optional network, so you can enable the FBIII's SMTP filtering on both
your DSL and T1 lines.  Hanging it off a SOHO in your Trusted network
is a bit less secure (but no worse than your winproxy setup).

> The default gateway for the FreeBSD box is pointed at the WG FBIII,
> as that's the way most of our email comes through.
> 
> What the PC with Winproxy does is accept inbound email connections to
> our secondary MX, and presents them to the FreeBSD box. I'm assuming
> that the Winproxy program was doing something funky to make all of
> this happen, but I'm really set on replacing it. This has been
> working for a year or two, but lately the Winproxy program on the PC
> is falling over several times a day. It's not a hardware error - all
> other programs on the machine work just fine, but Winproxy is dieing.
> 
> When I hook up the SOHO, I can't get emails through the DSL line.

What fails?  Do you get connection refused?  Maybe you just need to
open port 25 incoming on the SOHO and redirect it to the FreeBSD box's
IP (set up an alias IP in the SOHO's default 192.168.111/24 network if
you can't get the SOHO to use your exisitng Trusted network as its
trusted network).

I have a Firebox 1000 and a SOHO at work but don't have the SOHO's
password on me so I can't tell you exactly what to set where :)

-- 
Dan Nelson
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing help

[Hexren]

W> I need a way of routing all udp & http traffic on ports 6881-6999 that hit 
W> machine A to be passed through to machine B on the same ports .. how do i go 
W> about doing this with as much simplicity as possible.

-

Install pf,ipfw or ipf (I prefer pf but thats opionion) and use the port 
forwarding features built into
the firewall.

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html

Hexren

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing Problem

[Derek]

Gustafson, Tim wrote:
I know it "can" be done.  I have a feeling that the FreeBSD TCP
stack lacks the capability.  
If you are looking for multiple routes to the same destination, you are 
correct.  I believe that if you see the thread on net@ from 03/01/04 
with the subject "My planned work on networking stack":


 [] move IPv4 routing to its own optimized routing table structure and
add multi-path and policy-routing options.  (planned)

I think this is the feature you are looking for: multi-path
I am also not sure of the status of this.
There are some hackish ways of dealing with this:
eg.
route add 0.0.0.0/1 router1
route add 128.0.0.0/1 router2
(or some such hideous incantation)
If you want to get real nasty, I would try some jiggery pokery with 
vlans/ng_one2many:

# receiving is done with public ips (all the same here as your current 
config)
router1 vlan0 pubip1
router2 vlan0 pubip2
server  vlan0 pubip1/2

#transmitting is done through faked gateway 50% load each
router1 vlan1 10.0.0.1
router2 vlan2 10.0.0.1
server  vlan1/2 10.0.0.2
route add default 10.0.0.1
You'll need to be sure that both upstream providers will route either ip 
address though.  Also, there is no "dynamic" type of functionallity on 
this, if one of the links goes down, you'll lose 50% of your traffic. 
You could probably rig up a script to notify netgraph when the remote 
g/w goes down though.

I've never tried this, but it seems this wouldn't be a bad way to start 
if you've got some time on your hands.

Cheers,
Derek
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing Problem

[Thomas Foster]

Sounds like the man page for routed might be what you seek
http://www.freebsd.org/cgi/man.cgi?query=routed&sektion=8
T
- Original Message - 
From: "Gustafson, Tim" <[EMAIL PROTECTED]>
To: "Thomas Foster" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, February 02, 2005 5:02 AM
Subject: RE: Routing Problem


Thomas (and John too),
Let me clarify a little bit.
What I have is this:
A single FreeBSD web server with a single NIC in it
Two T1 routers, each with a different subnet.
My FreeBSD box has two IP addresses assigned to it, one from the first
subnet and one from the second subnet.
I want to use round-robin DNS to direct half my web traffic to the first
IP and half to the second IP.
As I said to John in a private e-mail earlier this morning, I have a
Windows 2000 box that is doing exactly this with these two subnets right
now.  I know it "can" be done.  I have a feeling that the FreeBSD TCP
stack lacks the capability.  By the way, this also works with Cisco
hardware.  I have used Cisco equipment in this same configuration in the
past.
I think they way it SHOULD work is that you should be able to give a
FreeBSD box multiple default gateways.  When FreeBSD gets a packet to an
IP on the first subnet, it should use the default gateway that is also
on that subnet.  When FreeBSD gets a packet to an IP on the second
subnet, it should use the second default gateway.  This seems to be the
logic that Windows (and Cisco) uses.
Tim Gustafson
MEI Technology Consulting, Inc
[EMAIL PROTECTED]
(516) 379-0001 Office
(516) 480-1870 Mobile/Emergencies
(516) 908-4185 Fax
http://www.meitech.com/ 


-Original Message-
From: Thomas Foster [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 02, 2005 7:57 AM
To: Gustafson, Tim
Cc: [EMAIL PROTECTED]
Subject: Re: Routing Problem
Hi Tim..
If you have multiple interfaces and you configure a default gateway for
each 
interface, the default metric determination that is based on the speed
of 
the interface usually uses the fastest interface for default gateway 
traffic. This is usually desirable in configurations in which the
computer 
is connected to the same network.

This behavior can become a problem when the computer exists on two or
more 
disjointed networks (networks that do not provide symmetric reachability
on 
layer3). Symmetric reachability exists when packets can be sent to and 
received from an arbitrary destination.

Because the TCP/IP version4 protocol uses a single default route in 
FreeBSD's routing table at any one time for default route traffic,
default 
routers configured on multiple interfaces connected to two or more 
disjointed networks can wreak routing traffic havoc.

