Re: cannot reach internal network from gateway (and vice-versa)
On 12/22/09 4:01 AM, Stijn wrote: Ross Davis wrote: I am almost certainly doing something really stupid so hopefully someone can point out where the hole in my brain lies. I have a built a firewall/gateway from using OpenBSD 4.6. The external interface is 192.168.5.250 which is attached to a DSL router. The internal interface is 192.168.59.254 which is attached to a switch, branching out to the rest of my internal network. From the gateway I can ping the outside world (e.g. google). However, I cannot ping machines on the internal network. I tried using a minimal set of PF rules - didn't work. I disabled PF entirely - still could not ping the internal network. Oddly, the dhcp server I am running on the gateway is reporting DHCP requests. So traffic is indeed arriving at the gateway from the internal network. Despite that the dhcp server says it is handing out addresses, machines on the internal network are not getting them. If I manually set an IP address on an internal machine, it can still not ping the gateway. Machines on the internal network /can/ ping each other though. When logging on PF, I can see my pings leaving the machine, but nothing coming back. I tried changing the interfaces around to see if the problem was a bad card, but I got the same problem. I tried rebooting the switches - no change. What am I missing? Thanks, Ross Hi Ross, -First of, have both the firewall and switch port the same speed and duplex settings (e.g. 100Mb/full duplex)? They should be auto-negotiated correctly but check it anyway. Is this a managed switch, i.e. is it using vlans? -What's the output of ifconfig? -What's the output of cat /etc/dhcpd.conf? -What's the output of arp -an? -What do you see if you sniff the interal interface? (e.g. run tcpdump -ni int_if icmp on the firewall and initiate a ping from an internal host) I think there's a typo somewhere in your configs regarding your gateway address, be it a wrong subnet mask, typo in the ip address, etc... It's normal you see the dhcp requests since those are broadcasts. HTH, Stijn Thanks to all that offered advice on this. After tracing wires around, I found that the problem was that the network interface and the switch didn't like each other. I tried rebooting the switch and using a different port - no luck. But when I tried plugging the cable into a different switch, everything worked. Perhaps my older onboard network interfaces and my D-Link switch have some sort of incompatible settings... regardless, now I have everything up and running. Thanks! ross
cannot reach internal network from gateway (and vice-versa)
I am almost certainly doing something really stupid so hopefully someone can point out where the hole in my brain lies. I have a built a firewall/gateway from using OpenBSD 4.6. The external interface is 192.168.5.250 which is attached to a DSL router. The internal interface is 192.168.59.254 which is attached to a switch, branching out to the rest of my internal network. From the gateway I can ping the outside world (e.g. google). However, I cannot ping machines on the internal network. I tried using a minimal set of PF rules - didn't work. I disabled PF entirely - still could not ping the internal network. Oddly, the dhcp server I am running on the gateway is reporting DHCP requests. So traffic is indeed arriving at the gateway from the internal network. Despite that the dhcp server says it is handing out addresses, machines on the internal network are not getting them. If I manually set an IP address on an internal machine, it can still not ping the gateway. Machines on the internal network /can/ ping each other though. When logging on PF, I can see my pings leaving the machine, but nothing coming back. I tried changing the interfaces around to see if the problem was a bad card, but I got the same problem. I tried rebooting the switches - no change. What am I missing? Thanks, Ross
Re: cannot reach internal network from gateway (and vice-versa)
On Tue, Dec 22, 2009 at 12:05 PM, Ross Davis rda...@ffame.org wrote: I am almost certainly doing something really stupid so hopefully someone can point out where the hole in my brain lies. I have a built a firewall/gateway from using OpenBSD 4.6. The external interface is 192.168.5.250 which is attached to a DSL router. The internal interface is 192.168.59.254 which is attached to a switch, branching out to the rest of my internal network. From the gateway I can ping the outside world (e.g. google). However, I cannot ping machines on the internal network. I tried using a minimal set of PF rules - didn't work. I disabled PF entirely - still could not ping the internal network. Oddly, the dhcp server I am running on the gateway is reporting DHCP requests. So traffic is indeed arriving at the gateway from the internal network. Despite that the dhcp server says it is handing out addresses, machines on the internal network are not getting them. If I manually set an IP address on an internal machine, it can still not ping the gateway. Machines on the internal network /can/ ping each other though. When logging on PF, I can see my pings leaving the machine, but nothing coming back. I tried changing the interfaces around to see if the problem was a bad card, but I got the same problem. I tried rebooting the switches - no change. What am I missing? Thanks, Ross Hi, It could be that the DHCP responses and the pings directed at the internal network are somehow going out to the external connection. Can you show your routing table and /etc/hostname.* files? Thanks -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse
