/23 static routing question
Hi, I have added an IP of the 2nd group of 254 addresses in a /23. let's call them100.100.98.0 and 100.100.99.0 what's the correct way to set up the routing table for this and how my rc.conf should look Currently netstat shows something like the below DestinationGatewayFlagsRefs Use Netif Expire default100.100.98.254 UGS 0 111301074 bge0 100.100.98.0 link#1 U 0 1470707172 bge0 But i suspect i want: Internet: DestinationGatewayFlagsRefs Use Netif Expire default100.100.98.254 UGS 0 111301074 bge0 100.100.98.0 link#1 U 0 1470707172 bge0 100.100.99.0 link#1 U 0 1470707172 bge0 or 100.100.98.0/23 link#1 U 0 1470707172 bge0 many thanks Paul. -- - Paul Macdonald IFDNRG Ltd Web and video hosting - t: 0131 5548070 m: 07970339546 e: p...@ifdnrg.com w: http://www.ifdnrg.com - IFDNRG 40 Maritime Street Edinburgh EH6 6SA High Specification Dedicated Servers from £100.00pm ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
SOLVED /23 static routing question
On 13/03/2013 14:59, Paul Macdonald wrote: Hi, I have added an IP of the 2nd group of 254 addresses in a /23. let's call them100.100.98.0 and 100.100.99.0 what's the correct way to set up the routing table for this and how my rc.conf should look Currently netstat shows something like the below DestinationGatewayFlagsRefs Use Netif Expire default100.100.98.254 UGS 0 111301074 bge0 100.100.98.0 link#1 U 0 1470707172 bge0 But i suspect i want: Internet: DestinationGatewayFlagsRefs Use Netif Expire default100.100.98.254 UGS 0 111301074 bge0 100.100.98.0 link#1 U 0 1470707172 bge0 100.100.99.0 link#1 U 0 1470707172 bge0 or 100.100.98.0/23 link#1 U 0 1470707172 bge0 restarting routing seemed to do this fine...:P / FreeBSD will automatically identify any hosts (//test0//in the example) on the local Ethernet and add a route for that host, directly to it over the Ethernet interface, //ed0// /http://www.freebsd.org/doc/handbook/network-routing.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: wireless and/or routing question
On Thu, Jan 12, 2012 at 11:29 PM, Da Rock freebsd-questi...@herveybayaustralia.com.au wrote: On 01/13/12 17:11, Waitman Gobble wrote: On Thu, Jan 12, 2012 at 10:04 PM, Da Rock freebsd-questions@**herveybayaustralia.com.aufreebsd-questi...@herveybayaustralia.com.au wrote: On 01/13/12 15:29, Waitman Gobble wrote: Hello, I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble with the wireless setup. I have two wireless cards, the BCM94312MCG that came with it, and an Atheros 5424/2424 that i swapped out. I can run the BCM with ndis and the windows xp driver, and the Atheros with the ath driver that is installed with FreeBSD. (But BCM/ndis is noticeably much slower, Atheros - no green wireless light appears on netbook ) i am getting the same results with either nic card, and i think i am just missing something simple. ath0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 2290 ether 00:24:2b:ad:d6:5f nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet autoselect mode 11g status: associated wlan0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 00:24:2b:ad:d6:5f inet 10.0.0.21 netmask 0xff00 broadcast 10.0.0.255 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet OFDM/24Mbps mode 11g status: associated ssid CUDAPANG channel 6 (2437 MHz 11g) bssid 00:22:3f:9b:b8:aa regdomain 101 indoor ecm authmode OPEN privacy ON deftxkey 1 wepkey 1:104-bit txpower 20 bmiss 7 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme burst connecting: ifconfig wlan0 create wlandev ath0 ifconfig wlan0 up scan ifconfig wlan0 inet 10.0.0.21 netmask 255.255.255.0 ssid CUDAPANG wepmode on weptxkey 1 wepkey 1:0x10961323931B628F844360718A scan results: p00ntang# ifconfig wlan0 up scan SSID/MESH IDBSSID CHAN RATE S:N INT CAPS CUDAPANG00:22:3f:9a:16:1b6 54M -69:-93 100 EPS ATH CUDAPANG00:22:3f:9b:b8:aa6 54M -68:-93 100 EPS WME ATH Abujie 00:14:6c:7a:98:ec6 54M -89:-93 100 EPS RSN WPA ATH TDMA chavez family 00:c0:02:11:22:336 54M -88:-93 100 EP HTCAP RSN WME WPS My machine shows up on the wireless router as a connected device w/ correct mac and ip showing But i cannot ping gw, no machine on lan or outside. (no route to host) p00ntang# netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default10.0.0.1 UGS 0 3338 ale0 10.0.0.0/24link#2 U 0 2405 ale0 10.0.0.20 link#2 UHS 00lo0 10.0.0.21 link#9 UHS 02lo0 127.0.0.1 link#8 UH 0 12lo0 I do not see ath0' or wlan0 in the routing table under 'Netif', not sure if that's the problem :) p00ntang# less /etc/rc.conf hostname=p00ntang ifconfig_ale0= inet 10.0.0.20 netmask 255.255.255.0 defaultrouter=10.0.0.1 sshd_enable=YES ntpd_enable=YES # Set dumpdev to AUTO to enable crash dumps, NO to disable dumpdev=NO fusefs_enable=YES hald_enable=YES dbus_enable=YES moused_enable=YES snddetect_enable=YES mixer_enable=YES avahi_daemon_enable=YES ices0_enable=YES p00ntang# grep ath /boot/loader.conf if_ath_load=YES p00ntang# grep wlan /boot/loader.conf wlan_wep_load=YES wlan_ccmp_load=YES wlan_tkip_load=YES i've tried /etc/rc.d/routing restart.. no worky :) here's my wired connection ifconfig --- wired connection works :) ale0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=c319aTXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM, TSO4,WOL_MCAST,WOL_MAGIC,VLAN_HWTSO,LINKSTATE ether 00:23:5a:59:e1:e4 inet 10.0.0.20 netmask 0xff00 broadcast 10.0.0.255 inet6 fe80::223:5aff:fe59:e1e4%ale0 prefixlen 64 scopeid 0x2 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: Ethernet autoselect (100baseTXfull-duplex) status: active any help/suggestions much appreciated! The solution is simple, but I know the frustration well. Your problem is that the route is looking to go through your wired network port, you started the network on the wired and then switched to wifi so the routing needs to change. Run as root: route change default -interface wlan0 will fix that temporarily. To fix it permanently (better for a laptop situation anyway, I feel), setup a lagg port including ale0 and wlan0. See http://www.freebsd.org/doc/handbook/network-aggregation.htmlhttp://www.freebsd.org/doc/**handbook/network-aggregation.**html http://www.freebsd.org/**doc/handbook/network-**aggregation.htmlhttp://www.freebsd.org/doc/handbook/network-aggregation.html Good luck and happy networking!
Re: wireless and/or routing question
El día Friday, January 13, 2012 a las 07:03:11AM -0800, Waitman Gobble escribió: Hi, Thanks. I've always heard countless rumors about WPA being wise :) I'll take your advice and take a step up in technology. My stubborn conservatism probably roots back to the time when not all devices could do WPA, or at least I had crazy trouble getting things to work. But this learned attitude was probably around 2000, which was like a million years ago with dinosaurs and stuff. Time for me to finally get with it. ... Concerning WEP ./. WPA: From the technical point it is clear, WPA is more secure; but there are other aspects as well; we have had in Germany cases where the WAN IP of the AP appeared as source addr of some kind of crime (access to child porn or whatever) and the AP owner said: I'm using WEP, it was not me, and someone highjacked my AP ... and he/she went home as free person; matthias -- Matthias Apitz e g...@unixarea.de - w http://www.unixarea.de/ UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: wireless and/or routing question
On Thu, 12 Jan 2012, Waitman Gobble wrote: Hello, I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble with the wireless setup. I have two wireless cards, the BCM94312MCG that came with it, and an Atheros 5424/2424 that i swapped out. I can run the BCM with ndis and the windows xp driver, and the Atheros with the ath driver that is installed with FreeBSD. (But BCM/ndis is noticeably much slower, Atheros - no green wireless light appears on netbook ) On other models of the Aspire One (AOA150 and D250), adding some ath-specific settings to /boot/loader.conf enables the LED: dev.ath.0.ledpin=3 dev.ath.0.softled=1 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: wireless and/or routing question
On Jan 13, 2012 7:19 AM, Matthias Apitz g...@unixarea.de wrote: El día Friday, January 13, 2012 a las 07:03:11AM -0800, Waitman Gobble escribió: Hi, Thanks. I've always heard countless rumors about WPA being wise :) I'll take your advice and take a step up in technology. My stubborn conservatism probably roots back to the time when not all devices could do WPA, or at least I had crazy trouble getting things to work. But this learned attitude was probably around 2000, which was like a million years ago with dinosaurs and stuff. Time for me to finally get with it. ... Concerning WEP ./. WPA: From the technical point it is clear, WPA is more secure; but there are other aspects as well; we have had in Germany cases where the WAN IP of the AP appeared as source addr of some kind of crime (access to child porn or whatever) and the AP owner said: I'm using WEP, it was not me, and someone highjacked my AP ... and he/she went home as free person; matthias -- Matthias Apitz e g...@unixarea.de - w http://www.unixarea.de/ UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 thanks, going to try WPA this weekend. My apartment is not so convenient for drive-by scanners (cant think of the proper term at the moment) but i do have at least one neighbor who appears potentially suspect.. like he might try to hack my ap for fun. Waitman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: wireless and/or routing question
On Jan 13, 2012 7:38 AM, Warren Block wbl...@wonkity.com wrote: On Thu, 12 Jan 2012, Waitman Gobble wrote: Hello, I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble with the wireless setup. I have two wireless cards, the BCM94312MCG that came with it, and an Atheros 5424/2424 that i swapped out. I can run the BCM with ndis and the windows xp driver, and the Atheros with the ath driver that is installed with FreeBSD. (But BCM/ndis is noticeably much slower, Atheros - no green wireless light appears on netbook ) On other models of the Aspire One (AOA150 and D250), adding some ath-specific settings to /boot/loader.conf enables the LED: dev.ath.0.ledpin=3 dev.ath.0.softled=1 cool thanks ill try it out. Waitman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: wireless and/or routing question
On 01/14/12 01:38, Warren Block wrote: On Thu, 12 Jan 2012, Waitman Gobble wrote: Hello, I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble with the wireless setup. I have two wireless cards, the BCM94312MCG that came with it, and an Atheros 5424/2424 that i swapped out. I can run the BCM with ndis and the windows xp driver, and the Atheros with the ath driver that is installed with FreeBSD. (But BCM/ndis is noticeably much slower, Atheros - no green wireless light appears on netbook ) On other models of the Aspire One (AOA150 and D250), adding some ath-specific settings to /boot/loader.conf enables the LED: dev.ath.0.ledpin=3 dev.ath.0.softled=1 I'm curious as to how you can find out which pin to use in this setting? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: wireless and/or routing question UPDATE - WPA
On Fri, Jan 13, 2012 at 8:34 AM, Waitman Gobble gobble...@gmail.com wrote: On Jan 13, 2012 7:19 AM, Matthias Apitz g...@unixarea.de wrote: El día Friday, January 13, 2012 a las 07:03:11AM -0800, Waitman Gobble escribió: Hi, Thanks. I've always heard countless rumors about WPA being wise :) I'll take your advice and take a step up in technology. My stubborn conservatism probably roots back to the time when not all devices could do WPA, or at least I had crazy trouble getting things to work. But this learned attitude was probably around 2000, which was like a million years ago with dinosaurs and stuff. Time for me to finally get with it. ... Concerning WEP ./. WPA: From the technical point it is clear, WPA is more secure; but there are other aspects as well; we have had in Germany cases where the WAN IP of the AP appeared as source addr of some kind of crime (access to child porn or whatever) and the AP owner said: I'm using WEP, it was not me, and someone highjacked my AP ... and he/she went home as free person; matthias -- Matthias Apitz e g...@unixarea.de - w http://www.unixarea.de/ UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 thanks, going to try WPA this weekend. My apartment is not so convenient for drive-by scanners (cant think of the proper term at the moment) but i do have at least one neighbor who appears potentially suspect.. like he might try to hack my ap for fun. Waitman Hi, Today I picked up a D-Link DIR-815 and set it up for WPA with TKIP/PSK. I believe i followed the instructions in the FreeBSD handbook. However, the wpa_supplicant appears to hang indefinitely. If i control-c it barfs out an error. This clones ale0 wired NIC MAC to ath0 wireless NIC for lagg ifconfig ath0 ether 00:23:5a:59:e1:e4 ifconfig wlan0 create wlandev ath0 ssid BOOTAY ifconfig wlan0 up scan here's the wpa_supplicant that's hanging: wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf p00ntang# wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf Trying to associate with 1c:7e:e5:de:ed:52 (SSID='BOOTAY' freq=2452 MHz) Associated with 1c:7e:e5:de:ed:52 WPA: Key negotiation completed with 1c:7e:e5:de:ed:52 [PTK=TKIP GTK=TKIP] CTRL-EVENT-CONNECTED - Connection to 1c:7e:e5:de:ed:52 completed (auth) [id=0 id_str=] ^CCTRL-EVENT-TERMINATING - signal 2 received ioctl[SIOCS80211, op 20, len 7]: Can't assign requested address ELOOP: remaining socket: sock=4 eloop_data=0x284081c0 user_data=0x28412080 handler=0x806d620 If I terminate with ampersand to run asynchronously it keeps running and i have a wireless connection - it works. p00ntang# wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf I guess that makes sense but the handbook is not clear to me that it's to be done this way. It's the first time i've set up WPA on FreeBSD so i'm not 100% about what to expect. i am noticing messages about rekeying, so maybe the wpa-supplicant is supposed to keep running. here's /etc/wpa_supplicant.conf network={ ssid=BOOTAY psk=PASSWORD GOES HERE } here's the rest of the lagg to set wired/wireless interface with a failover configuration. this is pretty clear in the handbook but i'll put it here in case someone runs across the thread in the future. ifconfig ale0 up ifconfig wlan0 up ifconfig lagg0 create ifconfig lagg0 up laggproto failover laggport ale0 laggport wlan0 10.0.0.20/24 Thanks Waitman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: wireless and/or routing question UPDATE - WPA
On 01/14/12 16:28, Waitman Gobble wrote: On Fri, Jan 13, 2012 at 8:34 AM, Waitman Gobblegobble...@gmail.com wrote: On Jan 13, 2012 7:19 AM, Matthias Apitzg...@unixarea.de wrote: El día Friday, January 13, 2012 a las 07:03:11AM -0800, Waitman Gobble escribió: Hi, Thanks. I've always heard countless rumors about WPA being wise :) I'll take your advice and take a step up in technology. My stubborn conservatism probably roots back to the time when not all devices could do WPA, or at least I had crazy trouble getting things to work. But this learned attitude was probably around 2000, which was like a million years ago with dinosaurs and stuff. Time for me to finally get with it. ... Concerning WEP ./. WPA: From the technical point it is clear, WPA is more secure; but there are other aspects as well; we have had in Germany cases where the WAN IP of the AP appeared as source addr of some kind of crime (access to child porn or whatever) and the AP owner said: I'm using WEP, it was not me, and someone highjacked my AP ... and he/she went home as free person; matthias -- Matthias Apitz eg...@unixarea.de - w http://www.unixarea.de/ UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 thanks, going to try WPA this weekend. My apartment is not so convenient for drive-by scanners (cant think of the proper term at the moment) but i do have at least one neighbor who appears potentially suspect.. like he might try to hack my ap for fun. Waitman Hi, Today I picked up a D-Link DIR-815 and set it up for WPA with TKIP/PSK. I believe i followed the instructions in the FreeBSD handbook. However, the wpa_supplicant appears to hang indefinitely. If i control-c it barfs out an error. This clones ale0 wired NIC MAC to ath0 wireless NIC for lagg ifconfig ath0 ether 00:23:5a:59:e1:e4 ifconfig wlan0 create wlandev ath0 ssid BOOTAY ifconfig wlan0 up scan here's the wpa_supplicant that's hanging: wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf p00ntang# wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf Trying to associate with 1c:7e:e5:de:ed:52 (SSID='BOOTAY' freq=2452 MHz) Associated with 1c:7e:e5:de:ed:52 WPA: Key negotiation completed with 1c:7e:e5:de:ed:52 [PTK=TKIP GTK=TKIP] CTRL-EVENT-CONNECTED - Connection to 1c:7e:e5:de:ed:52 completed (auth) [id=0 id_str=] ^CCTRL-EVENT-TERMINATING - signal 2 received ioctl[SIOCS80211, op 20, len 7]: Can't assign requested address ELOOP: remaining socket: sock=4 eloop_data=0x284081c0 user_data=0x28412080 handler=0x806d620 If I terminate with ampersand to run asynchronously it keeps running and i have a wireless connection - it works. p00ntang# wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf I guess that makes sense but the handbook is not clear to me that it's to be done this way. It's the first time i've set up WPA on FreeBSD so i'm not 100% about what to expect. i am noticing messages about rekeying, so maybe the wpa-supplicant is supposed to keep running. here's /etc/wpa_supplicant.conf network={ ssid=BOOTAY psk=PASSWORD GOES HERE } here's the rest of the lagg to set wired/wireless interface with a failover configuration. this is pretty clear in the handbook but i'll put it here in case someone runs across the thread in the future. ifconfig ale0 up ifconfig wlan0 up ifconfig lagg0 create ifconfig lagg0 up laggproto failover laggport ale0 laggport wlan0 10.0.0.20/24 Just stick the config in rc.conf and make sure you include WPA in the wlan0 definition. It will just work then. For reference, to run wpa_supplicant from the cli you usually add -B in the flags to daemonise it, and run in the background; otherwise it will run in the foreground for debugging purposes. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
wireless and/or routing question