In FreeBSD, you can manually configure the routing table for the
individual 
interfaces..  but it sounds to me as if you are attempting to use two 
ethernet interfaces connected to two disjointed networks connected to 
routers with two seperate subnets in order to balance http requests to
one 
server.. is this the case?  I guess I am not fully understanding your 
configuration ...

T.
- Original Message - 
From: "Gustafson, Tim" <[EMAIL PROTECTED]>
To: "Thomas Foster" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, February 02, 2005 4:06 AM
Subject: RE: Routing Problem


Thomas,
No, I'm not using this box as a router.  It is a web server, and I
need
to spread the load of my web traffic across two separate T1s.
I can't just add routes.  You need a default route, or parts of the
internet would become inaccessible.  In my case, you need TWO default
routes.  I have set up Cisco equipment and Windows workstations with
two
default routes in the past, and it has worked.  In fact, I have one
Windows box right now that is configured on both these networks with
two
default gateways, and it is working.
There has to be a way to make it work on FreeBSD.
Tim Gustafson
MEI Technology Consulting, Inc
[EMAIL PROTECTED]
(516) 379-0001 Office
(516) 480-1870 Mobile/Emergencies
(516) 908-4185 Fax
http://www.meitech.com/

-Original Message-
From: Thomas Foster [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 02, 2005 4:48 AM
To: Gustafson, Tim
Cc: [EMAIL PROTECTED]
Subject: Re: Routing Problem
Im confused.. if you have two T1s, then are using /30s dor the ranges?
If
so.. what about not giving a default gateway for either one and just
add
routes...
Are you attempting utilize this as just a router.?
Theres a section that covers setting up routing on interfaces in the
handbook:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routin
g.html
Hope this helps
T
- Original Message - 
From: "Gustafson, Tim" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, February 01, 2005 5:35 PM
Subject: Routing Problem


I am having a problem setting up a multi-homed host.  I have two
separate T1 internet connections, and one physical NIC in my F

RE: Routing Problem

[Gustafson, Tim]

Thomas (and John too),

Let me clarify a little bit.

What I have is this:

A single FreeBSD web server with a single NIC in it
Two T1 routers, each with a different subnet.

My FreeBSD box has two IP addresses assigned to it, one from the first
subnet and one from the second subnet.

I want to use round-robin DNS to direct half my web traffic to the first
IP and half to the second IP.

As I said to John in a private e-mail earlier this morning, I have a
Windows 2000 box that is doing exactly this with these two subnets right
now.  I know it "can" be done.  I have a feeling that the FreeBSD TCP
stack lacks the capability.  By the way, this also works with Cisco
hardware.  I have used Cisco equipment in this same configuration in the
past.

I think they way it SHOULD work is that you should be able to give a
FreeBSD box multiple default gateways.  When FreeBSD gets a packet to an
IP on the first subnet, it should use the default gateway that is also
on that subnet.  When FreeBSD gets a packet to an IP on the second
subnet, it should use the second default gateway.  This seems to be the
logic that Windows (and Cisco) uses.

Tim Gustafson
MEI Technology Consulting, Inc
[EMAIL PROTECTED]
(516) 379-0001 Office
(516) 480-1870 Mobile/Emergencies
(516) 908-4185 Fax
http://www.meitech.com/ 



-Original Message-
From: Thomas Foster [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 02, 2005 7:57 AM
To: Gustafson, Tim
Cc: [EMAIL PROTECTED]
Subject: Re: Routing Problem


Hi Tim..

If you have multiple interfaces and you configure a default gateway for
each 
interface, the default metric determination that is based on the speed
of 
the interface usually uses the fastest interface for default gateway 
traffic. This is usually desirable in configurations in which the
computer 
is connected to the same network.

This behavior can become a problem when the computer exists on two or
more 
disjointed networks (networks that do not provide symmetric reachability
on 
layer3). Symmetric reachability exists when packets can be sent to and 
received from an arbitrary destination.

Because the TCP/IP version4 protocol uses a single default route in 
FreeBSD's routing table at any one time for default route traffic,
default 
routers configured on multiple interfaces connected to two or more 
disjointed networks can wreak routing traffic havoc.

 In FreeBSD, you can manually configure the routing table for the
individual 
interfaces..  but it sounds to me as if you are attempting to use two 
ethernet interfaces connected to two disjointed networks connected to 
routers with two seperate subnets in order to balance http requests to
one 
server.. is this the case?  I guess I am not fully understanding your 
configuration ...

T.


- Original Message - 
From: "Gustafson, Tim" <[EMAIL PROTECTED]>
To: "Thomas Foster" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, February 02, 2005 4:06 AM
Subject: RE: Routing Problem


