twig les wrote:
Hey all, I have a 4.7 release box that needs to cvsup
its ports. The problem is that this box never sees
the outside world normally; it does IDS on an IP-less
interface and of course has a backnet interface. So
basically I added a temporary IP address to this box,
edited my /etc/cvsupfile to use the IP address of the
cvs server (to avoid dealing with DNS), added a few
lines in IPFW and then used the route command to force
packets out the correct interface.
The problem is that packets destined for the legal
gateway (I'll call it 1.1.1.1) are still going out the
backnet interface. So if I ping 1.1.1.1, I can sit
and watch access-list denies show up as the backnet
interface tries to ping an IP that isn't even
reachable. The fact that these pings are getting out
tells me that IPFW isn't the problem and that the
route table is screwed up.
Please chime in if anyone has an answer, all I need to
do is add a static route temporarily.
My config looks like this below. As you may notice, I
even tried adding a route to 1.1.1.1 out the specific
interface route -n add 1.1.1.1/26 -interface ti0.
mas01# netstat -rn
Routing tables
Internet:
DestinationGatewayFlagsRefs Use Netif Expire
default10.20.0.1 UGSc7 56 fxp0
10.20/25 link#1 UC 20 fxp0
10.20.0.1 00:00:0c:07:ac:60 UHLW54 fxp0 1196
10.20.0.14 00:60:ab:03:7d:2f UHLW00 fxp0938
1.1.1.1/32 00:00:00:00:00:00 ULSc0 12ti0
1.1.1.1/26 link#2 UC 00ti0
127.0.0.1 127.0.0.1 UH 0 604lo0
165.64.255/24 1.1.1.1UGSc00 fxp0
208.185.175.214/32 1.1.1.1UGSc10 fxp0
Ouch ... please configure your mailer so it doesn't wrap
netstat -rn output. I feel like I'm decyphering a secret
code.
I'm a little confused by your explanation. I thought 1.1.1.1
was the IP of the gateway you want to use? My suggestion might
be bogus, since I'm not 100% sure I understand, but try this:
ifconfig ti0 inet 1.1.1.1 netmask 255.255.255.0
Set the IP address on the gateway to 1.1.1.2
route delete default
route add default 1.1.1.2
If you really want 10.20.0.1 to be your default route, add it
back in after the cvsup is done:
route delete default
route add default 10.20.0.1
Note that this might disrupt services not on the local network
during the cvsup, so it might not be the solution you really
want. But if it works, you'll be one step closer to a real
solution.
Do you have additional machines off fxp0 that this machine
needs to go through a gateway to access?
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