Hello, I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble with the wireless setup. I have two wireless cards, the BCM94312MCG that came with it, and an Atheros 5424/2424 that i swapped out. I can run the BCM with ndis and the windows xp driver, and the Atheros with the ath driver that is installed with FreeBSD. (But BCM/ndis is noticeably much slower, Atheros - no green wireless light appears on netbook ) i am getting the same results with either nic card, and i think i am just missing something simple. ath0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 2290 ether 00:24:2b:ad:d6:5f nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet autoselect mode 11g status: associated wlan0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 00:24:2b:ad:d6:5f inet 10.0.0.21 netmask 0xff00 broadcast 10.0.0.255 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet OFDM/24Mbps mode 11g status: associated ssid CUDAPANG channel 6 (2437 MHz 11g) bssid 00:22:3f:9b:b8:aa regdomain 101 indoor ecm authmode OPEN privacy ON deftxkey 1 wepkey 1:104-bit txpower 20 bmiss 7 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme burst connecting: ifconfig wlan0 create wlandev ath0 ifconfig wlan0 up scan ifconfig wlan0 inet 10.0.0.21 netmask 255.255.255.0 ssid CUDAPANG wepmode on weptxkey 1 wepkey 1:0x10961323931B628F844360718A scan results: p00ntang# ifconfig wlan0 up scan SSID/MESH IDBSSID CHAN RATE S:N INT CAPS CUDAPANG00:22:3f:9a:16:1b6 54M -69:-93 100 EPS ATH CUDAPANG00:22:3f:9b:b8:aa6 54M -68:-93 100 EPS WME ATH Abujie 00:14:6c:7a:98:ec6 54M -89:-93 100 EPS RSN WPA ATH TDMA chavez family 00:c0:02:11:22:336 54M -88:-93 100 EP HTCAP RSN WME WPS My machine shows up on the wireless router as a connected device w/ correct mac and ip showing But i cannot ping gw, no machine on lan or outside. (no route to host) p00ntang# netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default10.0.0.1 UGS 0 3338 ale0 10.0.0.0/24link#2 U 0 2405 ale0 10.0.0.20 link#2 UHS 00lo0 10.0.0.21 link#9 UHS 02lo0 127.0.0.1 link#8 UH 0 12lo0 I do not see ath0' or wlan0 in the routing table under 'Netif', not sure if that's the problem :) p00ntang# less /etc/rc.conf hostname=p00ntang ifconfig_ale0= inet 10.0.0.20 netmask 255.255.255.0 defaultrouter=10.0.0.1 sshd_enable=YES ntpd_enable=YES # Set dumpdev to AUTO to enable crash dumps, NO to disable dumpdev=NO fusefs_enable=YES hald_enable=YES dbus_enable=YES moused_enable=YES snddetect_enable=YES mixer_enable=YES avahi_daemon_enable=YES ices0_enable=YES p00ntang# grep ath /boot/loader.conf if_ath_load=YES p00ntang# grep wlan /boot/loader.conf wlan_wep_load=YES wlan_ccmp_load=YES wlan_tkip_load=YES i've tried /etc/rc.d/routing restart.. no worky :) here's my wired connection ifconfig --- wired connection works :) ale0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=c319aTXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MCAST,WOL_MAGIC,VLAN_HWTSO,LINKSTATE ether 00:23:5a:59:e1:e4 inet 10.0.0.20 netmask 0xff00 broadcast 10.0.0.255 inet6 fe80::223:5aff:fe59:e1e4%ale0 prefixlen 64 scopeid 0x2 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: Ethernet autoselect (100baseTX full-duplex) status: active any help/suggestions much appreciated! Thank you, Waitman Gobble San Jose California USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: wireless and/or routing question
On Thu, Jan 12, 2012 at 9:29 PM, Waitman Gobble gobble...@gmail.com wrote: Hello, I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble with the wireless setup. Hi, update- i noticed if i start routed it complains... p00ntang# routed p00ntang# routed: wlan0 (10.0.0.21/24) is duplicated by ale0 (10.0.0.20/24) so i tried shutting off ale0... now i can ping gw but still no luck getting outside. :( p00ntang# ifconfig ale0 down p00ntang# ping 10.0.0.1 PING 10.0.0.1 (10.0.0.1): 56 data bytes 64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=3.381 ms 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=2.499 ms 64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=2.893 ms ^C --- 10.0.0.1 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 2.499/2.924/3.381/0.361 ms p00ntang# ping google.com PING google.com (74.125.224.116): 56 data bytes ping: sendto: Network is down Now I feel like i need to go back to networking school 101. lol. If anyone has a hint to solve my routing situation I'd really appreciate it! Thanks, Waitman Gobble San Jose California USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: wireless and/or routing question
On 01/13/12 15:29, Waitman Gobble wrote: Hello, I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble with the wireless setup. I have two wireless cards, the BCM94312MCG that came with it, and an Atheros 5424/2424 that i swapped out. I can run the BCM with ndis and the windows xp driver, and the Atheros with the ath driver that is installed with FreeBSD. (But BCM/ndis is noticeably much slower, Atheros - no green wireless light appears on netbook ) i am getting the same results with either nic card, and i think i am just missing something simple. ath0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 2290 ether 00:24:2b:ad:d6:5f nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet autoselect mode 11g status: associated wlan0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 00:24:2b:ad:d6:5f inet 10.0.0.21 netmask 0xff00 broadcast 10.0.0.255 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet OFDM/24Mbps mode 11g status: associated ssid CUDAPANG channel 6 (2437 MHz 11g) bssid 00:22:3f:9b:b8:aa regdomain 101 indoor ecm authmode OPEN privacy ON deftxkey 1 wepkey 1:104-bit txpower 20 bmiss 7 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme burst connecting: ifconfig wlan0 create wlandev ath0 ifconfig wlan0 up scan ifconfig wlan0 inet 10.0.0.21 netmask 255.255.255.0 ssid CUDAPANG wepmode on weptxkey 1 wepkey 1:0x10961323931B628F844360718A scan results: p00ntang# ifconfig wlan0 up scan SSID/MESH IDBSSID CHAN RATE S:N INT CAPS CUDAPANG00:22:3f:9a:16:1b6 54M -69:-93 100 EPS ATH CUDAPANG00:22:3f:9b:b8:aa6 54M -68:-93 100 EPS WME ATH Abujie 00:14:6c:7a:98:ec6 54M -89:-93 100 EPS RSN WPA ATH TDMA chavez family 00:c0:02:11:22:336 54M -88:-93 100 EP HTCAP RSN WME WPS My machine shows up on the wireless router as a connected device w/ correct mac and ip showing But i cannot ping gw, no machine on lan or outside. (no route to host) p00ntang# netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default10.0.0.1 UGS 0 3338 ale0 10.0.0.0/24link#2 U 0 2405 ale0 10.0.0.20 link#2 UHS 00lo0 10.0.0.21 link#9 UHS 02lo0 127.0.0.1 link#8 UH 0 12lo0 I do not see ath0' or wlan0 in the routing table under 'Netif', not sure if that's the problem :) p00ntang# less /etc/rc.conf hostname=p00ntang ifconfig_ale0= inet 10.0.0.20 netmask 255.255.255.0 defaultrouter=10.0.0.1 sshd_enable=YES ntpd_enable=YES # Set dumpdev to AUTO to enable crash dumps, NO to disable dumpdev=NO fusefs_enable=YES hald_enable=YES dbus_enable=YES moused_enable=YES snddetect_enable=YES mixer_enable=YES avahi_daemon_enable=YES ices0_enable=YES p00ntang# grep ath /boot/loader.conf if_ath_load=YES p00ntang# grep wlan /boot/loader.conf wlan_wep_load=YES wlan_ccmp_load=YES wlan_tkip_load=YES i've tried /etc/rc.d/routing restart.. no worky :) here's my wired connection ifconfig --- wired connection works :) ale0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=c319aTXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MCAST,WOL_MAGIC,VLAN_HWTSO,LINKSTATE ether 00:23:5a:59:e1:e4 inet 10.0.0.20 netmask 0xff00 broadcast 10.0.0.255 inet6 fe80::223:5aff:fe59:e1e4%ale0 prefixlen 64 scopeid 0x2 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: Ethernet autoselect (100baseTXfull-duplex) status: active any help/suggestions much appreciated! The solution is simple, but I know the frustration well. Your problem is that the route is looking to go through your wired network port, you started the network on the wired and then switched to wifi so the routing needs to change. Run as root: route change default -interface wlan0 will fix that temporarily. To fix it permanently (better for a laptop situation anyway, I feel), setup a lagg port including ale0 and wlan0. See http://www.freebsd.org/doc/handbook/network-aggregation.html Good luck and happy networking! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: wireless and/or routing question
On Thu, Jan 12, 2012 at 10:04 PM, Da Rock freebsd-questi...@herveybayaustralia.com.au wrote: On 01/13/12 15:29, Waitman Gobble wrote: Hello, I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble with the wireless setup. I have two wireless cards, the BCM94312MCG that came with it, and an Atheros 5424/2424 that i swapped out. I can run the BCM with ndis and the windows xp driver, and the Atheros with the ath driver that is installed with FreeBSD. (But BCM/ndis is noticeably much slower, Atheros - no green wireless light appears on netbook ) i am getting the same results with either nic card, and i think i am just missing something simple. ath0: flags=8843UP,BROADCAST,**RUNNING,SIMPLEX,MULTICAST metric 0 mtu 2290 ether 00:24:2b:ad:d6:5f nd6 options=29PERFORMNUD,**IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet autoselect mode 11g status: associated wlan0: flags=8843UP,BROADCAST,**RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 00:24:2b:ad:d6:5f inet 10.0.0.21 netmask 0xff00 broadcast 10.0.0.255 nd6 options=29PERFORMNUD,**IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet OFDM/24Mbps mode 11g status: associated ssid CUDAPANG channel 6 (2437 MHz 11g) bssid 00:22:3f:9b:b8:aa regdomain 101 indoor ecm authmode OPEN privacy ON deftxkey 1 wepkey 1:104-bit txpower 20 bmiss 7 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme burst connecting: ifconfig wlan0 create wlandev ath0 ifconfig wlan0 up scan ifconfig wlan0 inet 10.0.0.21 netmask 255.255.255.0 ssid CUDAPANG wepmode on weptxkey 1 wepkey 1:0x10961323931B628F844360718A scan results: p00ntang# ifconfig wlan0 up scan SSID/MESH IDBSSID CHAN RATE S:N INT CAPS CUDAPANG00:22:3f:9a:16:1b6 54M -69:-93 100 EPS ATH CUDAPANG00:22:3f:9b:b8:aa6 54M -68:-93 100 EPS WME ATH Abujie 00:14:6c:7a:98:ec6 54M -89:-93 100 EPS RSN WPA ATH TDMA chavez family 00:c0:02:11:22:336 54M -88:-93 100 EP HTCAP RSN WME WPS My machine shows up on the wireless router as a connected device w/ correct mac and ip showing But i cannot ping gw, no machine on lan or outside. (no route to host) p00ntang# netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default10.0.0.1 UGS 0 3338 ale0 10.0.0.0/24link#2 U 0 2405 ale0 10.0.0.20 link#2 UHS 00lo0 10.0.0.21 link#9 UHS 02lo0 127.0.0.1 link#8 UH 0 12lo0 I do not see ath0' or wlan0 in the routing table under 'Netif', not sure if that's the problem :) p00ntang# less /etc/rc.conf hostname=p00ntang ifconfig_ale0= inet 10.0.0.20 netmask 255.255.255.0 defaultrouter=10.0.0.1 sshd_enable=YES ntpd_enable=YES # Set dumpdev to AUTO to enable crash dumps, NO to disable dumpdev=NO fusefs_enable=YES hald_enable=YES dbus_enable=YES moused_enable=YES snddetect_enable=YES mixer_enable=YES avahi_daemon_enable=YES ices0_enable=YES p00ntang# grep ath /boot/loader.conf if_ath_load=YES p00ntang# grep wlan /boot/loader.conf wlan_wep_load=YES wlan_ccmp_load=YES wlan_tkip_load=YES i've tried /etc/rc.d/routing restart.. no worky :) here's my wired connection ifconfig --- wired connection works :) ale0: flags=8843UP,BROADCAST,**RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=c319aTXCSUM,VLAN_MTU,**VLAN_HWTAGGING,VLAN_HWCSUM,** TSO4,WOL_MCAST,WOL_MAGIC,VLAN_**HWTSO,LINKSTATE ether 00:23:5a:59:e1:e4 inet 10.0.0.20 netmask 0xff00 broadcast 10.0.0.255 inet6 fe80::223:5aff:fe59:e1e4%ale0 prefixlen 64 scopeid 0x2 nd6 options=29PERFORMNUD,**IFDISABLED,AUTO_LINKLOCAL media: Ethernet autoselect (100baseTXfull-duplex) status: active any help/suggestions much appreciated! The solution is simple, but I know the frustration well. Your problem is that the route is looking to go through your wired network port, you started the network on the wired and then switched to wifi so the routing needs to change. Run as root: route change default -interface wlan0 will fix that temporarily. To fix it permanently (better for a laptop situation anyway, I feel), setup a lagg port including ale0 and wlan0. See http://www.freebsd.org/doc/**handbook/network-aggregation.**htmlhttp://www.freebsd.org/doc/handbook/network-aggregation.html Good luck and happy networking! __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org Thanks, that's very helpful - seems to be
Re: wireless and/or routing question
On 01/13/12 17:11, Waitman Gobble wrote: On Thu, Jan 12, 2012 at 10:04 PM, Da Rock freebsd-questi...@herveybayaustralia.com.au wrote: On 01/13/12 15:29, Waitman Gobble wrote: Hello, I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble with the wireless setup. I have two wireless cards, the BCM94312MCG that came with it, and an Atheros 5424/2424 that i swapped out. I can run the BCM with ndis and the windows xp driver, and the Atheros with the ath driver that is installed with FreeBSD. (But BCM/ndis is noticeably much slower, Atheros - no green wireless light appears on netbook ) i am getting the same results with either nic card, and i think i am just missing something simple. ath0: flags=8843UP,BROADCAST,**RUNNING,SIMPLEX,MULTICAST metric 0 mtu 2290 ether 00:24:2b:ad:d6:5f nd6 options=29PERFORMNUD,**IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet autoselect mode 11g status: associated wlan0: flags=8843UP,BROADCAST,**RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 00:24:2b:ad:d6:5f inet 10.0.0.21 netmask 0xff00 broadcast 10.0.0.255 nd6 options=29PERFORMNUD,**IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet OFDM/24Mbps mode 11g status: associated ssid CUDAPANG channel 6 (2437 MHz 11g) bssid 00:22:3f:9b:b8:aa regdomain 101 indoor ecm authmode OPEN privacy ON deftxkey 1 wepkey 1:104-bit txpower 20 bmiss 7 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme burst connecting: ifconfig wlan0 create wlandev ath0 ifconfig wlan0 up scan ifconfig wlan0 inet 10.0.0.21 netmask 255.255.255.0 ssid CUDAPANG wepmode on weptxkey 1 wepkey 1:0x10961323931B628F844360718A scan results: p00ntang# ifconfig wlan0 up scan SSID/MESH IDBSSID CHAN RATE S:N INT CAPS CUDAPANG00:22:3f:9a:16:1b6 54M -69:-93 100 EPS ATH CUDAPANG00:22:3f:9b:b8:aa6 54M -68:-93 100 EPS WME ATH Abujie 00:14:6c:7a:98:ec6 54M -89:-93 100 EPS RSN WPA ATH TDMA chavez family 00:c0:02:11:22:336 54M -88:-93 100 EP HTCAP RSN WME WPS My machine shows up on the wireless router as a connected device w/ correct mac and ip showing But i cannot ping gw, no machine on lan or outside. (no route to host) p00ntang# netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default10.0.0.1 UGS 0 3338 ale0 10.0.0.0/24link#2 U 0 2405 ale0 10.0.0.20 link#2 UHS 00lo0 10.0.0.21 link#9 UHS 02lo0 127.0.0.1 link#8 UH 0 12lo0 I do not see ath0' or wlan0 in the routing table under 'Netif', not sure if that's the problem :) p00ntang# less /etc/rc.conf hostname=p00ntang ifconfig_ale0= inet 10.0.0.20 netmask 255.255.255.0 defaultrouter=10.0.0.1 sshd_enable=YES ntpd_enable=YES # Set dumpdev to AUTO to enable crash dumps, NO to disable dumpdev=NO fusefs_enable=YES hald_enable=YES dbus_enable=YES moused_enable=YES snddetect_enable=YES mixer_enable=YES avahi_daemon_enable=YES ices0_enable=YES p00ntang# grep ath /boot/loader.conf if_ath_load=YES p00ntang# grep wlan /boot/loader.conf wlan_wep_load=YES wlan_ccmp_load=YES wlan_tkip_load=YES i've tried /etc/rc.d/routing restart.. no worky :) here's my wired connection ifconfig --- wired connection works :) ale0: flags=8843UP,BROADCAST,**RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=c319aTXCSUM,VLAN_MTU,**VLAN_HWTAGGING,VLAN_HWCSUM,** TSO4,WOL_MCAST,WOL_MAGIC,VLAN_**HWTSO,LINKSTATE ether 00:23:5a:59:e1:e4 inet 10.0.0.20 netmask 0xff00 broadcast 10.0.0.255 inet6 fe80::223:5aff:fe59:e1e4%ale0 prefixlen 64 scopeid 0x2 nd6 options=29PERFORMNUD,**IFDISABLED,AUTO_LINKLOCAL media: Ethernet autoselect (100baseTXfull-duplex) status: active any help/suggestions much appreciated! The solution is simple, but I know the frustration well. Your problem is that the route is looking to go through your wired network port, you started the network on the wired and then switched to wifi so the routing needs to change. Run as root: route change default -interface wlan0 will fix that temporarily. To fix it permanently (better for a laptop situation anyway, I feel), setup a lagg port including ale0 and wlan0. See http://www.freebsd.org/doc/**handbook/network-aggregation.**htmlhttp://www.freebsd.org/doc/handbook/network-aggregation.html Good luck and happy networking! __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.orgfreebsd-questions-unsubscr...@freebsd.org Thanks, that's very helpful - seems to be the issue. Getting rid of my ale0 ifconfig spec in
Re: Routing Question
Le Thu, 26 Aug 2010 18:17:19 -0700, Doug Hardie bc...@lafn.org a écrit : PF's route_to will return the packets to the proper router, but I have not been able to figure out which ones those would be. The source IP address can be any on either network and its highly likely that we will see packets from the same source network on both at the same time. The only distinction I see in the input packets between the two paths is the MAC address of the router. I don't see any way in pf or the system to use that to affect the return path though. the filter option reply-to looks to be what you need. It works by keeping the state of a connection (see pf.conf(5)). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Routing Question
On 27 August 2010, at 05:07, Patrick Lamaiziere wrote: Le Thu, 26 Aug 2010 18:17:19 -0700, Doug Hardie bc...@lafn.org a écrit : PF's route_to will return the packets to the proper router, but I have not been able to figure out which ones those would be. The source IP address can be any on either network and its highly likely that we will see packets from the same source network on both at the same time. The only distinction I see in the input packets between the two paths is the MAC address of the router. I don't see any way in pf or the system to use that to affect the return path though. the filter option reply-to looks to be what you need. It works by keeping the state of a connection (see pf.conf(5)). That works great on the output if you can figure out which packets to use it on. The only way I can see to separate the traffic is using the router MAC address. I don't find anything in pf that will look at that.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Routing Question
On 8/27/2010 9:09 PM, Doug Hardie wrote: On 27 August 2010, at 05:07, Patrick Lamaiziere wrote: Le Thu, 26 Aug 2010 18:17:19 -0700, Doug Hardiebc...@lafn.org a écrit : PF's route_to will return the packets to the proper router, but I have not been able to figure out which ones those would be. The source IP address can be any on either network and its highly likely that we will see packets from the same source network on both at the same time. The only distinction I see in the input packets between the two paths is the MAC address of the router. I don't see any way in pf or the system to use that to affect the return path though. the filter option reply-to looks to be what you need. It works by keeping the state of a connection (see pf.conf(5)). That works great on the output if you can figure out which packets to use it on. The only way I can see to separate the traffic is using the router MAC address. I don't find anything in pf that will look at that. Yes, pf cannot use the MAC address to classify a packet. The most sensible sollution would be installing a single router to handle both lines but I know it's not always feasible to do so for several reasons. ipfw can use MAC addresses for classification, perhaps you hack some rules using fwd, skipto and mac. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Routing Question
I have several servers with one ethernet interface. Currently it is connected via a WAN to the internet. We are in the midst of switching to a different provider. I would like to be able to operate with both temporarily until all the users/services get switched. The new circuit is in and working. I would like somehow to configure the system (I have pf in use) to be able to detect the packets that come from a specific router and route the return packets back through it. The other network would be the default. PF's route_to will return the packets to the proper router, but I have not been able to figure out which ones those would be. The source IP address can be any on either network and its highly likely that we will see packets from the same source network on both at the same time. The only distinction I see in the input packets between the two paths is the MAC address of the router. I don't see any way in pf or the system to use that to affect the return path though.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Multiple NICs routing question
