Re: Connecting networks
Hi guyz, I'd like to thank all of you. I somehow find the error, there're three errors actually, first, the machine in 192.168.1 network was not using my bsd box as gateway (duh! Thankz Ian), second, I had a error in rc.conf, it had a letter where it was not supposed to have, and third, the pf was blocking everything even with it's config saying it to pass all, and then I'm gonna create another topic about this issue, once the other two are resolved.Thankz again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connecting networks
2007/12/12, Ian Smith [EMAIL PROTECTED]: Should be 'defaultrouter', but then it's a route to an apparent local router, whereas your em0 appears to be your public internet connection? Yes, it's default router, like I said I was not in my work then I wrote by myself this lines, like I didn't touch the defaultrouter line since the install I guess it's correct, my fault. Yes, em0 is my public connection, but it's not connected to the external network yet, that's why my default router is 192.168.1.80 (that is my current gateway, connected with the external world, and who I want to be replaced by this BSD box) Hopefully you've just mis-remembered that netmask: it's non-contiguous. .224 perhaps? My fault again. I messed up /27 with .224. I think this is at the core or your issue. Let's assume that a box on xl1, say 192.168.2.100, wants to talk with a box on xl2, say 10.10.0.100 192.168.2.100 needs either your box (192.168.2.90) as its default route, or it needs to have added a specific route for 10.10 via your box. Similarly, 10.10.0.100 needs either your box (10.10.0.50) as its default route, or it needs to have added a specific route for 192.168.2 via you. Unless both of these conditions are true, packets will not get (or get back) to where they're supposed to go, even if your box setup is all ok. The The machines is 192.168.1 aren't using my BSD box like it's default gateway it, so it may be the problem? But, like I've said, this is the second time I try to put the things to work, the first time I've set the 192.168.1 machines to use my bsd as default gatway and didn't work also. But I gonna change it to test again. My machines in 192.168.2 are all using 192.168.2.90 as it gateway already. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connecting networks
On Wed, 12 Dec 2007, Alaor Barroso de Carvalho Neto wrote: 2007/12/12, Ian Smith [EMAIL PROTECTED]: Should be 'defaultrouter', but then it's a route to an apparent local router, whereas your em0 appears to be your public internet connection? Yes, it's default router, like I said I was not in my work then I wrote by myself this lines, like I didn't touch the defaultrouter line since the install I guess it's correct, my fault. Yes, em0 is my public connection, but it's not connected to the external network yet, that's why my default router is 192.168.1.80 (that is my current gateway, connected with the external world, and who I want to be replaced by this BSD box) Ok. Will this box be connecting some/all of these subnets to the world? I think this is at the core or your issue. Let's assume that a box on xl1, say 192.168.2.100, wants to talk with a box on xl2, say 10.10.0.100 192.168.2.100 needs either your box (192.168.2.90) as its default route, or it needs to have added a specific route for 10.10 via your box. Similarly, 10.10.0.100 needs either your box (10.10.0.50) as its default route, or it needs to have added a specific route for 192.168.2 via you. Unless both of these conditions are true, packets will not get (or get back) to where they're supposed to go, even if your box setup is all ok. The The machines is 192.168.1 aren't using my BSD box like it's default gateway it, so it may be the problem? But, like I've said, this is the second time I try to put the things to work, the first time I've set the 192.168.1 machines to use my bsd as default gatway and didn't work also. But I gonna change it to test again. My machines in 192.168.2 are all using 192.168.2.90 as it gateway already. Well, as above. In your scenario all of the boxes in each of your 3 local subnets will have to route packets for the other 2 subnets via your box's address in that subnet, either as their default route or by adding specific routes for each of the 'foreign' subnets via your box. Tricky unless you have admin control of all boxes' routing, especially in an 'anything that can happen will happen' environment like a campus, unless this box is going to be the default route for all subnets anyway? cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connecting networks