> Thomas,
>
> No, I'm not using this box as a router.  It is a web server, and I
need
> to spread the load of my web traffic across two separate T1s.
>
> I can't just add routes.  You need a default route, or parts of the
> internet would become inaccessible.  In my case, you need TWO default
> routes.  I have set up Cisco equipment and Windows workstations with
two
> default routes in the past, and it has worked.  In fact, I have one
> Windows box right now that is configured on both these networks with
two
> default gateways, and it is working.
>
> There has to be a way to make it work on FreeBSD.
>
> Tim Gustafson
> MEI Technology Consulting, Inc
> [EMAIL PROTECTED]
> (516) 379-0001 Office
> (516) 480-1870 Mobile/Emergencies
> (516) 908-4185 Fax
> http://www.meitech.com/
>
>
>
> -Original Message-
> From: Thomas Foster [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 02, 2005 4:48 AM
> To: Gustafson, Tim
> Cc: [EMAIL PROTECTED]
> Subject: Re: Routing Problem
>
>
> Im confused.. if you have two T1s, then are using /30s dor the ranges?
> If
> so.. what about not giving a default gateway for either one and just
add
>
> routes...
>
> Are you attempting utilize this as just a router.?
>
> Theres a section that covers setting up routing on interfaces in the
> handbook:
>
>
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routin
> g.html
>
> Hope this helps
>
> T
> - Original Message - 
> From: "Gustafson, Tim" <[EMAIL PROTECTED]>
> To: 
> Sent: Tuesday, February 01, 2005 5:35 PM
> Subject: Routing Problem
>
>
>>I am having a problem setting up a multi-homed host.  I have two
>> separate T1 internet connections, and one physical NIC in my FreeBSD
>> box.  The two networks are as follows:
>>

Re: Routing Problem

[Thomas Foster]

Hi Tim..
If you have multiple interfaces and you configure a default gateway for each 
interface, the default metric determination that is based on the speed of 
the interface usually uses the fastest interface for default gateway 
traffic. This is usually desirable in configurations in which the computer 
is connected to the same network.

This behavior can become a problem when the computer exists on two or more 
disjointed networks (networks that do not provide symmetric reachability on 
layer3). Symmetric reachability exists when packets can be sent to and 
received from an arbitrary destination.

Because the TCP/IP version4 protocol uses a single default route in 
FreeBSD's routing table at any one time for default route traffic, default 
routers configured on multiple interfaces connected to two or more 
disjointed networks can wreak routing traffic havoc.

In FreeBSD, you can manually configure the routing table for the individual 
interfaces..  but it sounds to me as if you are attempting to use two 
ethernet interfaces connected to two disjointed networks connected to 
routers with two seperate subnets in order to balance http requests to one 
server.. is this the case?  I guess I am not fully understanding your 
configuration ...

T.
- Original Message - 
From: "Gustafson, Tim" <[EMAIL PROTECTED]>
To: "Thomas Foster" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, February 02, 2005 4:06 AM
Subject: RE: Routing Problem


Thomas,
No, I'm not using this box as a router.  It is a web server, and I need
to spread the load of my web traffic across two separate T1s.
I can't just add routes.  You need a default route, or parts of the
internet would become inaccessible.  In my case, you need TWO default
routes.  I have set up Cisco equipment and Windows workstations with two
default routes in the past, and it has worked.  In fact, I have one
Windows box right now that is configured on both these networks with two
default gateways, and it is working.
There has to be a way to make it work on FreeBSD.
Tim Gustafson
MEI Technology Consulting, Inc
[EMAIL PROTECTED]
(516) 379-0001 Office
(516) 480-1870 Mobile/Emergencies
(516) 908-4185 Fax
http://www.meitech.com/

-Original Message-
From: Thomas Foster [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 02, 2005 4:48 AM
To: Gustafson, Tim
Cc: [EMAIL PROTECTED]
Subject: Re: Routing Problem
Im confused.. if you have two T1s, then are using /30s dor the ranges?
If
so.. what about not giving a default gateway for either one and just add
routes...
Are you attempting utilize this as just a router.?
Theres a section that covers setting up routing on interfaces in the
handbook:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routin
g.html
Hope this helps
T
- Original Message - 
From: "Gustafson, Tim" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, February 01, 2005 5:35 PM
Subject: Routing Problem


I am having a problem setting up a multi-homed host.  I have two
separate T1 internet connections, and one physical NIC in my FreeBSD
box.  The two networks are as follows:
Connection 1:
LAN Address: 1.2.3.24/25
Router Address: 1.2.3.1
Connection 2:
LAN Address: 4.5.6.106/29
Router Address: 4.5.6.105
I would like to set up my FreeBSD box so that I can connect to either
LAN address from the outside world.  The problem is that I cannot
specify two default gateways.  Right now, I have 1.2.3.1 set up as a
default gateway, and I can get to the 1.2.3.24 IP from the outside
world.  However, I can't get to 4.5.6.106.  I can't even ping it.
From
the FreeBSD box, I can ping 4.5.6.105, and from the outside world I
can
ping 4.5.6.105, but I can't ping 4.5.6.106 from the outside world.
Is there any way to make this work?  How can I make FreeBSD have two
default gateways?  I read somewhere about being able to set up source
routing, but I haven't been able to find any HOWTO's about that.
Any help is greatly appreciated.



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Routing Problem

[Gustafson, Tim]

Thomas,

No, I'm not using this box as a router.  It is a web server, and I need
to spread the load of my web traffic across two separate T1s.

I can't just add routes.  You need a default route, or parts of the
internet would become inaccessible.  In my case, you need TWO default
routes.  I have set up Cisco equipment and Windows workstations with two
default routes in the past, and it has worked.  In fact, I have one
Windows box right now that is configured on both these networks with two
default gateways, and it is working.

There has to be a way to make it work on FreeBSD.

Tim Gustafson
MEI Technology Consulting, Inc
[EMAIL PROTECTED]
(516) 379-0001 Office
(516) 480-1870 Mobile/Emergencies
(516) 908-4185 Fax
http://www.meitech.com/ 



-Original Message-
From: Thomas Foster [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 02, 2005 4:48 AM
To: Gustafson, Tim
Cc: [EMAIL PROTECTED]
Subject: Re: Routing Problem


Im confused.. if you have two T1s, then are using /30s dor the ranges?
If 
so.. what about not giving a default gateway for either one and just add

routes...

Are you attempting utilize this as just a router.?

Theres a section that covers setting up routing on interfaces in the 
handbook:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routin
g.html

Hope this helps

T
- Original Message - 
From: "Gustafson, Tim" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, February 01, 2005 5:35 PM
Subject: Routing Problem


>I am having a problem setting up a multi-homed host.  I have two
> separate T1 internet connections, and one physical NIC in my FreeBSD
> box.  The two networks are as follows:
>
> Connection 1:
> LAN Address: 1.2.3.24/25
> Router Address: 1.2.3.1
>
> Connection 2:
> LAN Address: 4.5.6.106/29
> Router Address: 4.5.6.105
>
> I would like to set up my FreeBSD box so that I can connect to either
> LAN address from the outside world.  The problem is that I cannot
> specify two default gateways.  Right now, I have 1.2.3.1 set up as a
> default gateway, and I can get to the 1.2.3.24 IP from the outside
> world.  However, I can't get to 4.5.6.106.  I can't even ping it.
From
> the FreeBSD box, I can ping 4.5.6.105, and from the outside world I
can
> ping 4.5.6.105, but I can't ping 4.5.6.106 from the outside world.
>
> Is there any way to make this work?  How can I make FreeBSD have two
> default gateways?  I read somewhere about being able to set up source
> routing, but I haven't been able to find any HOWTO's about that.
>
> Any help is greatly appreciated.
> 




smime.p7s
Description: S/MIME cryptographic signature

Re: Routing Problem

[Thomas Foster]

Im confused.. if you have two T1s, then are using /30s dor the ranges?  If 
so.. what about not giving a default gateway for either one and just add 
routes...

Are you attempting utilize this as just a router.?
Theres a section that covers setting up routing on interfaces in the 
handbook:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html
Hope this helps
T
- Original Message - 
From: "Gustafson, Tim" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, February 01, 2005 5:35 PM
Subject: Routing Problem


I am having a problem setting up a multi-homed host.  I have two
separate T1 internet connections, and one physical NIC in my FreeBSD
box.  The two networks are as follows:
Connection 1:
LAN Address: 1.2.3.24/25
Router Address: 1.2.3.1
Connection 2:
LAN Address: 4.5.6.106/29
Router Address: 4.5.6.105
I would like to set up my FreeBSD box so that I can connect to either
LAN address from the outside world.  The problem is that I cannot
specify two default gateways.  Right now, I have 1.2.3.1 set up as a
default gateway, and I can get to the 1.2.3.24 IP from the outside
world.  However, I can't get to 4.5.6.106.  I can't even ping it.  From
the FreeBSD box, I can ping 4.5.6.105, and from the outside world I can
ping 4.5.6.105, but I can't ping 4.5.6.106 from the outside world.
Is there any way to make this work?  How can I make FreeBSD have two
default gateways?  I read somewhere about being able to set up source
routing, but I haven't been able to find any HOWTO's about that.
Any help is greatly appreciated.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing problem on 3 homed host

[Gelsema, Patrick]

You should add on your router the following routes

192.168.1.0/24
192.168.2.0/24
with gateway 192.168.0.2 (interface firewall)

Your router doesn't know where to return the packets to.

And your firewall needs to route 0.0.0.0 to 192.168.0.1 (router interface)

Your CIDR is good.

These changes should make it work.

Use tracert or traceroute to see at which hop it goes wrong.

Regards

Patrick

> Hi,
>
> I am really having problems with this, any help appreciated.
>
> Amended repost of "ipnat port forwarding froblem"
>
> The configuration:
>
> Router:
> This is a dedicated ADSL router with integrated firewall and nat
> The firewall cannot be configured other than turning ports
> on and off for traffic from the internet and routing traffic
> to specific hosts. All traffic is sent to the firewall.
> Firewall:
> This firewall is an i386 arch FreeBSD 5.3 build currently running
> ipf and ipnat and sits on the three networks 192.168.0.0/24,
> 192.168.1.0/24 and 192.168.2.0/24 (This may be wrong, I am unsure
> of CIDR - please advise if it is).
> rc.conf:
> gateway_enable="YES"
> ipf_enable="YES"
> ipnat_enable="YES"
> No nameserver setup all info in hosts files except for 192.168.0.1
> for traffic to and from the internet.
> resolv.conf:
> domain somenet.com
> nameserver 192.168.0.2
> nameserver 192.168.0.1
> ipnat.rules:
> map dc0 192.168.2.0/24 -> 192.168.0.2/32 portmap tcp/udp
> 1:2
> map dc0 192.168.2.0/24 -> 192.168.0.2/32
> map dc0 192.168.1.0/24 -> 192.168.0.2/32 portmap tcp/udp
> 20001:4
> map dc0 192.168.1.0/24 -> 192.168.0.2/32
> ipf.rules: - wide open until I can get this working
> pass out quick all
> pass in quick all
>
> The setup: (simpified)
>
>--
>|Internet|
>--
>|
>  IP: 192.168.0.10  | IP: x.x.x.x
>  ----
>  | Laptop || Router |
>  ----
>| IP: 192.168.0.1
>|
>| IP: 192.168.0.2 IF: dc0
>  --
>  |  Firewall  |
>  |-
>  IP: 192.168.1.2 IF: dc1 || IP 192.168.2.2 IF: rl0
>  ||
>  IP: 192.168.1.10||
> ---  ---
> | DMZ Host|  | | Switch
> ---  | |
>  | |
>  ---
>   |
>   |
>   |
>  
>  | Pri Host |
>  
>
> The problem:
> The firewall can ping the router, dmz host and private host
> and can retrieve html pages from the internet.
> The laptop can ping the firewall
> The dmz host can ping the firewall
> The private host can ping the firewall
> The dmz host and private host cannot ping the router or
> retrieve pages from the internet. (No route to host)
>
> Is there something else that I need to setup or do to enable routing
> the packets between the 3 networks ?
>
> Any help greatly appreciated.
>
> -
> Tim Preece.
>
>
>
>
>
>
>
> ___
> ALL-NEW Yahoo! Messenger - all new features - even more fun!
> http://uk.messenger.yahoo.com
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
>

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing monitoring ?