At 06:26 AM 10/9/2008, Konrad Heuer wrote: Hello, I've a server box with four NICs addressing different subnets: NIC1: one class c subnet of same class b network NIC2: another class c subnet of same class b network NIC3: local unrouted network NIC4: local unrouted network In the current configuration I use a default gateway (and no routing daemon) in the subnet addressed by NIC1. Now of course, if a client in an arbitrary different class c subnet contacts the server using the ip address of NIC2, it gets a reply from NIC1. How can I cange this? I'd like the server to answer via the interface the client uses when connecting. Maybe that's a silly question, but thanks for any reply! Best regards Konrad Heuer GWDG, Am Fassberg, 37077 Goettingen, Germany, [EMAIL PROTECTED] You can have only one default gateway, that should be to where all other traffic should go. Add static routes to your specific subnets, public or private for the routing of that traffic. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Multiple NICs routing question
Hello, I've a server box with four NICs addressing different subnets: NIC1: one class c subnet of same class b network NIC2: another class c subnet of same class b network NIC3: local unrouted network NIC4: local unrouted network In the current configuration I use a default gateway (and no routing daemon) in the subnet addressed by NIC1. Now of course, if a client in an arbitrary different class c subnet contacts the server using the ip address of NIC2, it gets a reply from NIC1. How can I cange this? I'd like the server to answer via the interface the client uses when connecting. Maybe that's a silly question, but thanks for any reply! Best regards Konrad Heuer GWDG, Am Fassberg, 37077 Goettingen, Germany, [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Multiple NICs routing question
I've a server box with four NICs addressing different subnets: NIC1: one class c subnet of same class b network NIC2: another class c subnet of same class b network NIC3: local unrouted network NIC4: local unrouted network In the current configuration I use a default gateway (and no routing daemon) in the subnet addressed by NIC1. Now of course, if a client in an arbitrary different class c subnet contacts the server using the ip address of NIC2, it gets a reply from NIC1. You should give more details about your configuration. If any client on the class B on NIC2 can contact your server, you must configure the NIC for the class B. The routing stack will take charge of excluding the class C on NIC1 from the class B on NIC2. It's very bad that the client that connects via the NIC2 has a subnet of class B and that the NIC2 is configured for class C only. If you configure: NIC1 192.168.1.1 255.255.255.0 NIC2 192.168.2.1 255.255.0.0 Client 192.168.127.23 255.255.0.0 it should work. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP alias/routing question
David Allen wrote: On Fri, Jul 25, 2008 at 10:12 AM, Matthew Seaman [EMAIL PROTECTED] wrote: Chris Pratt wrote: Carefully not answering the 'why do these packets come from the wrong address' question, Deliberately addressing the question of 'why do these packets come from the wrong address' question which Mr. Seaman avoided ...heh, heh heh. Good job with the wording guys. I smiled brightly when I went through this ;) Since I've replied but clipped out any further context, I'll add a bit... I agree with David in that this is purely a routing issue. What (IMHO) it comes down to is 'source address selection'. I've been more focused in this scope within IPv6, but it is apparently a problem as well with IPv4, in a different manner. Perhaps this will become more of an issue as more people get used to the understanding that having multiple addresses per interface is the design goal, not an alias workaround. At one point I was advised that there is the ability to use multiple route tables within -current. If the box is being designed for only one application, could you try the new implementation of routing as opposed to making the application fit? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
IP alias/routing question
This strikes me as a noob question but in 10 years of freebsd, I've never wrapped my brain around it and it seems to be causing me problems this time. I have many aliases on many servers. Some services listening on an alias address seem to return the packets out the alias address as shown in netstat -i in the Opkt column. Others seem to return packets back out the first address specified on the system. This has not bothered me before because it seems to work and I figured I was just confused on how netstat shows the In and Out packet counts. I assumed that local lan traffic would be listed on the appropriate line and anything headed out the WAN would go to default gateway thus appear on the line with the initial address. I've noticed it on ssh often, connect in on a second or third IP yet the packets show as going out through the first configured IP in netstat. I'm now setting up a bind server in which the third alias is the address for incoming DNS queries. It appears it's responding but even though the queries come in on the third alias, they go out through the primary address or more specifically, the packet count is incremented in the Opkts total for the IP address first attached to the interface via ifconfig (without an alias). My problem appears to be that the packets really are coming from the first IP as the source and are getting blocked by my firewall as they should (the first address is not supposed to be answering DNS queries). Am I conceptualizing what I'm seeing incorrectly and have a different config error, or is it true that some services respond with a different source IP other than the what they came in on if multiple aliases are specified on a single interface and wire. In other words, is the Opkt count on the IP irrelevant to the addressing of the packet? Please let me know if this should instead go to FreeBSD-Net. Supporting info: here is an example of the netstat, in this example, dns is listening on 192.168.0.18, the first interface ifconfig'd is 0.12. If I read it correctly, it goes out the default gateway which is somehow tied to the 0.12. This machine is not a gateway, has no FWDs in ipfw, and isn't running natd. $ netstat -i NameMtu Network Address Ipkts IerrsOpkts Oerrs Coll rl01500 Link#1 00:10:b5:76:ce:20 631 0 1 0 0 rl01500 192.168.252.0 192.168.252.11 0 - 0 - - rl11500 Link#2 00:14:2a:02:bd:6422628 0 7833 0 0 rl11500 192.168.0.0 192.168.0.12 11 - 7450 - - rl11500 192.168.0.11 192.168.0.11 1482 - 278 - - rl11500 192.168.0.18 192.168.0.18 1243 -0 - - ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP alias/routing question
Chris Pratt wrote: I'm now setting up a bind server in which the third alias is the address for incoming DNS queries. It appears it's responding but even though the queries come in on the third alias, they go out through the primary address or more specifically, the packet count is incremented in the Opkts total for the IP address first attached to the interface via ifconfig (without an alias). My problem appears to be that the packets really are coming from the first IP as the source and are getting blocked by my firewall as they should (the first address is not supposed to be answering DNS queries). Carefully not answering the 'why do these packets come from the wrong address' question, but just pointing out that BIND is actually rather more configurable in this respect than most software. You can control what IPs BIND will communicate on for various purposes using the following statements in the options { } section of named.conf: listen-on { 127.0.0.1; 12.34.56.78; }; listen-on-v6 { ::1; 1234:5678:9abc:def0::1; }; query-source address 12.34.56.78 port *; query-source-v6address 1234:5678:9abc:def0::1 port *; transfer-source12.34.56.78 port *; transfer-source-v6 1234:5678:9abc:def0::1 port *; notify-source 812.34.56.78 port *; notify-source-v6 1234:5678:9abc:def0::1 port *; Note the 'port *' stuff -- due to the recent security problem with the DNS protocol publicised by Dan Kaminsky, it is imperative that the /source/ port on DNS traffic is allowed to be randomised. See http://www.kb.cert.org/vuls/id/800113 http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc and make sure you install a patched version of BIND. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: IP alias/routing question
On Jul 25, 2008, at 10:12 AM, Matthew Seaman wrote: Chris Pratt wrote: I'm now setting up a bind server in which the third alias is the address for incoming DNS queries. It appears it's responding but even though the queries come in on the third alias, they go out through the primary address or more specifically, the packet count is incremented in the Opkts total for the IP address first attached to the interface via ifconfig (without an alias). My problem appears to be that the packets really are coming from the first IP as the source and are getting blocked by my firewall as they should (the first address is not supposed to be answering DNS queries). Carefully not answering the 'why do these packets come from the wrong address' question, but just pointing out that BIND is actually rather more configurable in this respect than most software. You can control what IPs BIND will communicate on for various purposes using the following statements in the options { } section of named.conf: listen-on { 127.0.0.1; 12.34.56.78; }; listen-on-v6 { ::1; 1234:5678:9abc:def0::1; }; query-source address 12.34.56.78 port *; query-source-v6address 1234:5678:9abc:def0::1 port *; transfer-source12.34.56.78 port *; transfer-source-v6 1234:5678:9abc:def0::1 port *; notify-source 812.34.56.78 port *; notify-source-v6 1234:5678:9abc:def0::1 port *; I am not using those latter three but only the listen-on. I will experiment. I am still curious if what I see with bind, ssh and some others is actually returning on the first address or if netstat just makes it look that way because of the default gateway. Note the 'port *' stuff -- due to the recent security problem with the DNS protocol publicised by Dan Kaminsky, it is imperative that the /source/ port on DNS traffic is allowed to be randomised. See This is good to know. I assumed going to the current patched cvs was enough. Thank you very much. http://www.kb.cert.org/vuls/id/800113 http://security.freebsd.org/ advisories/FreeBSD-SA-08:06.bind.asc and make sure you install a patched version of BIND. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP alias/routing question
On Fri, Jul 25, 2008 at 10:12 AM, Matthew Seaman [EMAIL PROTECTED] wrote: Chris Pratt wrote: I'm now setting up a bind server in which the third alias is the address for incoming DNS queries. It appears it's responding but even though the queries come in on the third alias, they go out through the primary address or more specifically, the packet count is incremented in the Opkts total for the IP address first attached to the interface via ifconfig (without an alias). My problem appears to be that the packets really are coming from the first IP as the source and are getting blocked by my firewall as they should (the first address is not supposed to be answering DNS queries). Carefully not answering the 'why do these packets come from the wrong address' question, but just pointing out that BIND is actually rather more configurable in this respect than most software. Deliberately addressing the question of 'why do these packets come from the wrong address' question which Mr. Seaman avoided (hello again, Mathew!), I'll add my two cents. Run netstat -rnfinet and examine what's in the 'Netif' column. If there was some inter-host traffic, you'll see a host entry for each of your aliases with a value of 'lo0'. Correlate all the entries in the routing table and you'll be able to determine what exits where. I'm not sure why this question doesn't come up more frequently as it can be problematic, especially in regards to jails (which are implemented using IP aliasing). I started a discussion some weeks ago on the subject that you may find interesting. To recap briefly, if a jail host sends traffic to a jail, the traffic will transit the lo0 interface, exit the jail's interface using the jail's IP address, and connect to the jail on its IP address. The end result? Traffic with identical source and destination IP addresses! Using your numbers, if named was running in a jail (192.168.0.18) and a query was made on the host (192.168.0.12), instead of seeing 192.168.0.12.3450 - 192.168.0.18.53 192.168.0.18.53 - 192.168.0.12.3450 you'd see the following on lo0: 192.168.0.18.3450 - 192.168.0.18.53 192.168.0.18.53 - 192.168.0.18.3450 You're not using jails, but what I'm describing isn't a jail issue, or a general IP aliasing issue, but a routing issue. Modifying the routing table is, of course, possible. But the results, I've found, are less than satisfactory. If you force traffic out an actual interface, the return traffic will probably still have to occur over loopback and you're back to where you started, but with some new problems. Note also that the above seems to apply irrespective of the number of network cards or networks. Tthe moral of the story? Configure named appropriately, and don't ask any more questions. ;-) On the other hand, if you insist on thinking immoral thoughts as I do, and find a more thorough explanation of any of the above, please do let me know. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP alias/routing question
On Jul 25, 2008, at 4:05 PM, David Allen wrote: On Fri, Jul 25, 2008 at 10:12 AM, Matthew Seaman [EMAIL PROTECTED] wrote: Chris Pratt wrote: I'm now setting up a bind server in which the third alias is the address for incoming DNS queries. It appears it's responding but even though the queries come in on the third alias, they go out through the primary address or more specifically, the packet count is incremented in the Opkts total for the IP address first attached to the interface via ifconfig (without an alias). My problem appears to be that the packets really are coming from the first IP as the source and are getting blocked by my firewall as they should (the first address is not supposed to be answering DNS queries). Carefully not answering the 'why do these packets come from the wrong address' question, but just pointing out that BIND is actually rather more configurable in this respect than most software. Deliberately addressing the question of 'why do these packets come from the wrong address' question which Mr. Seaman avoided (hello again, Mathew!), I'll add my two cents. Run netstat -rnfinet and examine what's in the 'Netif' column. If there was some inter-host traffic, you'll see a host entry for each of your aliases with a value of 'lo0'. Correlate all the entries in the routing table and you'll be able to determine what exits where. I'm not sure why this question doesn't come up more frequently as it can be problematic, especially in regards to jails (which are implemented using IP aliasing). I started a discussion some weeks ago on the subject that you may find interesting. To recap briefly, if a jail host sends traffic to a jail, the traffic will transit the lo0 interface, exit the jail's interface using the jail's IP address, and connect to the jail on its IP address. The end result? Traffic with identical source and destination IP addresses! Using your numbers, if named was running in a jail (192.168.0.18) and a query was made on the host (192.168.0.12), instead of seeing 192.168.0.12.3450 - 192.168.0.18.53 192.168.0.18.53 - 192.168.0.12.3450 you'd see the following on lo0: 192.168.0.18.3450 - 192.168.0.18.53 192.168.0.18.53 - 192.168.0.18.3450 You're not using jails, but what I'm describing isn't a jail issue, or a general IP aliasing issue, but a routing issue. Modifying the routing table is, of course, possible. But the results, I've found, are less than satisfactory. If you force traffic out an actual interface, the return traffic will probably still have to occur over loopback and you're back to where you started, but with some new problems. Note also that the above seems to apply irrespective of the number of network cards or networks. Tthe moral of the story? Configure named appropriately, and don't ask any more questions. ;-) On the other hand, if you insist on thinking immoral thoughts as I do, and find a more thorough explanation of any of the above, please do let me know. Thanks for the very detailed explanation. I'm hot on the named configuration so that should quiet the questions. But ;-), how about the multiple route table implementation recently introduced in HEAD. Perhaps there is a solution there in the future! I stay with the current RELEASE so I haven't even researched, just watched the talk. Thanks again to both you and Matthew, Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: routing question
Laszlo Nagy írta: - ping from pc on 0.0 network to 192.168.2.138 Well, I cannot do this from here. Those computers are X terminals, they do not run inetd nor sshd. I cannot login from here and I cannot leave now, but I can do it later if necessary. - sysctl -a net.inet.ip.forwarding (on the GatewayComp) cassiopeia# sysctl -a net.inet.ip.forwarding net.inet.ip.forwarding: 1 cassiopeia# I can answer the missed question in about an hour. I'm sorry, not today. I'll try tomorrow. I did it. It was not working: could not ping 192.168.2.138 from 192.168.0.114. Then I added a static route -net 192.168.2.0 192.168.0.1 255.255.255.0 and it started to work. But here is something I still do not understand. The given gateway 192.168.0.1 was already the default gateway. Why do I need to add another gateway to the routing table to make it work? I have similar installations and specifing one default gateway did the work so far. Thanks, Laszlo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
routing question
Hi, I have this configuration: Internet - [Hw Router] (LAN1: 192.168.2.0/24) - [ 192.168.2.138 GatewayComp 192.168.0.1 ] -- (LAN2: 192.168.0.0/24) I would like to access a computer from LAN1 to LAN2. LAN1 machine is: FreeBSD office1adsl.dyndns.org 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 office1adsl# ifconfig fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=8VLAN_MTU inet 192.168.2.114 netmask 0xff00 broadcast 192.168.2.255 ether 00:50:8b:f7:30:24 media: Ethernet autoselect (100baseTX full-duplex) status: active plip0: flags=108810POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 office1adsl# netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.2.1UGS 0 1262107 fxp0 127.0.0.1 127.0.0.1 UH 0 127122lo0 192.168.0 192.168.2.138 UGS 04 fxp0 192.168.2 link#1 UC 00 fxp0 192.168.2.100:13:f7:26:42:69 UHLW2 108 fxp0 1188 192.168.2.138 00:50:fc:8c:f6:62 UHLW2 1469 fxp0143 192.168.2.255 ff:ff:ff:ff:ff:ff UHLWb 110044 fxp0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UHL lo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#3 UHL lo0 ff01:3::/32 fe80::1%lo0 UC lo0 ff02::%lo0/32 fe80::1%lo0 UC lo0 office1adsl# ipfw show ipfw: getsockopt(IP_FW_GET): Protocol not available GatewayComp machine is: cassiopeia# uname -a FreeBSD cassiopeia.ronet 6.2-RELEASE-p7 FreeBSD 6.2-RELEASE-p7 #5: Wed Aug 29 14:18:01 EDT 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/CASSIOPEIA i386 cassiopeia# ifconfig myk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=2bRXCSUM,TXCSUM,VLAN_MTU,JUMBO_MTU inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255 ether 00:17:31:c3:d2:fe media: Ethernet autoselect (1000baseTX full-duplex) status: active rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=8VLAN_MTU inet 192.168.2.138 netmask 0xff00 broadcast 192.168.2.255 ether 00:50:fc:8c:f6:62 media: Ethernet autoselect (100baseTX full-duplex) status: active lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 cassiopeia# netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.2.1UGS 016241rl0 127.0.0.1 127.0.0.1 UH 0 4600lo0 192.168.0 link#1 UC 00 myk0 192.168.0.121 00:02:a5:23:f3:d0 UHLW1 153132 myk0121 192.168.0.126 00:02:a5:e5:19:39 UHLW194435 myk0581 192.168.0.128 00:02:a5:c8:65:f8 UHLW1 230797 myk0130 192.168.0.130 00:02:a5:e0:e1:9c UHLW1 124633 myk0306 192.168.0.131 00:02:a5:e0:c8:f4 UHLW1 258495 myk0165 192.168.0.132 00:02:a5:08:76:85 UHLW1 161701 myk0957 192.168.2 link#2 UC 00rl0 192.168.2.100:13:f7:26:42:69 UHLW2 30rl0 1127 192.168.2.114 00:50:8b:f7:30:24 UHLW2 1876rl0 72 192.168.2.138 00:50:fc:8c:f6:62 UHLW1 70lo0 cassiopeia# grep gateway /etc/rc.conf gateway_enable=YES cassiopeia# ipfw show 1 29588 12691049 allow ip from any to any 2 0 0 allow udp from any to any 3 0 0 allow tcp from any to any 001009512 297448 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 2172178 1136712828 allow ip from any to any 65535 1330 deny ip from any to any cassiopeia# Now, here is what I try from LAN1 machine: office1adsl# ping 192.168.0.132 PING 192.168.0.132 (192.168.0.132): 56 data bytes ^C --- 192.168.0.132 ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss office1adsl# telnet 192.168.0.132 5900 Trying 192.168.0.132... ^C The same from the GatewayComp machine: cassiopeia# ping 192.168.0.132 PING 192.168.0.132