Alaor Barroso de Carvalho Neto [EMAIL PROTECTED] wrote: Hi guyz, it's me again. I think I don't know what I'm doing, so I ask for help. I have three private networks(192.168.1, 10.10.0, 192.168.2) and a link to the external world 200.212.X, what I want to do is that my FreeBSD connect all the networks to the external world and the 192.168.1 to the 10.10.0, so a machine in 192.168.1 would ping to a machine in 10.10.0. I have a brand new copy of freebsd in my machine, I just configured the four interfaces in rc.conf, that's all I did. gateway_enable is set to true. The interfaces are connected to each network. What's the next step? Atenciosamente, Alaor Neto CEFET Campos/UNED Macaé Coordenação de Tecnologia da Informação (22) 9217-3198 / (22) 2773-6530 ramal 2035 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hello Barroso, If you dont know what you are doing perhaps you should read documentation for ipf, ipfw and pf firewalls to understand which is best suited in your environment: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html After that you should try to configure your own rules like in configuration examples. If still not working then let us know. BR, Catalin - Never miss a thing. Make Yahoo your homepage. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connecting networks
On Tuesday 11 December 2007 15:29:29 Alaor Barroso de Carvalho Neto wrote: Hi guyz, it's me again. I think I don't know what I'm doing, so I ask for help. I have three private networks(192.168.1, 10.10.0, 192.168.2) and a link to the external world 200.212.X, what I want to do is that my FreeBSD connect all the networks to the external world and the 192.168.1 to the 10.10.0, so a machine in 192.168.1 would ping to a machine in 10.10.0. I have a brand new copy of freebsd in my machine, I just configured the four interfaces in rc.conf, that's all I did. gateway_enable is set to true. The interfaces are connected to each network. What's the next step? It should be OK. Did you do /etc/rc.d/netif restart /etc/rc.d/routing restart? Keep in mind that the private networks are for private use. And that the next hop router(the one thats connects to the internet) will probably drop the packets on the floor, if configured correctly? Your wording was not very clear on the private network subject, so I am clarifying a bit. You do not mention NAT or some other mechanism that will allow you IP communication with other hosts external to your network. Please post more info... Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connecting networks
Guyz, that's my doubt, if I have two separated networks, and a freebsd connected in the two of them, I'm supposed to be able to ping to a machine in 10.10.0 network from a machine in 192.168.1 network, for example, byonly setting gateway_enable=YES? I know private networks are for private use, but I have to connect one of my private networks to the private network of other school because they share their database with us. (they are 10.10.0, we're 192.168.1). All I want is that when I ping from a machine in 192.168.1 to a machine in 10.10.0 it work. That's all I need. Sorry my bad english. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Connecting networks
Hello Alaor: Guyz, that's my doubt, if I have two separated networks, and a freebsd connected in the two of them, I'm supposed to be able to ping to a machine in 10.10.0 network from a machine in 192.168.1 network, for example, byonly setting gateway_enable=YES? I know private networks are for private use, but I have to connect one of my private networks to the private network of other school because they share their database with us. (they are 10.10.0, we're 192.168.1). All I want is that when I ping from a machine in 192.168.1 to a machine in 10.10.0 it work. That's all I need. Sorry my bad english. It sounds like you are wanting a router to function between two different subnets. Take a reading under 29.2.5 at this link: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routin g.html Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connecting networks