[Dick Davies]

* Frank Bonnet <[EMAIL PROTECTED]> [1236 11:36]:
> Hi
> 
> I've installed an old PC ( PII 350 Mhz ) as a router
> it works like a charm ;-) I wonder which tool I could install
> on it to monitor a bit the routing process.

cricket kicks the ass.

built on perl and rrdtool, really powerful config syntax once you
get your head round it:

http://cricket.sourceforge.net/support/doc/beginner.html

ports/net-mgmt/cricket

-- 
With that big new contract, I've been able to make those government mandated
upgrades you've all been suing me about. - Prof. Farnsworth
Rasputin :: Jack of All Trades - Master of Nuns
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routing monitoring ?

[Jorn Argelo]

On Fri, 10 Dec 2004 12:35:38 +0100, Frank Bonnet wrote
> Hi
> 
> I've installed an old PC ( PII 350 Mhz ) as a router
> it works like a charm ;-) I wonder which tool I could install
> on it to monitor a bit the routing process.

MRTG, Nagios or RRDtool would do the trick. I would prefer the latter. Nagios 
is handy if you have many machines to monitor, and RRDtool is basicly an 
upgraded version from MRTG. All of them require some research, especially 
Nagios and RRDtool.

Cheers,

Jorn

> 
> Thanks a lot.
> -- 
> Cordialement/Regards
> Frank Bonnet
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing help with arp or zebra -> BRIDGE

[Feczak Szabolcs]

so the answer to myself

If I would like to connect two physical nets without subnetting
I must use bridging. The following commands solve the problem:

sysctl net.link.ether.bridge=1
sysctl net.link.ether.bridge_cfg=fxp0,fxp1

> 2004-11-29, h keltezéssel 17:02-kor Feczak Szabolcs ezt írta:
> > Hi there,
> > 
> > I have the following network env. (IPs are not real though similar)
> > 
> > (INTERNET) - [? ? ? ?] Internet GW (cisco) [195.223.41.1] - switch -
> > 
> > hosts connected to the switch like 195.223.41.10 195.223.41.119 etc.
> > probably in the /24 range or maybe it uses classless routing I do
> > not realy know
> > 
> > My host/router is connected to this switch as well
> > 
> > [195.223.41.14/28 fxp0] inner gw [195.223.41.161/28 fxp1]
> > 
> > I have hosts connected to this innergw in the 195.223.41.160/28 network
> > like 195.223.41.163 for example
> > 
> > 
> > of course this setup doesn't work promptly, but If I do
> > on the inner-gw the following
> > 
> > ifconfig fxp1 down
> > route delete 195.223.41.163
> > ifconfig fxp0 alias 195.223.41.163/32
> > 
> > ping 195.223.41.163 from the other side of the internet
> > of course it works since Internet GW forwards the packet
> > to its switched interface, than arp request and response
> > on the innergw fxp0 interface
> > Now the Cisco router has 195.223.41.163 in its arp cache
> > so now I do the following on the innergw
> > 
> > ifconfig fxp0 -alias 195.223.41.163
> > ifconfig fxp1 up
> > 
> > ping 195.223.41.163
> > whoala it works .. I can reach my machine behind the
> > innergw
> > 
> > for 4 hours, then cisco clears this entry from its arp
> > cache and no more fun.
> > 
> > I have tried to do something with arp host hwaddr pub command,
> > but its trying to advertise things on the inner interface
> > so its no good.
> > 
> > I know the best would be a static route entry on the cisco
> > to route all packets in the 195.223.41.160/28 network to
> > the innergw interface.
> > 
> > Sadly I do not have access to the cisco router and its admin
> > is nearly unreachable and make him do things is even harder.
> > 
> > So my question is ... is it possible to do the trick with
> > some arp magic, or do I need zebra to talk rip or sg. with
> > the cisco, so I can advertise my subnet  ?


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Routing where can I ask a wirless routing question freebsd

[Dan]

Hello,

In using FreeBsd 5.2.1-Release I am running into some trouble. I have successfully 
recompiled the kernel with support for atheros based wireless cards. I have also been 
able to setup the card into access point "Hostap" mode correctly. I have tried the 
bridging recommend in the FreeBSD wireless setup at 
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-wireless.html but 
was unsuccessful. I have configured the wireless adapter with it's own subnet of ip's 
one for the actual box and the rest client ip''. The subnet is not the same as the one 
on the wireless adapter. When I enable bridge mode as dicussed in the link above, I 
can ping the ip allocated to the ethernet adapter and the one allocated to the 
wireless adapter when wirelessly connected to the freebsd box, but when the bridging 
is disabled I can only ping the ip assigned to the wireless adapter in the machine 
when wirelessly connected. When I ssh to the box either with bridging on or off to the 
wireless ip on the machine I can ping google.com and other common web sites. I need 
help trying to route the adapted and client ip's to the internet.