Re: routing question
Internet - [Hw Router] (LAN1: 192.168.2.0/24) - [ 192.168.2.138 GatewayComp 192.168.0.1 ] -- (LAN2: 192.168.0.0/24) I would like to access a computer from LAN1 to LAN2. Perform the following and post the results of: - ping from GatewayComp to pc on 0.0 network and a pc on 2.0 network - ping from pc on 2.0 network to 192.168.0.1 - ping from pc on 0.0 network to 192.168.2.138 - sysctl -a net.inet.ip.forwarding (on the GatewayComp) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: routing question
Steve Bertrand wrote: Internet - [Hw Router] (LAN1: 192.168.2.0/24) - [ 192.168.2.138 GatewayComp 192.168.0.1 ] -- (LAN2: 192.168.0.0/24) I would like to access a computer from LAN1 to LAN2. Perform the following and post the results of: - ping from GatewayComp to pc on 0.0 network and a pc on 2.0 network cassiopeia# ping 192.168.2.114 PING 192.168.2.114 (192.168.2.114): 56 data bytes 64 bytes from 192.168.2.114: icmp_seq=0 ttl=64 time=0.171 ms 64 bytes from 192.168.2.114: icmp_seq=1 ttl=64 time=0.184 ms 64 bytes from 192.168.2.114: icmp_seq=2 ttl=64 time=0.229 ms ^C --- 192.168.2.114 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.171/0.195/0.229/0.025 ms cassiopeia# ping 192.168.0.132 PING 192.168.0.132 (192.168.0.132): 56 data bytes 64 bytes from 192.168.0.132: icmp_seq=0 ttl=64 time=0.260 ms 64 bytes from 192.168.0.132: icmp_seq=1 ttl=64 time=0.235 ms 64 bytes from 192.168.0.132: icmp_seq=2 ttl=64 time=0.133 ms ^C --- 192.168.0.132 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.133/0.209/0.260/0.055 ms cassiopeia# - ping from pc on 2.0 network to 192.168.0.1 office1adsl# ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1): 56 data bytes 64 bytes from 192.168.0.1: icmp_seq=0 ttl=64 time=0.270 ms 64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=0.456 ms 64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=0.178 ms ^C --- 192.168.0.1 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.178/0.301/0.456/0.116 ms - ping from pc on 0.0 network to 192.168.2.138 Well, I cannot do this from here. Those computers are X terminals, they do not run inetd nor sshd. I cannot login from here and I cannot leave now, but I can do it later if necessary. - sysctl -a net.inet.ip.forwarding (on the GatewayComp) cassiopeia# sysctl -a net.inet.ip.forwarding net.inet.ip.forwarding: 1 cassiopeia# I can answer the missed question in about an hour. Thanks, Laszlo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: routing question
- ping from pc on 0.0 network to 192.168.2.138 Well, I cannot do this from here. Those computers are X terminals, they do not run inetd nor sshd. I cannot login from here and I cannot leave now, but I can do it later if necessary. - sysctl -a net.inet.ip.forwarding (on the GatewayComp) cassiopeia# sysctl -a net.inet.ip.forwarding net.inet.ip.forwarding: 1 cassiopeia# I can answer the missed question in about an hour. I'm sorry, not today. I'll try tomorrow. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: quick pf source-based routing question
Eric Crist wrote: Hey, We have a problem here at the office that I'd like to solve with pf and source-based routing. How would I write a rule with pf to route any traffic from 10.1.1.1 across a specific interface? Perhaps some permutation of the following? pass in on $int_if route-to { ($ext1_if $ext1_gw) } round-robin from $int_net to $ext1_net keep state Where *_if is the interface name, *_gw is the gateway address, and *_net is the subnet/mask of that interface. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net [EMAIL PROTECTED] Furry Peace! - http://.fur.com/peace/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
quick pf source-based routing question
Hey, We have a problem here at the office that I'd like to solve with pf and source-based routing. How would I write a rule with pf to route any traffic from 10.1.1.1 across a specific interface? Thanks! - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Routing Question
On Tuesday 12 December 2006 09:49, Bret J. Esquivel wrote: Hi, I have a cable modem at my office with a /28 allocated. I have a FreeBSD 6.1 firewall/router in between the cable modem and the switch to other nodes. My question is how could I add static routes to say my web server having an external IP address but still going through the firewall box? NAT is not an option. INET (70.164.48.225/28) - [xl0] Firewall (70.164.48.226) [xl1] - [xl0] Web server (70.164.48.227) You can bridge xl0 and xl1. Then you'll use one address e.g. 70.164.48.225/28 on you xl0 and that will be reachable from your lan too. xl1 doesn't have to have an IP address. Check man if_bridge. But is this the topology? in many cases there is a PPP interface which connects you to the world, a WAN interface. And there is a network routed through this. Something like this: W AN L A N (a.b.c.d/32) - (a.b.c.e/32 router d.e.f.a/28) - (d.e.f.b/28 other boxes) Hope this help, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Routing Question
Hi, I have a cable modem at my office with a /28 allocated. I have a FreeBSD 6.1 firewall/router in between the cable modem and the switch to other nodes. My question is how could I add static routes to say my web server having an external IP address but still going through the firewall box? NAT is not an option. INET (70.164.48.225/28) - [xl0] Firewall (70.164.48.226) [xl1] - [xl0] Web server (70.164.48.227) Thanks in advance. Bret ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Routing Question
Bret J Esquivel wrote: Hi, I have a cable modem at my office with a /28 allocated. I have a FreeBSD 6.1 firewall/router in between the cable modem and the switch to other nodes. My question is how could I add static routes to say my web server having an external IP address but still going through the firewall box? NAT is not an option. INET (70.164.48.225/28) - [xl0] Firewall (70.164.48.226) [xl1] - [xl0] Web server (70.164.48.227) Only really one choice if you really don't want NAT (i've run web servers with a static nat many times though so i wouldn't rule it out if i were you) Routing wouldn't work in this scenario as you dont have enough control, you would have to bridge the interfaces on your firewall. man if_bridge. Bridging xl0 and xl1 on your firewall will make it act like a 2 port hub, but pf ,ipfw and ipf can still filter packets going across it. Personally in this situation i'd just add the IPs to the freebsd box and set static NATs up for anything that needs to be externally visible but a bridging firewall should work too. Vince Thanks in advance. Bret ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Routing Question
In response to Bret J Esquivel [EMAIL PROTECTED]: I have a cable modem at my office with a /28 allocated. I have a FreeBSD 6.1 firewall/router in between the cable modem and the switch to other nodes. My question is how could I add static routes to say my web server having an external IP address but still going through the firewall box? NAT is not an option. INET (70.164.48.225/28) - [xl0] Firewall (70.164.48.226) [xl1] - [xl0] Web server (70.164.48.227) I could have swore that someone else recommended bridging, so I won't bother to bring it up. The other option is to set that system up as a router, and build a proper routing table. Your ISP will need to be involved so they know to route traffic to your subnet through your gateway system. You need to enable forwarding in /etc/rc.conf. Then you'll need to subnet your range properly. Something like: 70.164.48.225/29 - external 70.164.48.241/29 - internal Then set your external interface on the router to 70.164.48.226 and the internal interface to 70.164.48.242. They you can use 70.164.48.243 - 249 on the inside. Configuring the FreeBSD machine as a bridging firewall will simplify the process, however, and is the approach I would recommend. -- Bill Moran Collaborative Fusion Inc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Routing Question
Hi, I have a cable modem at my office with a /28 allocated. I have a FreeBSD 6.1 firewall/router in between the cable modem and the switch to other nodes. My question is how could I add static routes to say my web server having an external IP address but still going through the firewall box? NAT is not an option. INET (70.164.48.225/28) - [xl0] Firewall (70.164.48.226) [xl1] - [xl0] Web server (70.164.48.227) Thanks in advance. Bret ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP Routing Question
Well, the solution ended up just setting up the rule for the subnet, not the host... route add aaa.bbb.ccc.200/29 aaa.bbb.ccc.200 -interface Had to move some IP addresses, but at least the traffic is going to the right ethernet controller now. Thanks for the help! - Original Message - From: Drew Tomlinson [EMAIL PROTECTED] To: Steve Douville [EMAIL PROTECTED] Cc: FreeBSD Questions freebsd-questions@freebsd.org Sent: Tuesday, February 14, 2006 2:57 PM Subject: Re: IP Routing Question On 2/14/2006 11:43 AM Steve Douville wrote: By default, it sets the netif to em0 OK, then what about 'route add -host aaa.bbb.ccc.209 aaa.bbb.ccc.200'? And if that doesn't work, can I please see 'netstat -rn'? You can obfuscate the IPs if you wish. Cheers, Drew - Original Message - From: Drew Tomlinson [EMAIL PROTECTED] To: Steve Douville [EMAIL PROTECTED] Cc: FreeBSD Questions freebsd-questions@freebsd.org Sent: Tuesday, February 14, 2006 2:40 PM Subject: Re: IP Routing Question On 2/14/2006 11:17 AM Steve Douville wrote: Weird stuff... route add -host aaa.bbb.ccc.209 aaa.bbb.ccc.196 -ifp em1 What happens if you leave off the -ifp em1? Cheers, Drew doesn't work even if i've already set aaa.bbb.ccc.196 link#2 em1 The only way things work well is if the gateway is set to link#2. The only way I can set it to link#2 is if the address was accessed, unsuccessfully, creating a record with link#1 as the gateway and then issuing a route change command to move it to link#2. it'd be much easier if i could just type route add -host aaa.bbb.ccc.xxx link#2 -ifp em1 but it doesn't recognize link#2 as a valid address, even though it uses it in the table by default!! Haven't tried the ipfilter yet. Maybe i'll give that a whirl, too. - Original Message - From: Drew Tomlinson [EMAIL PROTECTED] To: Steve Douville [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Tuesday, February 14, 2006 1:45 PM Subject: Re: IP Routing Question What happens with a simple 'route add certain ip address aaa.bbb.ccc.196? Or am I misinterpreting what you wish to achieve? HTH, Drew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
IP Routing Question
I'm trying to set up the routing table to force requests to certain IP addresses to use a particular ethernet card. I've used the route command in a number of ways, but still can't come up with how to force to use em1 instead of em0, with the right gateway. em0 is aaa.bbb.ccc.207 em1 is aaa.bbb.ccc.200 Both have netmask of 255.255.255.0 em0 goes to the main port, gateway aaa.bbb.ccc.195. em1 goes to a switch, which is aaa.bbb.ccc.196, the gateway to other ip's on the switch. What I want to end up with is: aaa.bbb.ccc.196link#2em1 aaa.bbb.ccc.209link#2em1 I've tried lots of combinations, using the -ifp flag to force em1, but the only way I can get the gateway to say link#2 is to ping the ip first, whereas it gets put in the table even though it's not found, and then doing a route change. I need some way to put this in rc.local so that it's set up when booted. Any ideas? Let me know if more info is needed. TIA, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP Routing Question
Hi, You can try using ipf filter to impose source-policy routing: cat ipf.example pass in quick on em1 to em1:192.168.1.2 from 10.1.0.0/16 to a.b.c.d/32 ^d ipf -f ipf.example This way you will re-route all packets coming from source 10.1/16 to destination a.b.c.d to go to address 192.168.1.2 not to a.b.c.d Note that you have to rebuild your kernel in order to have options IPFILTER enabled. Regards, gg. I'm trying to set up the routing table to force requests to certain IP addresses to use a particular ethernet card. I've used the route command in a number of ways, but still can't come up with how to force to use em1 instead of em0, with the right gateway. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: IP Routing Question
You are not correct in that last statement. ipfilter does not have to be compiled into kernel to work. You should read the handbook ipfilter firewall section where it clearly states that is not necessary and tells you how to do it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Goran Gajic Sent: Tuesday, February 14, 2006 9:44 AM To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Subject: Re: IP Routing Question Hi, You can try using ipf filter to impose source-policy routing: cat ipf.example pass in quick on em1 to em1:192.168.1.2 from 10.1.0.0/16 to a.b.c.d/32 ^d ipf -f ipf.example This way you will re-route all packets coming from source 10.1/16 to destination a.b.c.d to go to address 192.168.1.2 not to a.b.c.d Note that you have to rebuild your kernel in order to have options IPFILTER enabled. Regards, gg. I'm trying to set up the routing table to force requests to certain IP addresses to use a particular ethernet card. I've used the route command in a number of ways, but still can't come up with how to force to use em1 instead of em0, with the right gateway. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP Routing Question
On 2/14/2006 5:44 AM Steve Douville wrote: I'm trying to set up the routing table to force requests to certain IP addresses to use a particular ethernet card. I've used the route command in a number of ways, but still can't come up with how to force to use em1 instead of em0, with the right gateway. em0 is aaa.bbb.ccc.207 em1 is aaa.bbb.ccc.200 Both have netmask of 255.255.255.0 em0 goes to the main port, gateway aaa.bbb.ccc.195. em1 goes to a switch, which is aaa.bbb.ccc.196, the gateway to other ip's on the switch. What I want to end up with is: aaa.bbb.ccc.196link#2em1 aaa.bbb.ccc.209link#2em1 I've tried lots of combinations, using the -ifp flag to force em1, but the only way I can get the gateway to say link#2 is to ping the ip first, whereas it gets put in the table even though it's not found, and then doing a route change. I need some way to put this in rc.local so that it's set up when booted. What happens with a simple 'route add certain ip address aaa.bbb.ccc.196? Or am I misinterpreting what you wish to achieve? HTH, Drew -- Visit The Alchemist's Warehouse Magic Tricks, DVDs, Videos, Books, More! http://www.alchemistswarehouse.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP Routing Question
On 2/14/2006 11:17 AM Steve Douville wrote: Weird stuff... route add -host aaa.bbb.ccc.209 aaa.bbb.ccc.196 -ifp em1 What happens if you leave off the -ifp em1? Cheers, Drew doesn't work even if i've already set aaa.bbb.ccc.196 link#2 em1 The only way things work well is if the gateway is set to link#2. The only way I can set it to link#2 is if the address was accessed, unsuccessfully, creating a record with link#1 as the gateway and then issuing a route change command to move it to link#2. it'd be much easier if i could just type route add -host aaa.bbb.ccc.xxx link#2 -ifp em1 but it doesn't recognize link#2 as a valid address, even though it uses it in the table by default!! Haven't tried the ipfilter yet. Maybe i'll give that a whirl, too. - Original Message - From: Drew Tomlinson [EMAIL PROTECTED] To: Steve Douville [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Tuesday, February 14, 2006 1:45 PM Subject: Re: IP Routing Question What happens with a simple 'route add certain ip address aaa.bbb.ccc.196? Or am I misinterpreting what you wish to achieve? HTH, Drew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP Routing Question
By default, it sets the netif to em0 - Original Message - From: Drew Tomlinson [EMAIL PROTECTED] To: Steve Douville [EMAIL PROTECTED] Cc: FreeBSD Questions freebsd-questions@freebsd.org Sent: Tuesday, February 14, 2006 2:40 PM Subject: Re: IP Routing Question On 2/14/2006 11:17 AM Steve Douville wrote: Weird stuff... route add -host aaa.bbb.ccc.209 aaa.bbb.ccc.196 -ifp em1 What happens if you leave off the -ifp em1? Cheers, Drew doesn't work even if i've already set aaa.bbb.ccc.196 link#2 em1 The only way things work well is if the gateway is set to link#2. The only way I can set it to link#2 is if the address was accessed, unsuccessfully, creating a record with link#1 as the gateway and then issuing a route change command to move it to link#2. it'd be much easier if i could just type route add -host aaa.bbb.ccc.xxx link#2 -ifp em1 but it doesn't recognize link#2 as a valid address, even though it uses it in the table by default!! Haven't tried the ipfilter yet. Maybe i'll give that a whirl, too. - Original Message - From: Drew Tomlinson [EMAIL PROTECTED] To: Steve Douville [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Tuesday, February 14, 2006 1:45 PM Subject: Re: IP Routing Question What happens with a simple 'route add certain ip address aaa.bbb.ccc.196? Or am I misinterpreting what you wish to achieve? HTH, Drew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP Routing Question
On 2/14/2006 11:43 AM Steve Douville wrote: By default, it sets the netif to em0 OK, then what about 'route add -host aaa.bbb.ccc.209 aaa.bbb.ccc.200'? And if that doesn't work, can I please see 'netstat -rn'? You can obfuscate the IPs if you wish. Cheers, Drew - Original Message - From: Drew Tomlinson [EMAIL PROTECTED] To: Steve Douville [EMAIL PROTECTED] Cc: FreeBSD Questions freebsd-questions@freebsd.org Sent: Tuesday, February 14, 2006 2:40 PM Subject: Re: IP Routing Question On 2/14/2006 11:17 AM Steve Douville wrote: Weird stuff... route add -host aaa.bbb.ccc.209 aaa.bbb.ccc.196 -ifp em1 What happens if you leave off the -ifp em1? Cheers, Drew doesn't work even if i've already set aaa.bbb.ccc.196 link#2 em1 The only way things work well is if the gateway is set to link#2. The only way I can set it to link#2 is if the address was accessed, unsuccessfully, creating a record with link#1 as the gateway and then issuing a route change command to move it to link#2. it'd be much easier if i could just type route add -host aaa.bbb.ccc.xxx link#2 -ifp em1 but it doesn't recognize link#2 as a valid address, even though it uses it in the table by default!! Haven't tried the ipfilter yet. Maybe i'll give that a whirl, too. - Original Message - From: Drew Tomlinson [EMAIL PROTECTED] To: Steve Douville [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Tuesday, February 14, 2006 1:45 PM Subject: Re: IP Routing Question What happens with a simple 'route add certain ip address aaa.bbb.ccc.196? Or am I misinterpreting what you wish to achieve? HTH, Drew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP Routing Question