2007/12/11, Chris Haulmark [EMAIL PROTECTED]: It sounds like you are wanting a router to function between two different subnets. Take a reading under 29.2.5 at this link: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routin g.html Chris Yes Chris, but I already have the routes, when I do netstat -r they are there but I still unable to ping from one network to another. I did read this section in the handbook but it's not working. I'll paste my netstat -r output in a while. Alaor ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connecting networks
Guyz, here's my netstat-r output: Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.80 UGS 0 4 xl0 10.10/16 link#4 UC 0 0 xl2 localhost localhost UH 0 0 lo0 192.168.1 link#2 UC 0 0 xl0 zion.administrativ 00:00:54:19:e7:9a UHLW 1 16 xl0 1151 192.168.1.80 00:0e:a6:60:cb:24 UHLW 2 0 xl0 904 192.168.2 link#3 UC 0 0 xl1 192.168.2.2 00:e0:7d:07:8c:cd UHLW 1 6 xl1 1143 200.252.164 link#1 UC 0 0 em0 Internet6: ... I have 4 network cards, em0 is connected to the external world (not yet), the xl0 is connected to my private network 192.168.1 with the ip 192.168.1.244, the xl1 is connectedto another private network 192.168.2 with the ip 192.168.2.90 and the xl3 is connected to other school network 10.10.0with the ip 10.10.0.50, what I want know is that a machine A in network 192.168.2, with a ip, for example 192.168.2.2, could ping to a machine B in the network 192.168.1, with the ip, for example, 192.168.1.10. And it's not working. My pf firewall just pass all. In rc.conf I just set gateway_enable=YES and configured the networks interfaces. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connecting networks
Alaor Barroso de Carvalho Neto wrote: Guyz, here's my netstat-r output: Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.80 UGS 0 4 xl0 10.10/16 link#4 UC 0 0 xl2 localhost localhost UH 0 0 lo0 192.168.1 link#2 UC 0 0 xl0 zion.administrativ 00:00:54:19:e7:9a UHLW 1 16 xl0 1151 192.168.1.80 00:0e:a6:60:cb:24 UHLW 2 0 xl0 904 192.168.2 link#3 UC 0 0 xl1 192.168.2.2 00:e0:7d:07:8c:cd UHLW 1 6 xl1 1143 200.252.164 link#1 UC 0 0 em0 Internet6: ... I have 4 network cards, em0 is connected to the external world (not yet), the xl0 is connected to my private network 192.168.1 with the ip 192.168.1.244, the xl1 is connectedto another private network 192.168.2 with the ip 192.168.2.90 and the xl3 is connected to other school network 10.10.0with the ip 10.10.0.50, what I want know is that a machine A in network 192.168.2, with a ip, for example 192.168.2.2, could ping to a machine B in the network 192.168.1, with the ip, for example, 192.168.1.10. And it's not working. My pf firewall just pass all. In rc.conf I just set gateway_enable=YES and configured the networks interfaces. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] out of curiosity, are you pinging from the 4-interfaced-connected BSD box, or some other workstation that is trying to use the BSD box as its gateway? -- Jonathan Horne http://dfwlpiki.dfwlp.org [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connecting networks
Alaor Barroso de Carvalho Neto wrote: Yes Chris, but I already have the routes, when I do netstat -r they are there but I still unable to ping from one network to another. I did read this section in the handbook but it's not working. I'll paste my netstat -r output in a while. Could you post your configuration, rc.conf, just the entries related to network interfaces and routing? The BSD box should automatically route any packets between imidiately connected networks without adding any static routes. Do you have any firewalling enabled? Cheers, Erik -- Erik Nørgaard Ph: +34.666334818 http://www.locolomo.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connecting networks
Add gateway_enable=YES to /etc/rc.conf. Make sure your other systems use the freebsd box in question as their default route. make sure your firewall, if you have one, is passing the traffic between the two networks. Use pf or some other means to nat outbound traffic. HTH On Dec 11, 2007, at 7:29 AM, Alaor Barroso de Carvalho Neto wrote: Hi guyz, it's me again. I think I don't know what I'm doing, so I ask for help. I have three private networks(192.168.1, 10.10.0, 192.168.2) and a link to the external world 200.212.X, what I want to do is that my FreeBSD connect all the networks to the external world and the 192.168.1 to the 10.10.0, so a machine in 192.168.1 would ping to a machine in 10.10.0. I have a brand new copy of freebsd in my machine, I just configured the four interfaces in rc.conf, that's all I did. gateway_enable is set to true. The interfaces are connected to each network. What's the next step? Atenciosamente, Alaor Neto CEFET Campos/UNED Macaé Coordenação de Tecnologia da Informação (22) 9217-3198 / (22) 2773-6530 ramal 2035 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connecting networks