Dan
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

re: Routing freebsd bridge ath0 R10

[Dan]

Hello,

In using FreeBsd 5.2.1-Release I am running into some trouble. I have successfully 
recompiled the kernel with support for atheros based wireless cards. I have also been 
able to setup the card into access point "Hostap" mode correctly. I have tried the 
bridging recommend in the FreeBSD wireless setup at 
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-wireless.html but 
was unsuccessful. I have configured the wireless adapter with it's own subnet of ip's 
one for the actual box and the rest client ip''. The subnet is not the same as the one 
on the wireless adapter. When I enable bridge mode as dicussed in the link above, I 
can ping the ip allocated to the ethernet adapter and the one allocated to the 
wireless adapter when wirelessly connected to the freebsd box, but when the bridging 
is disabled I can only ping the ip assigned to the wireless adapter in the machine 
when wirelessly connected. When I ssh to the box either with bridging on or off to the 
wireless ip on the machine I can ping google.com and other common web sites. I need 
help trying to route the adapted and client ip's to the internet.

Dan
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing issue

[Matthew Seaman]

On Mon, Jul 19, 2004 at 12:55:45PM -0500, Web Walrus (Robert Wall) wrote:
> > > > > ifconfig_dc0 inet 1.2.3.4 netmask 255.255.255.248
> > > > > ifconfig_dc0_alias0 inet 2.3.4.5 netmask 255.255.255.248
> > > > > defaultrouter="1.2.3.1"
> > >
> > > It's not on the same network; that's the problem.  Two complete separate
> > > networks, same interface card.  The issue is that one of the networks
> > > works, and the other doesn't, depending on what network the default router
> > > happens to be on.
> >
> > In general, you're going to need a mechanism for dynamically routing
> > packets in order to make this sort of setup work.  For most setups,
> > you'ld need the co-operation of your ISP to make things work as well.
> 
> The situation is this - there are 4 servers that are on one network.  I'm
> trying to switch them over to another network, but I need to do it without
> downtime.  Therefore, I need to have both IPs completely active and
> functional simultaneously.

Right -- in which case, you've actually done everything right,

> Is there any way to determine what IP/interface a connection came in on,
> and continue to use that IP/interface for the outbound packets?  Maybe
> with static routes or something of that nature?

That should happen automatically whenever anyone connects to one or
other of those addresses.  It's setting the origin address on outgoing
connections that's usually the difficult bit, but in this case, that
shouldn't be a problem.  Really all you need to do is at some point
change the default route to point to the new gateway, and then wait
until any traffic to the old addressess dies away.  Then edit
/etc/rc.conf to make the new ip address the only one configured on the
interface and whatever else needs fiddling with similarly, a quick
reboot and you're done.

Cheers

Matthew


-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgprKTSAyFxbr.pgp
Description: PGP signature

Re: Routing issue

[Web Walrus (Robert Wall)]

> > > > ifconfig_dc0 inet 1.2.3.4 netmask 255.255.255.248
> > > > ifconfig_dc0_alias0 inet 2.3.4.5 netmask 255.255.255.248
> > > > defaultrouter="1.2.3.1"
> >
> > It's not on the same network; that's the problem.  Two complete separate
> > networks, same interface card.  The issue is that one of the networks
> > works, and the other doesn't, depending on what network the default router
> > happens to be on.
>
> In general, you're going to need a mechanism for dynamically routing
> packets in order to make this sort of setup work.  For most setups,
> you'ld need the co-operation of your ISP to make things work as well.

The situation is this - there are 4 servers that are on one network.  I'm
trying to switch them over to another network, but I need to do it without
downtime.  Therefore, I need to have both IPs completely active and
functional simultaneously.

Would the situation be any easier if I put one of the networks on a
separate NIC?

Is there any way to determine what IP/interface a connection came in on,
and continue to use that IP/interface for the outbound packets?  Maybe
with static routes or something of that nature?

The thing is, I used this exact setup (albeit on two different network
cards) on a FreeBSD 2.x box quite a ways back, for the same purpose
(switching networks), and it was working fine.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing issue

[Matthew Seaman]

On Mon, Jul 19, 2004 at 04:31:36AM -0500, Web Walrus (Robert Wall) wrote:
> > > ifconfig_dc0 inet 1.2.3.4 netmask 255.255.255.248
> > > ifconfig_dc0_alias0 inet 2.3.4.5 netmask 255.255.255.248
> > > defaultrouter="1.2.3.1"
> >
> > You need to change your netmask for the alias to 255.255.255.255 if it's
> > on the same network.
> 
> It's not on the same network; that's the problem.  Two complete separate
> networks, same interface card.  The issue is that one of the networks
> works, and the other doesn't, depending on what network the default router
> happens to be on.

Yes -- the OP's configuration is correct as far as it goes.  However
the problem he's facing is rather more intractable than it first
appears.

In general, you're going to need a mechanism for dynamically routing
packets in order to make this sort of setup work.  For most setups,
you'ld need the co-operation of your ISP to make things work as well.

There's two areas where you can use this dual setup profitably.

The first is failover -- should one of the connections go down, you'll
automatically switch to using the other.  About the simplest way of
doing something like that is to run a script periodically (say once
every 5 minutes) that sends a ping down the active channel, and if
there's no response, it switches the default route to the other
channel.  This means that normally all your traffic will go down one
of the connections, and there won't be any bandwidth advantages but
you will get increased resilience.

The second is 'policy based routing' -- which is a good term to google
for.  Under FreeBSD this is implemented using the ipfw(8) 'fwd'
command which lets you dynamically redirect packets down one channel
or the other.  That means you can do things like select out HTTP
traffic and send it via one channel, leaving all of the other traffic
to go by the other.  That lets you share out your bandwidth between
available channels, but doesn't give you any advantages in terms of
resilience.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgpbVdI29YXTM.pgp
Description: PGP signature

Re: Routing issue

[Kevin Stevens]

On Jul 19, 2004, at 02:12, Web Walrus (Robert Wall) wrote:
That network card has a config roughly like
ifconfig_dc0 inet 1.2.3.4 netmask 255.255.255.248
ifconfig_dc0_alias0 inet 2.3.4.5 netmask 255.255.255.248
defaultrouter="1.2.3.1"
Excuse me why I interject that it's a royal PITA when people post 
obfuscated IP information while asking IP-related questions.  It 
inevitably introduces confusion.  Ok, I feel better now...

When I have the network set up in this manner (packets coming in via 
two
external lines plugged into the same switch), I can only access the
network that is on the same network as the default router.  In the 
example
above, I can access the server by 1.2.3.4, but not by 2.3.4.5.  If I
change the defaultrouter to 2.3.4.1, I can access the server by 2.3.4.5
but not 1.2.3.4.
Access the server from where?  Let me test my understanding.  You have 
a server with one NIC and two addresses, plugged into a single switched 
network along with two ethernet connections to external ISPs, and 
you're trying to connect to the server from a remote network via the 
different addresses?

If both addresses can reach the network you are connecting from, it 
should work via either address.  Note that the RESPONSE may come to you 
from a different address, and if that confuses your application THAT 
may break.  For example, if you come in on 2.3.4.5, the reply will 
still return via 1.2.3.4 - your server can only have one default 
gateway, and if that's how it knows to reach you, that's where it will 
go.

If your two networks can't both reach your source network, then yes, it 
will break.

There are workarounds, most involve either a dynamic routing protocol 
that can assign priorites to the different paths, or introducing an 
external device (firewall, router) that basically does the same thing.  
Essentially you need more elaborate routing that takes availability 
into account.

KeS
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing issue

[Web Walrus (Robert Wall)]

> > ifconfig_dc0 inet 1.2.3.4 netmask 255.255.255.248
> > ifconfig_dc0_alias0 inet 2.3.4.5 netmask 255.255.255.248
> > defaultrouter="1.2.3.1"
>
> You need to change your netmask for the alias to 255.255.255.255 if it's
> on the same network.

It's not on the same network; that's the problem.  Two complete separate
networks, same interface card.  The issue is that one of the networks
works, and the other doesn't, depending on what network the default router
happens to be on.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing issue

[Nelis Lamprecht]

On Mon, 2004-07-19 at 11:12, Web Walrus (Robert Wall) wrote:
> I just installed a secondary internet connection at my office, and I'm
> having a bizarre issue...
> 
> I have a network card - dc0
> 
> That network card has a config roughly like
> 
> ifconfig_dc0 inet 1.2.3.4 netmask 255.255.255.248
> ifconfig_dc0_alias0 inet 2.3.4.5 netmask 255.255.255.248
> defaultrouter="1.2.3.1"
> 

Read this page regarding adding aliases:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-virtual-hosts.html

You need to change your netmask for the alias to 255.255.255.255 if it's
on the same network.

Regards,
-- 
Nelis Lamprecht
PGP: http://www.8ball.co.za/pgpkey/nelis.asc
"Unix IS user friendly.. It's just selective about who its friends are."


signature.asc
Description: This is a digitally signed message part

Re: Routing Training Books Please!!

[epilogue]

On Tue, 13 Jul 2004 16:24:36 -0400 (EDT)
"Steve Bertrand" <[EMAIL PROTECTED]> wrote:

> > After many years of waiting my company has a position opening up that I
> > can fill. I spoke with the Net Admin and asked if there were any one
> > skill that would be of a great benefit to my company and his response
> > was Routing, IP and subnetting (ok so more then one. But I swear he can
> > count).
> >
> > So here I am with maybe a month before they make a decision and I am
> > thinking I should beef up on my skills.
> >
> > I am hoping someone out there may know of some "GREAT" (free, I am a
> > poor slob) resources for Routing. I have exactly 0 experience in
> > Routing. I do however have a Cisco 1700 at home to practice with.
> >
> > I could use some IP and subnetting refreshers so I am open to
> > suggestions there too.
> >
> > I am sorry to bother everyone. I have had such great help from the
> > FreeBSD community since I started running it at home I thought maybe
> > someone out there may know of a good place for me to start.
> >

i found this document to be both particularly helpful and extremely free. 
the ideas are clearly expressed and the text thoughtfully written.  it was
one component of the training given to internet technicians at a canadian
telco for which i once worked.

http://www.3com.com/other/pdfs/infra/corpinfo/en_US/501302.pdf

you can get through this document in 1-2 days, if you apply yourself.  it
also includes several exercises, which i highly recommend doing (and more
than once).  what is it again, adult learners tend to retain:

 10% of what they read
 20% of what they hear
 30% of what they see
 50% of what they see and hear
 70% of what they talk over with others
 80% of what they use and do in real life
 95% of what they teach someone else to do

whatever.

hope this helps.


cheers,
epi
 
> Here are a few...
> 
> http://www.cisco.com/warp/public/779/smbiz/community/routing_to.html
> 
> This one covers the OSI model, media and others...looks interesting:
> 
> http://www.ictglobal.com/ICT009/network_basics.html
> 
> and this to due with subnetting etc...subnetting is the most confusing,
> so if you use it extensively in your environment, it may be a valuable
> asset to have:
> 
> http://www.ralphb.net/IPSubnet/
> 
> HTH,
> 
> Cheers,
> 
> Steve
> 
> >
> > Thank you,
> > Joshua Lewis
> >
> > ___
> > [EMAIL PROTECTED] mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> > "[EMAIL PROTECTED]"
> >
> 
> 
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
> 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Routing Training Books Please!!