--On Tuesday, February 14, 2006 11:40:45 -0800 Drew Tomlinson [EMAIL PROTECTED] wrote: On 2/14/2006 11:17 AM Steve Douville wrote: Weird stuff... route add -host aaa.bbb.ccc.209 aaa.bbb.ccc.196 -ifp em1 Shouldn't this be: route add -host aaa.bbb.ccc.ddd aaa.bbb.ccc.209 Where aaa.bbb.ccc.ddd is not the other gateway (aaa.bbb.ccc.196) I.e, aaa.bbb.ccc.ddd should be an address on the switch aaa.bbb.ccc.209 Maybe even adding ' -interface ' at the end of the command. [man route] jw What happens if you leave off the -ifp em1? Cheers, Drew pgpQYBrxCeXFx.pgp Description: PGP signature
Re: IP Routing Question
196 is the switch... 209 is a port on the switch - Original Message - From: John Webster [EMAIL PROTECTED] To: Drew Tomlinson [EMAIL PROTECTED] Cc: Steve Douville [EMAIL PROTECTED]; FreeBSD Questions freebsd-questions@freebsd.org Sent: Tuesday, February 14, 2006 4:08 PM Subject: Re: IP Routing Question ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: default routing question ZIPB ADSL PPPoA
On 24 Oct 2005 09:22:34 -0400, Lowell Gilbert [EMAIL PROTECTED] wrote: Ahnjoan Amous [EMAIL PROTECTED] writes: The short : I believe the problem I am having is due to routing. A DHCP server sends me IP A.B.C.D with a default route of A.B.C.D. dhclient isn't handling this well and I don't know how to fix it. Windows as well as Linux DHCP clients do not have a problem with this and I am at my wits end trying to figure out what combination of route commands will fix my issue. The long : I have a CellPipe ADSL router/bridge from Lucent. This device is provided by our ISP. I am exploring the ZIPB functionality of the device to allow my FreeBSD host to own the public IP. The basics of the configuration for those unfamiliar is as follows. PPPoA is established by the device and the the (public) IP acquired through the previous process is delivered to a host behind that CellPipe via DHCP. After DHCP the device acts as a bridge, allowing the internal device to use the public IP as its own. I'm sure this description is vague but I don't know any other way to explain. Info : After dhclient acquires its info the ethernet interface looks like this ifconfig ethernet interface √ inet A.B.C.D netmask 255.255.255.255 http://255.255.255.255http://255.255.255.255/ When I connect a windows or Linux host they seem to treat the interface as the default route and work as expected. With FreeBSD I have tried removing all routes for the device after assignment, and then adding default route based on -interface flag for route command. I have also tried opening up the netmask on the ethernet interface and adding a default route destined for what I know the PPPoA connections end point is. Nothing I have tried seems to work. I don't consider myself an expert by any means but this is clearly beyond my knowledge. I'm happy to provide any information you need it you have an idea. Sounds like it's really an unnumbered interface. Did you try the -iface option to route(8)? Lowell - The -iface option worked for me. In the short term I have mutilated the dhclient-script and manually added the -iface option to each route default line. Not at all pretty but works for now. Thank you again for the help, it is much appreciated. Ahnjoan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
Jason Morgan [EMAIL PROTECTED] wrote: I am setting up a wireless subnet and, while the gateway (FreeBSD system) is communicating fine with the wireless router, my other subnet is not able to connect to the wireless router. Here is a diagram of my network, I think it's fairly typical. Wired Subnet (10.0.0.x) / / Internet -- FreeBSD Machine \ \ Wireless Subnet (192.168.1.x) The 'wired' interface on the FreeBSD machine has an IP of 10.0.0.1, with the 'wireless' IP being 192.168.1.1. Now, the FreeBSD machine and the wireless router (192.168.1.2) communicate fine as does the wired subnet; however, I am not able to connect from a 10.0.0.x client to the wireless router. After running traceroute, etc, it seems that the FreeBSD machine is simply not routing the data from one subnet to the other. I've verified that it's not the firewall blocking packets. How do I get these subnets to communicate? Did you put gateway_enable=YES in rc.conf? Did you read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html? Fabian -- http://www.fabiankeil.de/ pgpKy9iNTkdy8.pgp Description: PGP signature
RE: Quick Routing Question
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fabian Keil Sent: Tuesday, November 01, 2005 5:58 AM To: Jason Morgan Cc: FreeBSD Questions Subject: Re: Quick Routing Question Jason Morgan [EMAIL PROTECTED] wrote: I am setting up a wireless subnet and, while the gateway (FreeBSD system) is communicating fine with the wireless router, my other subnet is not able to connect to the wireless router. Here is a diagram of my network, I think it's fairly typical. Wired Subnet (10.0.0.x) / / Internet -- FreeBSD Machine \ \ Wireless Subnet (192.168.1.x) The 'wired' interface on the FreeBSD machine has an IP of 10.0.0.1, with the 'wireless' IP being 192.168.1.1. Now, the FreeBSD machine and the wireless router (192.168.1.2) communicate fine as does the wired subnet; however, I am not able to connect from a 10.0.0.x client to the wireless router. After running traceroute, etc, it seems that the FreeBSD machine is simply not routing the data from one subnet to the other. I've verified that it's not the firewall blocking packets. How do I get these subnets to communicate? Did you put gateway_enable=YES in rc.conf? Did you read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/net work-routing.html? Also, what does: # netstat -rn ...output? Steve Fabian -- http://www.fabiankeil.de/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Tue, Nov 01, 2005 at 09:03:11AM -0500, Steve Bertrand wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fabian Keil Sent: Tuesday, November 01, 2005 5:58 AM To: Jason Morgan Cc: FreeBSD Questions Subject: Re: Quick Routing Question Jason Morgan [EMAIL PROTECTED] wrote: I am setting up a wireless subnet and, while the gateway (FreeBSD system) is communicating fine with the wireless router, my other subnet is not able to connect to the wireless router. Here is a diagram of my network, I think it's fairly typical. Wired Subnet (10.0.0.x) / / Internet -- FreeBSD Machine \ \ Wireless Subnet (192.168.1.x) The 'wired' interface on the FreeBSD machine has an IP of 10.0.0.1, with the 'wireless' IP being 192.168.1.1. Now, the FreeBSD machine and the wireless router (192.168.1.2) communicate fine as does the wired subnet; however, I am not able to connect from a 10.0.0.x client to the wireless router. After running traceroute, etc, it seems that the FreeBSD machine is simply not routing the data from one subnet to the other. I've verified that it's not the firewall blocking packets. How do I get these subnets to communicate? Did you put gateway_enable=YES in rc.conf? Did you read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/net work-routing.html? Yes, the FreeBSD machine has been acting as a router/gateway/firewall for the wired network for quite some time. I did look at the handbook, that's usually my first stop. Also, what does: # netstat -rn ...output? # netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default70.183.13.193 UGS 024701xl0 10/24 link#3 UC 00 fxp0 10.0.0.1 00:d0:b7:44:f9:c6 UHLW0 903lo0 10.0.0.2 00:50:8d:e5:a5:41 UHLW0 322468 fxp0572 10.0.0.4 00:e0:98:04:01:f6 UHLW0 1131 fxp0 1140 70.183.13.192/26 link#2 UC 00xl0 70.183.13.193 00:13:5f:00:f0:ee UHLW10xl0 1188 70.183.13.213 00:50:04:cf:52:8a UHLW0 18lo0 127.0.0.1 127.0.0.1 UH 00lo0 192.168.1 link#1 UC 00dc0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%dc0/64 link#1 UC dc0 fe80::204:5aff:fe42:5084%dc0 00:04:5a:42:50:84UHLlo0 fe80::%xl0/64 link#2 UC xl0 fe80::250:4ff:fecf:528a%xl0 00:50:04:cf:52:8aUHLlo0 fe80::%fxp0/64link#3 UC fxp0 fe80::2d0:b7ff:fe44:f9c6%fxp0 00:d0:b7:44:f9:c6UHLlo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#4 UHLlo0 ff01::/32 ::1 U lo0 ff02::%dc0/32 link#1 UC dc0 ff02::%xl0/32 link#2 UC xl0 ff02::%fxp0/32link#3 UC fxp0 ff02::%lo0/32 ::1 UC lo0 Also, made one small error in my initial post. The wireless router has IP 192.168.1.1 and the server's 'wireless' interface is 192.168.1.2 (going to switch these as soon as I get access to the wireless router settings). I've tried setting static routes between various interfaces on the FreeBSD machine, it hasn't worked, but I may be doing it wrong. I thought routed should take care of this dynamically, but I'm a bit unsure about that. Steve Fabian -- http://www.fabiankeil.de/ Thanks alot for the replies. I appreciate it. Jason ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
At 06:34 AM 11/1/2005, Jason Morgan wrote: On Tue, Nov 01, 2005 at 09:03:11AM -0500, Steve Bertrand wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fabian Keil Sent: Tuesday, November 01, 2005 5:58 AM To: Jason Morgan Cc: FreeBSD Questions Subject: Re: Quick Routing Question Jason Morgan [EMAIL PROTECTED] wrote: I am setting up a wireless subnet and, while the gateway (FreeBSD system) is communicating fine with the wireless router, my other subnet is not able to connect to the wireless router. Here is a diagram of my network, I think it's fairly typical. Wired Subnet (10.0.0.x) / / Internet -- FreeBSD Machine \ \ Wireless Subnet (192.168.1.x) The 'wired' interface on the FreeBSD machine has an IP of 10.0.0.1, with the 'wireless' IP being 192.168.1.1. Now, the FreeBSD machine and the wireless router (192.168.1.2) communicate fine as does the wired subnet; however, I am not able to connect from a 10.0.0.x client to the wireless router. After running traceroute, etc, it seems that the FreeBSD machine is simply not routing the data from one subnet to the other. I've verified that it's not the firewall blocking packets. How do I get these subnets to communicate? Did you put gateway_enable=YES in rc.conf? Did you read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/nethttp://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/net work-routing.html? Yes, the FreeBSD machine has been acting as a router/gateway/firewall for the wired network for quite some time. I did look at the handbook, that's usually my first stop. Also, what does: # netstat -rn ...output? # netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default70.183.13.193 UGS 024701xl0 10/24 link#3 UC 00 fxp0 10.0.0.1 00:d0:b7:44:f9:c6 UHLW0 903lo0 10.0.0.2 00:50:8d:e5:a5:41 UHLW0 322468 fxp0572 10.0.0.4 00:e0:98:04:01:f6 UHLW0 1131 fxp0 1140 70.183.13.192/26 link#2 UC 00xl0 70.183.13.193 00:13:5f:00:f0:ee UHLW10xl0 1188 70.183.13.213 00:50:04:cf:52:8a UHLW0 18lo0 127.0.0.1 127.0.0.1 UH 00lo0 192.168.1 link#1 UC 00dc0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%dc0/64 link#1 UC dc0 fe80::204:5aff:fe42:5084%dc0 00:04:5a:42:50:84UHLlo0 fe80::%xl0/64 link#2 UC xl0 fe80::250:4ff:fecf:528a%xl0 00:50:04:cf:52:8aUHLlo0 fe80::%fxp0/64link#3 UC fxp0 fe80::2d0:b7ff:fe44:f9c6%fxp0 00:d0:b7:44:f9:c6UHLlo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#4 UHLlo0 ff01::/32 ::1 U lo0 ff02::%dc0/32 link#1 UC dc0 ff02::%xl0/32 link#2 UC xl0 ff02::%fxp0/32link#3 UC fxp0 ff02::%lo0/32 ::1 UC lo0 Also, made one small error in my initial post. The wireless router has IP 192.168.1.1 and the server's 'wireless' interface is 192.168.1.2 (going to switch these as soon as I get access to the wireless router settings). I've tried setting static routes between various interfaces on the FreeBSD machine, it hasn't worked, but I may be doing it wrong. I thought routed should take care of this dynamically, but I'm a bit unsure about that. This sounds a lot like the freebsd machine does not know how to route packets to the other side of the wireless router. Just to confirm how things are connected, ignoring the wired net for a moment, it sounds like you have something like this: internet -- A -- freebsd machine -- B -- wireless router/AP -- C -- wireless device You mention that the addresses in use for what I have marked as 'B' above, are 192.168.1.1 and 192.168.1.2. What about the other side of the wireless router/AP? What IP's are being used for the wireless devices? If those IP's are not in the same net as 'B' you'll need a static route in the freebsd machine so it knows to send packets for the 'C' network to the wireless router/AP. However, if the wireless router/AP is acting as a bridge, and the same
RE: Quick Routing Question
Do you have gateway_enable=YES in your rc.conf? Brian E. Conklin, MCP+I, MCSE Director of Information Services Mason General Hospital http://www.masongeneral.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Morgan Sent: Monday, October 31, 2005 9:42 PM To: FreeBSD Questions Subject: Quick Routing Question I am setting up a wireless subnet and, while the gateway (FreeBSD system) is communicating fine with the wireless router, my other subnet is not able to connect to the wireless router. Here is a diagram of my network, I think it's fairly typical. Wired Subnet (10.0.0.x) / / Internet -- FreeBSD Machine \ \ Wireless Subnet (192.168.1.x) The 'wired' interface on the FreeBSD machine has an IP of 10.0.0.1, with the 'wireless' IP being 192.168.1.1. Now, the FreeBSD machine and the wireless router (192.168.1.2) communicate fine as does the wired subnet; however, I am not able to connect from a 10.0.0.x client to the wireless router. After running traceroute, etc, it seems that the FreeBSD machine is simply not routing the data from one subnet to the other. I've verified that it's not the firewall blocking packets. How do I get these subnets to communicate? Thanks, Jason ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] = Mason General Hospital 901 Mt. View Drive PO Box 1668 Shelton, WA 98584 http://www.masongeneral.com (360) 426-1611 = This message is intended for the sole use of the individual and entity to whom it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee nor authorized to receive for the addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone this message or any information contained in the message. If you have received this message in error, please immediately notify the sender and delete the message. Replying to this message constitutes consent to electronic monitoring of this message. Thank you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Quick Routing Question
DestinationGatewayFlagsRefs Use Netif Expire default70.183.13.193 UGS 024701xl0 10/24 link#3 UC 00 fxp0 10.0.0.1 00:d0:b7:44:f9:c6 UHLW0 903lo0 10.0.0.2 00:50:8d:e5:a5:41 UHLW0 322468 fxp0572 10.0.0.4 00:e0:98:04:01:f6 UHLW0 1131 fxp0 1140 70.183.13.192/26 link#2 UC 00xl0 70.183.13.193 00:13:5f:00:f0:ee UHLW10 xl0 1188 70.183.13.213 00:50:04:cf:52:8a UHLW0 18lo0 127.0.0.1 127.0.0.1 UH 00lo0 192.168.1 link#1 UC 00dc0 Ok, this looks ok. The 10/24 network *should* be able to see/route anything back and forth to the 192.168.1/24 network without difficulty. Now, I can't remember if you said how this was cabled, but this is how I set up my wifi networks: - plug the wireless network interface in the FBSD router into one of the LAN switch ports on the wireless AP/router (if indeed it is a router). The IP address on the LAN side of the AP is irrelevant, so long as you don't conflict with another IP. - Give the wireless laptop a static IP inside the wireless IP subnet - Have nothing plugged into the WAN side of the wireless AP, as you don't want routing with that unit, you just want a layer-2 (bridged/switched) AP. - effectively, if you have wireless connectivity from the laptop to the AP, you should be able to ping the FW, and vice-versa If it doesn't work, cable up the laptop to the LAN side of the AP, ensuring it has a proper IP in the wifi range, and then ping. If all else fails, set up a round of say 100 pings from the laptop to the FBSD box, and on the FBSD box, do this: # tcpdump -n -i fxp0 where fxp0 is the interface the AP is plugged into. This will show you first, if the pings are getting from the wifi subnet to the FBSD box, and also if they are being returned. Inbound pings but no outbound pings could indicate a deeper routing issue or FW issue. No inbound pings could indicate a problem with IP allocation or subnet issues. tcpdump (1) is a great tool, and may even help further troubleshoot the issue. If you can ping from wifi to FBSD wifi interface, then push the scope of the test further, trying to ping the cabled side of the FBSD box. let us know what you find, as the more detail we have after certain tests, will enable us to provide further recommendations. Also, an ifconfig output could help too, so long everything is all connected. Regards, Steve Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%dc0/64 link#1 UC dc0 fe80::204:5aff:fe42:5084%dc0 00:04:5a:42:50:84UHLlo0 fe80::%xl0/64 link#2 UC xl0 fe80::250:4ff:fecf:528a%xl0 00:50:04:cf:52:8aUHLlo0 fe80::%fxp0/64link#3 UC fxp0 fe80::2d0:b7ff:fe44:f9c6%fxp0 00:d0:b7:44:f9:c6UHLlo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#4 UHLlo0 ff01::/32 ::1 U lo0 ff02::%dc0/32 link#1 UC dc0 ff02::%xl0/32 link#2 UC xl0 ff02::%fxp0/32link#3 UC fxp0 ff02::%lo0/32 ::1 UC lo0 Also, made one small error in my initial post. The wireless router has IP 192.168.1.1 and the server's 'wireless' interface is 192.168.1.2 (going to switch these as soon as I get access to the wireless router settings). I've tried setting static routes between various interfaces on the FreeBSD machine, it hasn't worked, but I may be doing it wrong. I thought routed should take care of this dynamically, but I'm a bit unsure about that. Steve Fabian -- http://www.fabiankeil.de/ Thanks alot for the replies. I appreciate it. Jason ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Tue, Nov 01, 2005 at 07:03:26AM -0800, Brian E. Conklin wrote: Do you have gateway_enable=YES in your rc.conf? Yes, I do. The FreeBSD works fine for routing to the outside, it's between the subnets where I run into issues. Brian E. Conklin, MCP+I, MCSE Director of Information Services Mason General Hospital http://www.masongeneral.