2007/12/11, Jonathan Horne [EMAIL PROTECTED]: out of curiosity, are you pinging from the 4-interfaced-connected BSD box, or some other workstation that is trying to use the BSD box as its gateway? From a workstation that is trying to use BSD box as its gateway and have the ip of the BSD box as it's default gateway in network settings. My BSD box can ping to everywhere. 2007/12/11, Erik Norgaard [EMAIL PROTECTED] Could you post your configuration, rc.conf, just the entries related to network interfaces and routing? The BSD box should automatically route any packets between imidiately connected networks without adding any static routes. Do you have any firewalling enabled? Cheers, Erik I'm not in my work anymore but I'll try to remember it as it is: defaultroute=192.168.1.80 hostname=tiger.administrativo.unedmacae.cefetcampos.br gateway_enable=YES ifconfig_em0=inet XXX.XXX.XXX.XXX netmask 255.255.255.227 ifconfig_xl0=inet 192.168.1.244 netmask 255.255.255.0 ifconfig_xl1=inet 192.168.2.90 netmask 255.255.255.0 ifconfig_xl2=inet 10.10.0.50 netmask 255.255.0.0 pf_enable=YES pf_rules=/etc/pf.conf pf_flags= pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= The rest is just is all the default from the installation. 2007/12/11, Eric Crist [EMAIL PROTECTED] Add gateway_enable=YES to /etc/rc.conf. Make sure your other systems use the freebsd box in question as their default route. make sure your firewall, if you have one, is passing the traffic between the two networks. Use pf or some other means to nat outbound traffic. HTH I already have this line in my rc.conf. 2007/12/11, Trix Farrar [EMAIL PROTECTED]: It sounds like your BSD server is configured correctly. You may, however, need to tell the other devices on your different networks how to find their way. Given that you have networks A, B and C that are each connected to each other by your BSD server, F, the hosts on network A have to know how to find network B and network C. If the three networks already have routers the hosts use as a default gateway, then those routers will need to have routes added to find your other networks; the network A router needs to have routes to networks B and C that point to your BSD server and so on. How I do that? Thankz guyz for your attention with me! I'm going to have nightmares with this trouble. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connecting networks
Alaor Barroso de Carvalho Neto wrote: defaultroute=192.168.1.80 hostname=tiger.administrativo.unedmacae.cefetcampos.br gateway_enable=YES ifconfig_em0=inet XXX.XXX.XXX.XXX netmask 255.255.255.227 ifconfig_xl0=inet 192.168.1.244 netmask 255.255.255.0 ifconfig_xl1=inet 192.168.2.90 netmask 255.255.255.0 ifconfig_xl2=inet 10.10.0.50 netmask 255.255.0.0 pf_enable=YES pf_rules=/etc/pf.conf pf_flags= pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= Thankz guyz for your attention with me! I'm going to have nightmares with this trouble. Summing up, your local networks should be able to communicate accross the BSD box once you have gateway_enable=YES, you do not need NAT for that to work. If it doesn't work, then your firewall may be blocking. For access to the Internet from any of the local networks you need to configure NAT. If you need help with that you need to post your pf ruleset. Everything else seems correct. Cheers, Erik -- Erik Nørgaard Ph: +34.666334818 http://www.locolomo.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connecting networks
2007/12/11, Erik Norgaard [EMAIL PROTECTED]: Summing up, your local networks should be able to communicate accross the BSD box once you have gateway_enable=YES, you do not need NAT for that to work. If it doesn't work, then your firewall may be blocking. For access to the Internet from any of the local networks you need to configure NAT. If you need help with that you need to post your pf ruleset. Everything else seems correct. Cheers, Erik My pf just pass everything, my pfctl -sr: pass in all pass out all It's the second time I install this machine, configure everything just like the handbook and it doesn't work. You can call me crazy but I'm starting to think it can be related with the CD I used to install it, it's a freebsd 6.2but it's burned in a CD-RW. I don't trust that much in CD-RW integrity. Is it crazyness? I don't know what else to think. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connecting networks