[Joshua Lewis]

Thank you Jimi this is going to be a perfect start. My family thanks you.
Well they will when I get home and tell them the good news.


Thank you,
Joshua Lewis



Thompson, Jimi
> Josh,
>
> I found several on google that look sensible.  See if these don't help
> you.  Your employer should probably be willing to purchase a reference
> book or two.  I'm not sure what kind of gear you're running at work, but
> you can get a good feel for how things work by playing with routed on
> your FreeBSD box.
>
> Subnetting Tutorial - http://www.ralphb.net/IPSubnet/
>
> Basic Routing - http://www.sangoma.com/fguide.htm
>
> OSPF - http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ospf.htm
>
> RIP - http://tutorials.beginners.co.uk/read/category/90/id/285/p/2
>
> BGP - http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/icsbgp4.htm
>
>
> Thanks,
>
> Ms. Jimi Thompson, CISSP
> Manager, Web Operations
> Cox School of Business
> Southern Methodist University
>
> "If we want women to do the same work as men, we must teach them the
> same things." - Plato
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Lewis
> Sent: Tuesday, July 13, 2004 3:08 PM
> To: [EMAIL PROTECTED]
> Subject: Routing Training Books Please!!
>
> After many years of waiting my company has a position opening up that I
> can fill. I spoke with the Net Admin and asked if there were any one
> skill
> that would be of a great benefit to my company and his response was
> Routing, IP and subnetting (ok so more then one. But I swear he can
> count).
>
> So here I am with maybe a month before they make a decision and I am
> thinking I should beef up on my skills.
>
> I am hoping someone out there may know of some "GREAT" (free, I am a
> poor
> slob) resources for Routing. I have exactly 0 experience in Routing. I
> do
> however have a Cisco 1700 at home to practice with.
>
> I could use some IP and subnetting refreshers so I am open to
> suggestions
> there too.
>
> I am sorry to bother everyone. I have had such great help from the
> FreeBSD
> community since I started running it at home I thought maybe someone out
> there may know of a good place for me to start.
>
>
> Thank you,
> Joshua Lewis
>
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
>
>

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing Training Books Please!!

[Steve Bertrand]

> After many years of waiting my company has a position opening up that I
> can fill. I spoke with the Net Admin and asked if there were any one skill
> that would be of a great benefit to my company and his response was
> Routing, IP and subnetting (ok so more then one. But I swear he can
> count).
>
> So here I am with maybe a month before they make a decision and I am
> thinking I should beef up on my skills.
>
> I am hoping someone out there may know of some "GREAT" (free, I am a poor
> slob) resources for Routing. I have exactly 0 experience in Routing. I do
> however have a Cisco 1700 at home to practice with.
>
> I could use some IP and subnetting refreshers so I am open to suggestions
> there too.
>
> I am sorry to bother everyone. I have had such great help from the FreeBSD
> community since I started running it at home I thought maybe someone out
> there may know of a good place for me to start.
>

Here are a few...

http://www.cisco.com/warp/public/779/smbiz/community/routing_to.html

This one covers the OSI model, media and others...looks interesting:

http://www.ictglobal.com/ICT009/network_basics.html

and this to due with subnetting etc...subnetting is the most confusing, so
if you use it extensively in your environment, it may be a valuable asset
to have:

http://www.ralphb.net/IPSubnet/

HTH,

Cheers,

Steve

>
> Thank you,
> Joshua Lewis
>
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
>


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Routing Training Books Please!!

[Thomas_Knight]

Here are a couple of books I have read and would suggest. They are not free
but they are worth it...


Routing TCP/IP Volume I (CCIE Professional Development)
http://www.amazon.com/exec/obidos/tg/detail/-/1578700418/qid=1089749604/sr=1
-1/ref=sr_1_1/104-0916091-2402328?v=glance&s=books

Routing TCP/IP Volume II (CCIE Professional Development)
http://www.amazon.com/exec/obidos/tg/detail/-/1578700892/qid=1089749604/sr=1
-3/ref=sr_1_3/104-0916091-2402328?v=glance&s=books




Thomas G. Knight
ADP - Data Center Team
[EMAIL PROTECTED]
(801) 956-7449



Home computers are being called upon to perform many new functions,
including the consumption of homework formerly eaten by the dog.

-- Doug Larson


-Original Message-
From: Joshua Lewis [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 13, 2004 2:08 PM
To: [EMAIL PROTECTED]
Subject: Routing Training Books Please!!

After many years of waiting my company has a position opening up that I
can fill. I spoke with the Net Admin and asked if there were any one skill
that would be of a great benefit to my company and his response was
Routing, IP and subnetting (ok so more then one. But I swear he can
count).

So here I am with maybe a month before they make a decision and I am
thinking I should beef up on my skills.

I am hoping someone out there may know of some "GREAT" (free, I am a poor
slob) resources for Routing. I have exactly 0 experience in Routing. I do
however have a Cisco 1700 at home to practice with.

I could use some IP and subnetting refreshers so I am open to suggestions
there too.

I am sorry to bother everyone. I have had such great help from the FreeBSD
community since I started running it at home I thought maybe someone out
there may know of a good place for me to start.


Thank you,
Joshua Lewis

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"