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Morgan Sent: Monday, October 31, 2005 9:42 PM To: FreeBSD Questions Subject: Quick Routing Question I am setting up a wireless subnet and, while the gateway (FreeBSD system) is communicating fine with the wireless router, my other subnet is not able to connect to the wireless router. Here is a diagram of my network, I think it's fairly typical. Wired Subnet (10.0.0.x) / / Internet -- FreeBSD Machine \ \ Wireless Subnet (192.168.1.x) The 'wired' interface on the FreeBSD machine has an IP of 10.0.0.1, with the 'wireless' IP being 192.168.1.1. Now, the FreeBSD machine and the wireless router (192.168.1.2) communicate fine as does the wired subnet; however, I am not able to connect from a 10.0.0.x client to the wireless router. After running traceroute, etc, it seems that the FreeBSD machine is simply not routing the data from one subnet to the other. I've verified that it's not the firewall blocking packets. How do I get these subnets to communicate? Thanks, Jason ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] = Mason General Hospital 901 Mt. View Drive PO Box 1668 Shelton, WA 98584 http://www.masongeneral.com (360) 426-1611 = This message is intended for the sole use of the individual and entity to whom it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee nor authorized to receive for the addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone this message or any information contained in the message. If you have received this message in error, please immediately notify the sender and delete the message. Replying to this message constitutes consent to electronic monitoring of this message. Thank you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Tue, Nov 01, 2005 at 10:25:25AM -0500, Steve Bertrand wrote: DestinationGatewayFlagsRefs Use Netif Expire default70.183.13.193 UGS 024701xl0 10/24 link#3 UC 00 fxp0 10.0.0.1 00:d0:b7:44:f9:c6 UHLW0 903lo0 10.0.0.2 00:50:8d:e5:a5:41 UHLW0 322468 fxp0572 10.0.0.4 00:e0:98:04:01:f6 UHLW0 1131 fxp0 1140 70.183.13.192/26 link#2 UC 00xl0 70.183.13.193 00:13:5f:00:f0:ee UHLW10 xl0 1188 70.183.13.213 00:50:04:cf:52:8a UHLW0 18lo0 127.0.0.1 127.0.0.1 UH 00lo0 192.168.1 link#1 UC 00dc0 Ok, this looks ok. The 10/24 network *should* be able to see/route anything back and forth to the 192.168.1/24 network without difficulty. Now, I can't remember if you said how this was cabled, but this is how I set up my wifi networks: - plug the wireless network interface in the FBSD router into one of the LAN switch ports on the wireless AP/router (if indeed it is a router). The IP address on the LAN side of the AP is irrelevant, so long as you don't conflict with another IP. Yes, that's what I've done. - Give the wireless laptop a static IP inside the wireless IP subnet As soon as I can get the Linksys set up, I will. - Have nothing plugged into the WAN side of the wireless AP, as you don't want routing with that unit, you just want a layer-2 (bridged/switched) AP. Correct. - effectively, if you have wireless connectivity from the laptop to the AP, you should be able to ping the FW, and vice-versa Checking to make sure the wireless router is routing now, but I can ping from the FreeBSD gateway to the router (as well as hit the web setup with lynx). If it doesn't work, cable up the laptop to the LAN side of the AP, ensuring it has a proper IP in the wifi range, and then ping. If all else fails, set up a round of say 100 pings from the laptop to the FBSD box, and on the FBSD box, do this: # tcpdump -n -i fxp0 where fxp0 is the interface the AP is plugged into. This will show you first, if the pings are getting from the wifi subnet to the FBSD box, and also if they are being returned. Inbound pings but no outbound pings could indicate a deeper routing issue or FW issue. No inbound pings could indicate a problem with IP allocation or subnet issues. tcpdump (1) is a great tool, and may even help further troubleshoot the issue. Thanks for the suggestions. Never played with tcpdump before. If you can ping from wifi to FBSD wifi interface, then push the scope of the test further, trying to ping the cabled side of the FBSD box. let us know what you find, as the more detail we have after certain tests, will enable us to provide further recommendations. Also, an ifconfig output could help too, so long everything is all connected. I'll move a client from the 'wired' side to the 'wireless' side here shortly. Thanks for the help. -Jason Regards, Steve Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%dc0/64 link#1 UC dc0 fe80::204:5aff:fe42:5084%dc0 00:04:5a:42:50:84UHLlo0 fe80::%xl0/64 link#2 UC xl0 fe80::250:4ff:fecf:528a%xl0 00:50:04:cf:52:8aUHLlo0 fe80::%fxp0/64link#3 UC fxp0 fe80::2d0:b7ff:fe44:f9c6%fxp0 00:d0:b7:44:f9:c6UHLlo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#4 UHLlo0 ff01::/32 ::1 U lo0 ff02::%dc0/32 link#1 UC dc0 ff02::%xl0/32 link#2 UC xl0 ff02::%fxp0/32link#3 UC fxp0 ff02::%lo0/32 ::1 UC lo0 Also, made one small error in my initial post. The wireless router has IP 192.168.1.1 and the server's 'wireless' interface is 192.168.1.2 (going to switch these as soon as I get access to the wireless router settings). I've tried setting static routes between various interfaces on the FreeBSD machine, it hasn't worked, but I may be doing it wrong. I thought routed should take care of this dynamically, but I'm a bit unsure about that. Steve Fabian -- http://www.fabiankeil.de/ Thanks alot for the replies. I appreciate it. Jason ___ freebsd-questions@freebsd.org mailing list
RE: Quick Routing Question
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Morgan Sent: Tuesday, November 01, 2005 11:03 AM To: FreeBSD Questions Subject: Re: Quick Routing Question On Tue, Nov 01, 2005 at 10:25:25AM -0500, Steve Bertrand wrote: DestinationGatewayFlagsRefs Use Netif Expire default70.183.13.193 UGS 0 24701xl0 10/24 link#3 UC 0 0 fxp0 10.0.0.1 00:d0:b7:44:f9:c6 UHLW0 903lo0 10.0.0.2 00:50:8d:e5:a5:41 UHLW0 322468 fxp0572 10.0.0.4 00:e0:98:04:01:f6 UHLW0 1131 fxp0 1140 70.183.13.192/26 link#2 UC 0 0xl0 70.183.13.193 00:13:5f:00:f0:ee UHLW10 xl0 1188 70.183.13.213 00:50:04:cf:52:8a UHLW0 18lo0 127.0.0.1 127.0.0.1 UH 0 0lo0 192.168.1 link#1 UC 0 0dc0 Ok, this looks ok. The 10/24 network *should* be able to see/route anything back and forth to the 192.168.1/24 network without difficulty. Now, I can't remember if you said how this was cabled, but this is how I set up my wifi networks: - plug the wireless network interface in the FBSD router into one of the LAN switch ports on the wireless AP/router (if indeed it is a router). The IP address on the LAN side of the AP is irrelevant, so long as you don't conflict with another IP. Yes, that's what I've done. - Give the wireless laptop a static IP inside the wireless IP subnet As soon as I can get the Linksys set up, I will. - Have nothing plugged into the WAN side of the wireless AP, as you don't want routing with that unit, you just want a layer-2 (bridged/switched) AP. Correct. - effectively, if you have wireless connectivity from the laptop to the AP, you should be able to ping the FW, and vice-versa Checking to make sure the wireless router is routing now, but I can ping from the FreeBSD gateway to the router (as well as hit the web setup with lynx). Ok, slick...you are more than half way there. Carry on with bringing over a client to the wireless side of things (even if it's just cabled into the Linksys for now), to see if you can get through the AP, to the router. Then proceed to try to ping the cabled iface of the FBSD box from said client. If you can do that, then try a wireless client, to ensure the problem doesn't stem from wifi connectivity. And again, tcpdump is a very good tool. The -i switch tells it what interface to listen on, so if the wireless side of the router works but you can't ping across to the cabled side, then apply the cabled interface to the -i switch and you'll be able to see if traffic is making that far, and if it is, if it's even attempting to go back. Cheers, and good luck! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Tue, Nov 01, 2005 at 11:24:59AM -0500, Steve Bertrand wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Morgan Sent: Tuesday, November 01, 2005 11:03 AM To: FreeBSD Questions Subject: Re: Quick Routing Question On Tue, Nov 01, 2005 at 10:25:25AM -0500, Steve Bertrand wrote: DestinationGatewayFlagsRefs Use Netif Expire default70.183.13.193 UGS 0 24701xl0 10/24 link#3 UC 0 0 fxp0 10.0.0.1 00:d0:b7:44:f9:c6 UHLW0 903lo0 10.0.0.2 00:50:8d:e5:a5:41 UHLW0 322468 fxp0572 10.0.0.4 00:e0:98:04:01:f6 UHLW0 1131 fxp0 1140 70.183.13.192/26 link#2 UC 0 0xl0 70.183.13.193 00:13:5f:00:f0:ee UHLW10 xl0 1188 70.183.13.213 00:50:04:cf:52:8a UHLW0 18lo0 127.0.0.1 127.0.0.1 UH 0 0lo0 192.168.1 link#1 UC 0 0dc0 Ok, this looks ok. The 10/24 network *should* be able to see/route anything back and forth to the 192.168.1/24 network without difficulty. Now, I can't remember if you said how this was cabled, but this is how I set up my wifi networks: - plug the wireless network interface in the FBSD router into one of the LAN switch ports on the wireless AP/router (if indeed it is a router). The IP address on the LAN side of the AP is irrelevant, so long as you don't conflict with another IP. Yes, that's what I've done. - Give the wireless laptop a static IP inside the wireless IP subnet As soon as I can get the Linksys set up, I will. - Have nothing plugged into the WAN side of the wireless AP, as you don't want routing with that unit, you just want a layer-2 (bridged/switched) AP. Correct. - effectively, if you have wireless connectivity from the laptop to the AP, you should be able to ping the FW, and vice-versa Checking to make sure the wireless router is routing now, but I can ping from the FreeBSD gateway to the router (as well as hit the web setup with lynx). Ok, slick...you are more than half way there. Carry on with bringing over a client to the wireless side of things (even if it's just cabled into the Linksys for now), to see if you can get through the AP, to the router. Then proceed to try to ping the cabled iface of the FBSD box from said client. If you can do that, then try a wireless client, to ensure the problem doesn't stem from wifi connectivity. And again, tcpdump is a very good tool. The -i switch tells it what interface to listen on, so if the wireless side of the router works but you can't ping across to the cabled side, then apply the cabled interface to the -i switch and you'll be able to see if traffic is making that far, and if it is, if it's even attempting to go back. Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? Thanks again for all the help. tcpdump helped a lot. Jason Cheers, and good luck! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
Jason Morgan [EMAIL PROTECTED] wrote: On Tue, Nov 01, 2005 at 11:24:59AM -0500, Steve Bertrand wrote: And again, tcpdump is a very good tool. The -i switch tells it what interface to listen on, so if the wireless side of the router works but you can't ping across to the cabled side, then apply the cabled interface to the -i switch and you'll be able to see if traffic is making that far, and if it is, if it's even attempting to go back. Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? Do you have NAT enabled between 192.168.1.0 and 10.0.0.0? If you do, the Linksys shouldn't see any 10.0.0.x addresses. If you don't, this is probably a security measure. Perhaps the Linksys supports a white list to allow access from non-local addresses. Fabian -- http://www.fabiankeil.de/ pgpYrvJUyBRPy.pgp Description: PGP signature
RE: Quick Routing Question
Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? No, this is not a NAT issue. You are not doing NAT in this situation (on exception through to the Internet)...the 10/24 and 192.168.1/24 subnets are routed (not NAT'd) through the FBSD box. They are communicating directly to one another, with no translation at all. The problem here (my opinion only), is that the Linksys sees the 10.x address and is not familiar with it (unless explicitly told to do so). What you need to do, is set a static route inside the Linksys that states that 10.0.0.x/24 should be routed to 192.168.1.2 (aka FBSD fw), out the LAN side of the device. Otherwise, what will happen is that the Linksys sees 10/24 as an *outside* address range, and it will forever trying to send it out it's WAN side, to it's default GW, even if there is not one configured. The Linksys may try to give up searching for the 10 network because the only addresses it knows how to route through the LAN side will be the 192 network. I hope I haven't confused you here. I've gotten quite busy so I'm typing faster tham I'm able to think :) Anyway, it's been a while since I've played with a Linksys, but I am certain you can add static routes. Again, what you want is a route that states: - if it needs to go to 10.0.0.0, 255.255.255.0, send it to 192.168.1.2. Now, one more thing...it may be possible that the Linksys interface may ONLY allow connection from it's own subnet, but you'll be able to enlighten me here :) Thanks again for all the help. tcpdump helped a lot. No problem. I'm glad I could be of help. Truly, what you are learning here is how the Internet as a whole works (as far as routing is concerned). The only difference is that you are playing with private IP address allocations, as opposed to public addresses. Steve Jason Cheers, and good luck! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Tue, Nov 01, 2005 at 06:37:16PM +0100, Fabian Keil wrote: Jason Morgan [EMAIL PROTECTED] wrote: On Tue, Nov 01, 2005 at 11:24:59AM -0500, Steve Bertrand wrote: And again, tcpdump is a very good tool. The -i switch tells it what interface to listen on, so if the wireless side of the router works but you can't ping across to the cabled side, then apply the cabled interface to the -i switch and you'll be able to see if traffic is making that far, and if it is, if it's even attempting to go back. Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? Do you have NAT enabled between 192.168.1.0 and 10.0.0.0? If you do, the Linksys shouldn't see any 10.0.0.x addresses. If you don't, this is probably a security measure. Perhaps the Linksys supports a white list to allow access from non-local addresses. I never explicity set the FreeBSD machine to enable NAT between these subnets. Should I do so? Do I just add another natd_interface to rc.conf? Right now, the NAT related entries in rc.conf on the gateway look like this: natd_enable=YES natd_interface=xl0 #public interface natd_flags=-dynamic -m Thanks again, Jason Fabian -- http://www.fabiankeil.de/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Tue, Nov 01, 2005 at 12:42:27PM -0500, Steve Bertrand wrote: Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? No, this is not a NAT issue. You are not doing NAT in this situation (on exception through to the Internet)...the 10/24 and 192.168.1/24 subnets are routed (not NAT'd) through the FBSD box. They are communicating directly to one another, with no translation at all. The problem here (my opinion only), is that the Linksys sees the 10.x address and is not familiar with it (unless explicitly told to do so). What you need to do, is set a static route inside the Linksys that states that 10.0.0.x/24 should be routed to 192.168.1.2 (aka FBSD fw), out the LAN side of the device. Otherwise, what will happen is that the Linksys sees 10/24 as an *outside* address range, and it will forever trying to send it out it's WAN side, to it's default GW, even if there is not one configured. The Linksys may try to give up searching for the 10 network because the only addresses it knows how to route through the LAN side will be the 192 network. I hope I haven't confused you here. I've gotten quite busy so I'm typing faster tham I'm able to think :) Anyway, it's been a while since I've played with a Linksys, but I am certain you can add static routes. Again, what you want is a route that states: - if it needs to go to 10.0.0.0, 255.255.255.0, send it to 192.168.1.2. Got it. I'll try that. The Linksys does allow you to specify static routes. -Jason Now, one more thing...it may be possible that the Linksys interface may ONLY allow connection from it's own subnet, but you'll be able to enlighten me here :) Thanks again for all the help. tcpdump helped a lot. No problem. I'm glad I could be of help. Truly, what you are learning here is how the Internet as a whole works (as far as routing is concerned). The only difference is that you are playing with private IP address allocations, as opposed to public addresses. Steve Jason Cheers, and good luck! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Quick Routing Question
I never explicity set the FreeBSD machine to enable NAT between these subnets. Should I do so? Do I just add another natd_interface to rc.conf? You do not want to do this. The below config in rc.conf is correct. It states that nat will only be enabled for the external interface, for both subnets. There is no need to nat between your two internal subnets. Steve Right now, the NAT related entries in rc.conf on the gateway look like this: natd_enable=YES natd_interface=xl0 #public interface natd_flags=-dynamic -m Thanks again, Jason Fabian -- http://www.fabiankeil.de/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Nov 1, 2005, at 11:15 AM, Jason Morgan wrote: ... Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? Most Linksys routers deny configuration from the WAN interface by default. You MUST configure the linksys router initially to enable administration via the WAN interface. At the very least, please set a reasonable password and enable https! - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Tue, Nov 01, 2005 at 03:10:44PM -0600, Eric F Crist wrote: On Nov 1, 2005, at 11:15 AM, Jason Morgan wrote: ... Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? Most Linksys routers deny configuration from the WAN interface by default. You MUST configure the linksys router initially to enable administration via the WAN interface. At the very least, please set a reasonable password and enable https! Yeah, the router was denying connections from 10.0.0.0. I have fixed this, changed the password, and disallowed alterations from the WAN. Once again, thanks everyone for the help. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Quick Routing Question
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Morgan Sent: Tuesday, November 01, 2005 6:47 PM To: freebsd-questions@freebsd.org Subject: Re: Quick Routing Question On Tue, Nov 01, 2005 at 03:10:44PM -0600, Eric F Crist wrote: On Nov 1, 2005, at 11:15 AM, Jason Morgan wrote: ... Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? Most Linksys routers deny configuration from the WAN interface by default. You MUST configure the linksys router initially to enable administration via the WAN interface. At the very least, please set a reasonable password and enable https! Yeah, the router was denying connections from 10.0.0.0. I have fixed this, changed the password, and disallowed alterations from the WAN. Great! However, to the previous poster... You may have missed it, but we had eliminated the WAN from the equation early on. He is using the AP on the layer-2 side only. The WAN is connected to nothing, so that was not the issue (so far as I was involved in this thread). I understand that the default on a Linksys does not allow WAN admin, but again, that was not the case here. Jason...what fixed it? Was it the addition of the new static route? Please enlighten me. Tks, Steve Once again, thanks everyone for the help. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Tue, Nov 01, 2005 at 07:49:54PM -0500, Steve Bertrand wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Morgan Sent: Tuesday, November 01, 2005 6:47 PM To: freebsd-questions@freebsd.org Subject: Re: Quick Routing Question On Tue, Nov 01, 2005 at 03:10:44PM -0600, Eric F Crist wrote: On Nov 1, 2005, at 11:15 AM, Jason Morgan wrote: ... Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? Most Linksys routers deny configuration from the WAN interface by default. You MUST configure the linksys router initially to enable administration via the WAN interface. At the very least, please set a reasonable password and enable https! Yeah, the router was denying connections from 10.0.0.0. I have fixed this, changed the password, and disallowed alterations from the WAN. Great! However, to the previous poster... You may have missed it, but we had eliminated the WAN from the equation early on. He is using the AP on the layer-2 side only. The WAN is connected to nothing, so that was not the issue (so far as I was involved in this thread). I understand that the default on a Linksys does not allow WAN admin, but again, that was not the case here. Jason...what fixed it? Was it the addition of the new static route? Please enlighten me. Bingo, it was the static route. The wireless router didn't like getting connection attempts from 10.0.0.0 addresses. Turns out, the FreeBSD machine was operating as advertised. Now it's time to get IPSEC set up. Cheers, Jason Tks, Steve Once again, thanks everyone for the help. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Quick Routing Question