Re-copying the various contributors .. On Tue, 11 Dec 2007 20:00:56 -0200 Alaor Barroso de Carvalho Neto [EMAIL PROTECTED] wrote: 2007/12/11, Jonathan Horne [EMAIL PROTECTED]: out of curiosity, are you pinging from the 4-interfaced-connected BSD box, or some other workstation that is trying to use the BSD box as its gateway? From a workstation that is trying to use BSD box as its gateway and have the ip of the BSD box as it's default gateway in network settings. My BSD box can ping to everywhere. 2007/12/11, Erik Norgaard [EMAIL PROTECTED] Could you post your configuration, rc.conf, just the entries related to network interfaces and routing? The BSD box should automatically route any packets between imidiately connected networks without adding any static routes. Do you have any firewalling enabled? Cheers, Erik I'm not in my work anymore but I'll try to remember it as it is: defaultroute=192.168.1.80 Should be 'defaultrouter', but then it's a route to an apparent local router, whereas your em0 appears to be your public internet connection? hostname=tiger.administrativo.unedmacae.cefetcampos.br gateway_enable=YES ifconfig_em0=inet XXX.XXX.XXX.XXX netmask 255.255.255.227 Hopefully you've just mis-remembered that netmask: it's non-contiguous. .224 perhaps? ifconfig_xl0=inet 192.168.1.244 netmask 255.255.255.0 ifconfig_xl1=inet 192.168.2.90 netmask 255.255.255.0 ifconfig_xl2=inet 10.10.0.50 netmask 255.255.0.0 pf_enable=YES pf_rules=/etc/pf.conf pf_flags= pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= Let's assume you've disabled your firewall to take that out of the equation till you get the routing happening as desired .. The rest is just is all the default from the installation. 2007/12/11, Eric Crist [EMAIL PROTECTED] Add gateway_enable=YES to /etc/rc.conf. Make sure your other systems use the freebsd box in question as their default route. I suspect this may be (one of?) your problem(s); more below. make sure your firewall, if you have one, is passing the traffic between the two networks. Use pf or some other means to nat outbound traffic. HTH Let's also assume you're not (on this box) trying to NAT one or more of these multiple private networks to public IP address(es) .. I already have this line in my rc.conf. 2007/12/11, Trix Farrar [EMAIL PROTECTED]: It sounds like your BSD server is configured correctly. You may, however, need to tell the other devices on your different networks how to find their way. Given that you have networks A, B and C that are each connected to each other by your BSD server, F, the hosts on network A have to know how to find network B and network C. If the three networks already have routers the hosts use as a default gateway, then those routers will need to have routes added to find your other networks; the network A router needs to have routes to networks B and C that point to your BSD server and so on. How I do that? I think this is at the core or your issue. Let's assume that a box on xl1, say 192.168.2.100, wants to talk with a box on xl2, say 10.10.0.100 192.168.2.100 needs either your box (192.168.2.90) as its default route, or it needs to have added a specific route for 10.10 via your box. Similarly, 10.10.0.100 needs either your box (10.10.0.50) as its default route, or it needs to have added a specific route for 192.168.2 via you. Unless both of these conditions are true, packets will not get (or get back) to where they're supposed to go, even if your box setup is all ok. Thankz guyz for your attention with me! I'm going to have nightmares with this trouble. Sounds like you need a very good diagram of your boxes and networks and interfaces so you can easily trace all the paths (and thus the necessary routes) between the various subnets you're wanting to interconnect. You also need to look carefully at which boxes/nets have routes to the internet, via wherever (and at what point their addresses are NAT'd to and from which public addresses), so you can hope to resolve the vast potential for routing loops and/or blackholed connections that such a setup offers :) Later on, your firewall may be able to help with this by at least preventing disallowed connections, but the above needs to work first. cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