Bingo, it was the static route. The wireless router didn't like getting connection attempts from 10.0.0.0 addresses. Turns out, the FreeBSD machine was operating as advertised. Now it's time to get IPSEC set up. Awesome :) You have any q's in your new venture that aren't related to FBSD directly, email me at [EMAIL PROTECTED], if they are IPSec questions via implementation with FBSD directly, hit me and the list. BTW..FBSD always works as advertised. It's seeking out the other nagging issues using FBSD as your test platform that usually seeks them out ;) Keep up the good work. You seem to have built a reasonable understanding of routing. I hope that you've actually understood/learned something from all this. I think you have. I'd say, if you have an extra nic, add a new 172.16/16 subnet in the mix, and see if you can get that to work too. Either way, move on with IPSec, and you'll have one nice, strong, segmented, subnetted, secure wireless and cabled infrastructure, right in your own home!! After you get IPSec working, we'll get you onto IPFW, and FW tweaking ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Quick Routing Question
I am setting up a wireless subnet and, while the gateway (FreeBSD system) is communicating fine with the wireless router, my other subnet is not able to connect to the wireless router. Here is a diagram of my network, I think it's fairly typical. Wired Subnet (10.0.0.x) / / Internet -- FreeBSD Machine \ \ Wireless Subnet (192.168.1.x) The 'wired' interface on the FreeBSD machine has an IP of 10.0.0.1, with the 'wireless' IP being 192.168.1.1. Now, the FreeBSD machine and the wireless router (192.168.1.2) communicate fine as does the wired subnet; however, I am not able to connect from a 10.0.0.x client to the wireless router. After running traceroute, etc, it seems that the FreeBSD machine is simply not routing the data from one subnet to the other. I've verified that it's not the firewall blocking packets. How do I get these subnets to communicate? Thanks, Jason ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: default routing question ZIPB ADSL PPPoA
Ahnjoan Amous [EMAIL PROTECTED] writes: The short : I believe the problem I am having is due to routing. A DHCP server sends me IP A.B.C.D with a default route of A.B.C.D. dhclient isn't handling this well and I don't know how to fix it. Windows as well as Linux DHCP clients do not have a problem with this and I am at my wits end trying to figure out what combination of route commands will fix my issue. The long : I have a CellPipe ADSL router/bridge from Lucent. This device is provided by our ISP. I am exploring the ZIPB functionality of the device to allow my FreeBSD host to own the public IP. The basics of the configuration for those unfamiliar is as follows. PPPoA is established by the device and the the (public) IP acquired through the previous process is delivered to a host behind that CellPipe via DHCP. After DHCP the device acts as a bridge, allowing the internal device to use the public IP as its own. I'm sure this description is vague but I don't know any other way to explain. Info : After dhclient acquires its info the ethernet interface looks like this ifconfig ethernet interface √ inet A.B.C.D netmask 255.255.255.255http://255.255.255.255/ When I connect a windows or Linux host they seem to treat the interface as the default route and work as expected. With FreeBSD I have tried removing all routes for the device after assignment, and then adding default route based on -interface flag for route command. I have also tried opening up the netmask on the ethernet interface and adding a default route destined for what I know the PPPoA connections end point is. Nothing I have tried seems to work. I don't consider myself an expert by any means but this is clearly beyond my knowledge. I'm happy to provide any information you need it you have an idea. Sounds like it's really an unnumbered interface. Did you try the -iface option to route(8)? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: default routing question ZIPB ADSL PPPoA
El Dom 23 Oct 2005 20:22, Ahnjoan Amous escribió: The long : I have a CellPipe ADSL router/bridge from Lucent. This device is provided by our ISP. I am exploring the ZIPB functionality of the device to allow my FreeBSD host to own the public IP. The basics of the configuration for those unfamiliar is as follows. PPPoA is established by the device and the the (public) IP acquired through the previous process is delivered to a host behind that CellPipe via DHCP. After DHCP the device acts as a bridge, allowing the internal device to use the public IP as its own. I'm sure this description is vague but I don't know any other way to explain. Looks like you are using PPPoA over a modem bridge. How do you connect your modem to your PC? (ethernet, usb, ???) Info : After dhclient acquires its info the ethernet interface looks like this ifconfig ethernet interface – inet A.B.C.D netmask 255.255.255.255http://255.255.255.255/ Send the result of this command, if you want to keep your privacy, change the net address. ifconfig netstat -rn Also, I don't understand, what is your problem? I have a PPPoE connection and the ifconfig give somenthig like this % ifconfig tun0 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1500 inet 216.136.204.21 -- 204.152.186.171 netmask 0xff00 Opened by PID 918 maps ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
default routing question ZIPB ADSL PPPoA
The short : I believe the problem I am having is due to routing. A DHCP server sends me IP A.B.C.D with a default route of A.B.C.D. dhclient isn't handling this well and I don't know how to fix it. Windows as well as Linux DHCP clients do not have a problem with this and I am at my wits end trying to figure out what combination of route commands will fix my issue. The long : I have a CellPipe ADSL router/bridge from Lucent. This device is provided by our ISP. I am exploring the ZIPB functionality of the device to allow my FreeBSD host to own the public IP. The basics of the configuration for those unfamiliar is as follows. PPPoA is established by the device and the the (public) IP acquired through the previous process is delivered to a host behind that CellPipe via DHCP. After DHCP the device acts as a bridge, allowing the internal device to use the public IP as its own. I'm sure this description is vague but I don't know any other way to explain. Info : After dhclient acquires its info the ethernet interface looks like this ifconfig ethernet interface – inet A.B.C.D netmask 255.255.255.255http://255.255.255.255/ When I connect a windows or Linux host they seem to treat the interface as the default route and work as expected. With FreeBSD I have tried removing all routes for the device after assignment, and then adding default route based on -interface flag for route command. I have also tried opening up the netmask on the ethernet interface and adding a default route destined for what I know the PPPoA connections end point is. Nothing I have tried seems to work. I don't consider myself an expert by any means but this is clearly beyond my knowledge. I'm happy to provide any information you need it you have an idea. Thanks Ahnjoan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
default routing question ZIPB ADSL PPPoA
The short : I believe the problem I am having is due to routing. A DHCP server sends me IP A.B.C.D with a default route of A.B.C.D. dhclient isn't handling this well and I don't know how to fix it. Windows as well as Linux DHCP clients do not have a problem with this and I am at my wits end trying to figure out what combination of route commands will fix my issue. The long : I have a CellPipe ADSL router/bridge from Lucent. This device is provided by our ISP. I am exploring the ZIPB functionality of the device to allow my FreeBSD host to own the public IP. The basics of the configuration for those unfamiliar is as follows. PPPoA is established by the device and the the (public) IP acquired through the previous process is delivered to a host behind that CellPipe via DHCP. After DHCP the device acts as a bridge, allowing the internal device to use the public IP as its own. I'm sure this description is vague but I don't know any other way to explain. Info : After dhclient acquires its info the ethernet interface looks like this ifconfig ethernet interface – inet A.B.C.D netmask 255.255.255.255http://255.255.255.255 When I connect a windows or Linux host they seem to treat the interface as the default route and work as expected. With FreeBSD I have tried removing all routes for the device after assignment, and then adding default route based on -interface flag for route command. I have also tried opening up the netmask on the ethernet interface and adding a default route destined for what I know the PPPoA connections end point is. Nothing I have tried seems to work. I don't consider myself an expert by any means but this is clearly beyond my knowledge. I'm happy to provide any information you need it you have an idea. Thanks Ahnjoan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Routing question?
Dan Nelson wrote: In the last episode (Apr 13), Kurt Buff said: I have a FreeBSD 5.3 box running postfix/amavisd-new/spamassassin/clamav. Currently, we have two entrances to our network, one is the Watchguard FBIII for our T1, the other is a PC running Win2k and Winproxy, serving our DSL line. The PC is starting to flake out, and I'd like to replace it with a Wachguard SOHO that we have laying around. It might be easier to just hang your DSL line off your External or Optional network, so you can enable the FBIII's SMTP filtering on both your DSL and T1 lines. Hanging it off a SOHO in your Trusted network is a bit less secure (but no worse than your winproxy setup). That's worthy of some thought. It may not fulfill the layer 8 requirements, however. The default gateway for the FreeBSD box is pointed at the WG FBIII, as that's the way most of our email comes through. What the PC with Winproxy does is accept inbound email connections to our secondary MX, and presents them to the FreeBSD box. I'm assuming that the Winproxy program was doing something funky to make all of this happen, but I'm really set on replacing it. This has been working for a year or two, but lately the Winproxy program on the PC is falling over several times a day. It's not a hardware error - all other programs on the machine work just fine, but Winproxy is dieing. When I hook up the SOHO, I can't get emails through the DSL line. What fails? Do you get connection refused? Maybe you just need to open port 25 incoming on the SOHO and redirect it to the FreeBSD box's IP (set up an alias IP in the SOHO's default 192.168.111/24 network if you can't get the SOHO to use your exisitng Trusted network as its trusted network). I have a Firebox 1000 and a SOHO at work but don't have the SOHO's password on me so I can't tell you exactly what to set where :) Failure mode is that when I telnet to the external IP address of the soho on port 25, I get no answer. On the SOHO, I have port 25 set to allow inbound access, only to the IP address of the postfix box. It smells to me like what's happening is that the inbound packets are making it to and through the SOHO, but then the postfix box obeys its DG setting, and tries to send the responses out the FBIII, and they never make it back to the originating box. Kurt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Routing question? second reply
Dan Nelson wrote: In the last episode (Apr 13), Kurt Buff said: I have a FreeBSD 5.3 box running postfix/amavisd-new/spamassassin/clamav. Currently, we have two entrances to our network, one is the Watchguard FBIII for our T1, the other is a PC running Win2k and Winproxy, serving our DSL line. The PC is starting to flake out, and I'd like to replace it with a Wachguard SOHO that we have laying around. It might be easier to just hang your DSL line off your External or Optional network, so you can enable the FBIII's SMTP filtering on both your DSL and T1 lines. Hanging it off a SOHO in your Trusted network is a bit less secure (but no worse than your winproxy setup). On further thought, this isn't going to work. Aside from layer 8 issues, we also want to use the optional port for an IM solution for customer support, and eventually we're going to pull our web site into it. Unless I'm misunderstanding your thoughts... The default gateway for the FreeBSD box is pointed at the WG FBIII, as that's the way most of our email comes through. What the PC with Winproxy does is accept inbound email connections to our secondary MX, and presents them to the FreeBSD box. I'm assuming that the Winproxy program was doing something funky to make all of this happen, but I'm really set on replacing it. This has been working for a year or two, but lately the Winproxy program on the PC is falling over several times a day. It's not a hardware error - all other programs on the machine work just fine, but Winproxy is dieing. When I hook up the SOHO, I can't get emails through the DSL line. What fails? Do you get connection refused? Maybe you just need to open port 25 incoming on the SOHO and redirect it to the FreeBSD box's IP (set up an alias IP in the SOHO's default 192.168.111/24 network if you can't get the SOHO to use your exisitng Trusted network as its trusted network). I have a Firebox 1000 and a SOHO at work but don't have the SOHO's password on me so I can't tell you exactly what to set where :) I've got someone at WG looking at the SOHO setup for me, and they're starting to come to my conclusion - it's going to require more smarts for the postfix box. I'm thinking zebra/quagga might be required, perhaps even if we put the postfix box in the DMZ/optional area of the FBIII, 'cause the postfix box needs to know where to pitch packets after receiving them. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Routing question?
In the last episode (Apr 14), Kurt Buff said: Dan Nelson wrote: In the last episode (Apr 13), Kurt Buff said: I have a FreeBSD 5.3 box running postfix/amavisd-new/spamassassin/clamav. Currently, we have two entrances to our network, one is the Watchguard FBIII for our T1, the other is a PC running Win2k and Winproxy, serving our DSL line. The PC is starting to flake out, and I'd like to replace it with a Wachguard SOHO that we have laying around. The default gateway for the FreeBSD box is pointed at the WG FBIII, as that's the way most of our email comes through. What the PC with Winproxy does is accept inbound email connections to our secondary MX, and presents them to the FreeBSD box. I'm assuming that the Winproxy program was doing something funky to make all of this happen, but I'm really set on replacing it. This has been working for a year or two, but lately the Winproxy program on the PC is falling over several times a day. It's not a hardware error - all other programs on the machine work just fine, but Winproxy is dieing. When I hook up the SOHO, I can't get emails through the DSL line. Failure mode is that when I telnet to the external IP address of the soho on port 25, I get no answer. On the SOHO, I have port 25 set to allow inbound access, only to the IP address of the postfix box. It smells to me like what's happening is that the inbound packets are making it to and through the SOHO, but then the postfix box obeys its DG setting, and tries to send the responses out the FBIII, and they never make it back to the originating box. That's possible, since the FBIII won't allow those outgoing packets without having seen the full TCP handshake. You could use ipfw fwd rules to force the outgoing packets to route via the SOHO: ( Internet ) 1.2.3.4/24 FBIII SOHO 12.1.2.3/32 (external) || 192.168.111.1/24 (internal) || +--+--+--+---+ | BSD The BSD machine would have three IPs: 1.2.3.10 (mx1.host.com, primary incoming mail) 1.2.3.11 (mail.host.com, outgoing mail) 192.168.111.2 (secondary incoming mail) mx2.host.com would be set to 12.1.2.3 and the SOHO would be told to forward port 25 to 192.168.111.2. If you add this ipfw rule to BSD: fwd 192.168.111.1 ip from 192.168.111.2 to any , that should be enough to force all (and only) the DSL mail traffic through the SOHO. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Routing question? second reply
In the last episode (Apr 14), Kurt Buff said: Dan Nelson wrote: In the last episode (Apr 13), Kurt Buff said: I have a FreeBSD 5.3 box running postfix/amavisd-new/spamassassin/clamav. Currently, we have two entrances to our network, one is the Watchguard FBIII for our T1, the other is a PC running Win2k and Winproxy, serving our DSL line. The PC is starting to flake out, and I'd like to replace it with a Wachguard SOHO that we have laying around. It might be easier to just hang your DSL line off your External or Optional network, so you can enable the FBIII's SMTP filtering on both your DSL and T1 lines. Hanging it off a SOHO in your Trusted network is a bit less secure (but no worse than your winproxy setup). On further thought, this isn't going to work. Aside from layer 8 issues, we also want to use the optional port for an IM solution for customer support, and eventually we're going to pull our web site into it. Unless I'm misunderstanding your thoughts... You can still hang it off External if your external router has a spare Ethernet port. We did something similar here; terminated and NAT'ted a 56k line off our Cisco router, and the firebox just saw it as regular internet traffic. The Cisco took care of routing the NAT'ted traffic through the 65k link. Or upgrade to a newer 6-port firebox :) -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Routing question?
All, I have a FreeBSD 5.3 box running postfix/amavisd-new/spamassassin/clamav. Currently, we have two entrances to our network, one is the Watchguard FBIII for our T1, the other is a PC running Win2k and Winproxy, serving our DSL line. The PC is starting to flake out, and I'd like to replace it with a Wachguard SOHO that we have laying around. The default gateway for the FreeBSD box is pointed at the WG FBIII, as that's the way most of our email comes through. What the PC with Winproxy does is accept inbound email connections to our secondary MX, and presents them to the FreeBSD box. I'm assuming that the Winproxy program was doing something funky to make all of this happen, but I'm really set on replacing it. This has been working for a year or two, but lately the Winproxy program on the PC is falling over several times a day. It's not a hardware error - all other programs on the machine work just fine, but Winproxy is dieing. When I hook up the SOHO, I can't get emails through the DSL line. Does anyone out there know what I can do to set up the FreeBSD box so that email coming through on the DSL line can be handled? One other detail that might affect the answers given - there are two IP addresses on the NIC in the FreeBSD box. One of those addresses handles the inbound emails (applying all of the savvy of amavis/spamassassin/clamav) and the other handles outbound mail, and no mail scanning happens to mail through that IP address. Thoughts? Sneers? Kurt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Routing question?
Looks like I sent the first copy from an old address. Sorry if this dupes... All, I have a FreeBSD 5.3 box running postfix/amavisd-new/spamassassin/clamav. Currently, we have two entrances to our network, one is the Watchguard FBIII for our T1, the other is a PC running Win2k and Winproxy, serving our DSL line. The PC is starting to flake out, and I'd like to replace it with a Wachguard SOHO that we have laying around. The default gateway for the FreeBSD box is pointed at the WG FBIII, as that's the way most of our email comes through. What the PC with Winproxy does is accept inbound email connections to our secondary MX, and presents them to the FreeBSD box. I'm assuming that the Winproxy program was doing something funky to make all of this happen, but I'm really set on replacing it. This has been working for a year or two, but lately the Winproxy program on the PC is falling over several times a day. It's not a hardware error - all other programs on the machine work just fine, but Winproxy is dieing. When I hook up the SOHO, I can't get emails through the DSL line. Does anyone out there know what I can do to set up the FreeBSD box so that email coming through on the DSL line can be handled? One other detail that might affect the answers given - there are two IP addresses on the NIC in the FreeBSD box. One of those addresses handles the inbound emails (applying all of the savvy of amavis/spamassassin/clamav) and the other handles outbound mail, and no mail scanning happens to mail through that IP address. Thoughts? Sneers? Kurt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Routing question?
In the last episode (Apr 13), Kurt Buff said: I have a FreeBSD 5.3 box running postfix/amavisd-new/spamassassin/clamav. Currently, we have two entrances to our network, one is the Watchguard FBIII for our T1, the other is a PC running Win2k and Winproxy, serving our DSL line. The PC is starting to flake out, and I'd like to replace it with a Wachguard SOHO that we have laying around. It might be easier to just hang your DSL line off your External or Optional network, so you can enable the FBIII's SMTP filtering on both your DSL and T1 lines. Hanging it off a SOHO in your Trusted network is a bit less secure (but no worse than your winproxy setup). The default gateway for the FreeBSD box is pointed at the WG FBIII, as that's the way most of our email comes through. What the PC with Winproxy does is accept inbound email connections to our secondary MX, and presents them to the FreeBSD box. I'm assuming that the Winproxy program was doing something funky to make all of this happen, but I'm really set on replacing it. This has been working for a year or two, but lately the Winproxy program on the PC is falling over several times a day. It's not a hardware error - all other programs on the machine work just fine, but Winproxy is dieing. When I hook up the SOHO, I can't get emails through the DSL line. What fails? Do you get connection refused? Maybe you just need to open port 25 incoming on the SOHO and redirect it to the FreeBSD box's IP (set up an alias IP in the SOHO's default 192.168.111/24 network if you can't get the SOHO to use your exisitng Trusted network as its trusted network). I have a Firebox 1000 and a SOHO at work but don't have the SOHO's password on me so I can't tell you exactly what to set where :) -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
CVSUP Routing question
Good day! Is it possible to tell cvsup to use another machine's global access in fetching the freebsd source updates?? Here's my office workstation setup: (private ip) (pri/pub ip) (all public) workstation router proxy server---internet mail server web server In short, I have a private ip workstation, I can reach the internet through our proxy server via a dual homed router. The proxy server, of course has a globally routable ip. The proxy server can run cvsup without any problem. I have a priviledge account at the proxy server. Now what I want to do is run cvsup in my workstation(private ip) but tell the cvsup to go through the router... and then go through the proxy.. and then tell the proxy to forward the cvsup to the internet(freebsd cvsup server) and then return the fetched files back through the router... then back to my workstation.. and make me live happily ever after.. Is it possible? I find the ssh tunneling with the -R option somewhat close to what I'm trying to accomplish. I've used the -R option in ssh'ing from the outside( public ip machine) to my office workstation(with private ip) through one of our publicly routable server machines) but I don't really think it has some relevance with what I would want to accomplish above. I need to update our private LAN workstations using CVSUP but I don't know how exactly will I do it. Any idea? Thanks Friend, You're the best!! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: CVSUP Routing question
Mark Jayson Alvarez wrote: Good day! Is it possible to tell cvsup to use another machine's global access in fetching the freebsd source updates?? Here's my office workstation setup: (private ip) (pri/pub ip) (all public) workstation router proxy server---internet mail server web server [...] I need to update our private LAN workstations using CVSUP but I don't know how exactly will I do it. Any idea? I run run my own cvsup ports mirror on a perimeter box, what would be your public web server. Hint: look into cvsupd All my internal machines cvsup off the perimeter machine, so the upstream cvsup provider is hit only once by me. IOW, their cvsup.ports files make reference to my box, not cvsup.foo.freebsd.org David ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Routing where can I ask a wirless routing question freebsd
Hello, In using FreeBsd 5.2.1-Release I am running into some trouble. I have successfully recompiled the kernel with support for atheros based wireless cards. I have also been able to setup the card into access point Hostap mode correctly. I have tried the bridging recommend in the FreeBSD wireless setup at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-wireless.html but was unsuccessful. I have configured the wireless adapter with it's own subnet of ip's one for the actual box and the rest client ip''. The subnet is not the same as the one on the wireless adapter. When I enable bridge mode as dicussed in the link above, I can ping the ip allocated to the ethernet adapter and the one allocated to the wireless adapter when wirelessly connected to the freebsd box, but when the bridging is disabled I can only ping the ip assigned to the wireless adapter in the machine when wirelessly connected. When I ssh to the box either with bridging on or off to the wireless ip on the machine I can ping google.com and other common web sites. I need help trying to route the adapted and client ip's to the internet. Dan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Routing question
Well the reason is that our dsl connections are limited to a max speed of 512K in this country. So I thought of splitting the load between two dsl lines. If the box is able to do that dynamically then great. My question is how? -Original Message- From: Ben Timby [mailto:[EMAIL PROTECTED] Sent: 11 June 2004 18:16 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Routing question Perhaps if you post more info, we can come up with creative solutions for you. My big question is why? AFAIK, you cannot have more than one default gateway, unless you are using netgraph to balance between network interfaces. However, you could NAT C D to their respective public interfaces. If E is a real IP, then the NATed traffic should flow to that interface. I would suggest using pf, as it is a most excellent firewall package. Here is the section of a PF guide regarding NAT. http://www.openbsd.org/faq/pf/nat.html Your rules would look like this (these are from memory, so sanity check them): -- #define your interfaces as macros: A = fxp0 B = fxp1 C = fxp2 D = fxp3 E = fxp4 #define your NAT translations using our macros: nat on $A from ($C:network) to any - $A nat on $B from ($D:network) to any - $B #define your filtering rules: ... -- However, you will find that route add will not allow multiple default routes. You must use another package to allow for that, or at least it is beyond my knowledge. Let me know if you figure it out, I would be very interested. Leon Botes wrote: I have a box with 5 nics. Cal them A,B,C,D,E. A B are different internet connections. E is a connection to a mail server on a public /29 C D are connections for 2 differnet client networks. Is it possible to have all traffic coming in via C sent to a default gateway on A's network and all traffic coming in via D sent to a default gateway on B's network. And secondly will both client networks be able to see the E/29? If so how? Thanks Leon ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Routing question
Greed the static route for E is best. But how do you add a route that applies only to connections coming into C or D Route add (if source from net C then use interface A) ?? Adding failover would be an even bigger bonus. -Original Message- From: Thompson, Jimi [mailto:[EMAIL PROTECTED] Sent: 11 June 2004 18:12 To: [EMAIL PROTECTED] Subject: RE: Routing question Leon, This is possible, but will require you to run static routes so that you can manually manage the connections. You should be able to set the routing metrics so that all your traffic from client D goes to B and if they want email, B will have to have the appropriate records to send them back to E, which is a remarkably BAD idea. Your better bet would be put in a static route with a lower routing metric than the Internet connection (say 2) from D to E for a specific IP/range so that they can get to the mail server without going out to the Internet to do so. Give the Internet connection a routing metric of 3. The same applies for C. This way, for the IP/range that you specify for the mail server(s), your email traffic from these guys will go straight to the mail server without traversing the Internet first. The next part depends on how you want to manage the Internet connections. Do you want Customer C to use D's Internet connection if Customer C's connection fails and vice versa? If so then you put a route in your routing table and give that a really high metric (like 90) from C to B and the same for D to A. Give their normal connection a really low metric (like 3) and their traffic will go out the preferred connection unless that connection fails or becomes really congested. If you don't want them to be able to use each other's connections EVER, just don't add a route for it at all. HTH, Jimi -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Leon Botes Sent: Friday, June 11, 2004 10:15 AM To: [EMAIL PROTECTED] Subject: Routing question I have a box with 5 nics. Cal them A,B,C,D,E. A B are different internet connections. E is a connection to a mail server on a public /29 C D are connections for 2 differnet client networks. Is it possible to have all traffic coming in via C sent to a default gateway on A's network and all traffic coming in via D sent to a default gateway on B's network. And secondly will both client networks be able to see the E/29? If so how? Thanks Leon ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Routing question
I have a box with 5 nics. Cal them A,B,C,D,E. A B are different internet connections. E is a connection to a mail server on a public /29 C D are connections for 2 differnet client networks. Is it possible to have all traffic coming in via C sent to a default gateway on A's network and all traffic coming in via D sent to a default gateway on B's network. And secondly will both client networks be able to see the E/29? If so how? Thanks Leon ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Routing question
Perhaps if you post more info, we can come up with creative solutions for you. My big question is why? AFAIK, you cannot have more than one default gateway, unless you are using netgraph to balance between network interfaces. However, you could NAT C D to their respective public interfaces. If E is a real IP, then the NATed traffic should flow to that interface. I would suggest using pf, as it is a most excellent firewall package. Here is the section of a PF guide regarding NAT. http://www.openbsd.org/faq/pf/nat.html Your rules would look like this (these are from memory, so sanity check them): -- #define your interfaces as macros: A = fxp0 B = fxp1 C = fxp2 D = fxp3 E = fxp4 #define your NAT translations using our macros: nat on $A from ($C:network) to any - $A nat on $B from ($D:network) to any - $B #define your filtering rules: ... -- However, you will find that route add will not allow multiple default routes. You must use another package to allow for that, or at least it is beyond my knowledge. Let me know if you figure it out, I would be very interested. Leon Botes wrote: I have a box with 5 nics. Cal them A,B,C,D,E. A B are different internet connections. E is a connection to a mail server on a public /29 C D are connections for 2 differnet client networks. Is it possible to have all traffic coming in via C sent to a default gateway on A's network and all traffic coming in via D sent to a default gateway on B's network. And secondly will both client networks be able to see the E/29? If so how? Thanks Leon ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: routing question
thank you On Sat, 5 Jun 2004, Eric Crist wrote: You need to kill all the running dhclient processes, then try again. Usually, this can be done with: #killall -9 dhclient HTH Eric F Crist President AdTech Integrated Systems, Inc (612) 998-3588 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, June 05, 2004 11:29 AM To: [EMAIL PROTECTED] Subject: routing question I am trying to configure a wireless router so I am redefining routes and IP address of my system. After booting dhclient ep0 works fine. After messing around with the wireless router I was just going back to my ethernet connection so I did: ifconfig ep0 192.168.0.3 remove arp -da route flush dhclient ep0 This returned immediatly without assigning an IP or route so I just connected manually using ifconfig and route. There must be something I did not clear out, but I can not figure it out. Thanks for any ideas. This is on 4.10 if that makes any difference. _ Douglas Denault http://www.safeport.com [EMAIL PROTECTED] Voice: 301-469-8766 Fax: 301-469-0601 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/free bsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] _ Douglas Denault http://www.safeport.com [EMAIL PROTECTED] Voice: 301-469-8766 Fax: 301-469-0601 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
routing question
I am trying to configure a wireless router so I am redefining routes and IP address of my system. After booting dhclient ep0 works fine. After messing around with the wireless router I was just going back to my ethernet connection so I did: ifconfig ep0 192.168.0.3 remove arp -da route flush dhclient ep0 This returned immediatly without assigning an IP or route so I just connected manually using ifconfig and route. There must be something I did not clear out, but I can not figure it out. Thanks for any ideas. This is on 4.10 if that makes any difference. _ Douglas Denault http://www.safeport.com [EMAIL PROTECTED] Voice: 301-469-8766 Fax: 301-469-0601 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: routing question
You need to kill all the running dhclient processes, then try again. Usually, this can be done with: #killall -9 dhclient HTH Eric F Crist President AdTech Integrated Systems, Inc (612) 998-3588 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, June 05, 2004 11:29 AM To: [EMAIL PROTECTED] Subject: routing question I am trying to configure a wireless router so I am redefining routes and IP address of my system. After booting dhclient ep0 works fine. After messing around with the wireless router I was just going back to my ethernet connection so I did: ifconfig ep0 192.168.0.3 remove arp -da route flush dhclient ep0 This returned immediatly without assigning an IP or route so I just connected manually using ifconfig and route. There must be something I did not clear out, but I can not figure it out. Thanks for any ideas. This is on 4.10 if that makes any difference. _ Douglas Denault http://www.safeport.com [EMAIL PROTECTED] Voice: 301-469-8766 Fax: 301-469-0601 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/free bsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Routing question -- Samba
I have a 4.9 box that's on a public IP and I want to configure Samba so it only accepts connections from the private network (192.168.1). My question is, can I do that with only 1 NIC card or do I have to add a second NIC for the private LAN? ---Marius ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Routing question -- Samba
You can do that within the smb.conf Use SWAT, advanced options, I think just for the share... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marius Kirschner Sent: Monday, 9 February 2004 12:40 To: [EMAIL PROTECTED] Subject: Routing question -- Samba I have a 4.9 box that's on a public IP and I want to configure Samba so it only accepts connections from the private network (192.168.1). My question is, can I do that with only 1 NIC card or do I have to add a second NIC for the private LAN? ---Marius ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Routing question -- Samba
Look in the Samba config for the following setting, it is IP based so you should be OK with what you want. # This option is important for security. It allows you to restrict hosts allow = 192.168.1. 127. HTH, Jay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marius Kirschner Sent: Monday, February 09, 2004 3:40 PM To: [EMAIL PROTECTED] Subject: Routing question -- Samba I have a 4.9 box that's on a public IP and I want to configure Samba so it only accepts connections from the private network (192.168.1). My question is, can I do that with only 1 NIC card or do I have to add a second NIC for the private LAN? ---Marius ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Routing question -- Samba
On Mon, Feb 09, 2004 at 03:40:04PM -0500, Marius Kirschner wrote: I have a 4.9 box that's on a public IP and I want to configure Samba so it only accepts connections from the private network (192.168.1). My question is, can I do that with only 1 NIC card or do I have to add a second NIC for the private LAN? You can do make samba accept only on the 192.168.1.0/24 network by specifying the hosts allow directive on smb.conf. However, if you have the public IP and private network on the same NIC, people can spoof your `private' network and get onto your box. -- Jonathan Chen [EMAIL PROTECTED] -- Experience is a hard teacher because she gives the test first, the lesson afterwards ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
routing question
Hello everybody :) I have a routing question and was wondering if FreeBSD was able to do this. I have 2 ISPs (so 2 connections). Can I use only one FreeBSD box as a gateway to: - route LAN -- INTERNET (using connection 1) - route DMZ -- INTERNET (using connection 2) - route LAN -- DMZ (simple routing through the gateway) The gateway would have either one of the 2 connections as default gateway. I do not need any kind of load-balance nor failover for now, just routing. Thanks in advance. Regards, Antoine ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPSEC Tunnel Routing question
Hello Tom, So I assume by working you mean that the two computers can ping one another? If so, simply set the computer in Builing B to have a default route to the IP of the computer in Building A: [Building B]# route add default 10.0.0.1 Where 10.0.0.1 is the IP of the computer in Building A. Also, ensure that any firewall in A allows traffic from Building B to flow in and out router etc. HTH. Matthew Faircliff On Thu, Dec 04, 2003 at 06:50:08PM -0500, Tom Thompson wrote: Date: Thu, 4 Dec 2003 18:50:08 -0500 From: Tom Thompson [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Mailer: IMail v8.04 Subject: IPSEC Tunnel Routing question I would like to route all traffic over a gif/ipsec tunnel I have the following situation Existing internet connection in building A Building to building wireless(between building A and Building B) To secure the traffic going across the wireless I would like to run an ipsec tunnel between freebsd 5.1 based machines sitting at Building A and Building B. I have the tunnels up and running but I am experiencing a problem with routing. Building B does not have an internet connection so it needs to use the internet connection at Building A. To lay it out in more details Router at building A connections to the internet FreeBSD 5.1 machine at Building A connects to router and to wireless bridges FreeBSD 5.1 machine at Building B connects to Wireless bridges and internal network What do I need to do you get traffic to flow from Building B to Building A and out A's internet connection? I have tried setting building B defaultrouter to building A internal address(other side of GIF tunnel) Thanks Tom ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPSEC Tunnel Routing question
I think I figured out the problem but am unsure how to fix it To recap my situation is as follows Internet connection located in Building A(independent of BSD boxes) FreeBSD 5.1 machine located at Building A FreeBSD 5.1 machine located at Building B Building-To-Building wireless between building A and Building B Goal All traffic NOT destined for the local area lan at Building B should go thru a VPN tunnel over the wireless link to building A and out its internet connection. The problem Building B's BSD box does not know to encrypt traffic to the internet and send it thru the vpn. My ipsec.conf has spdadd building B/subnet building A/subnet any -P out ipsec and the reverse The traffic to the internet is not sent over the VPN so it goes nowere I have tried spdadd building a/subnet 0.0.0.0/0 any -P out ipsec and the reverse Now all traffic is encrypted EVEN traffic destined for the LAN Anyone have any suggestions Thanks Tom ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]