Re: Routed and netmask...
On Saturday 03 February 2007 22:08, Thiago Esteves de Oliveira wrote: > Hi, > > I'm using "FreeBSD 6.2 Stable" with routed to connect networks(gateway) > > >THE INTERNET > | > | > > | eee.eee.eee.0/26 | > > | > | >eee.eee.eee.11/26 >ROUTER >iii.iii.iii.1 > | > | > > | iii.iii.iii.0/24 | "My Network" > > > > The problem... > > The system is routing, but only to iii.iii.iii.0/26 . > > Look... my rc.conf > > ifconfig_em0="inet iii.iii.iii.1 netmask 255.255.255.0" > ifconfig_sk0="inet eee.eee.eee.11 netmask 255.255.255.192" > > defaultrouter="eee.eee.eee.1" > router_enable="YES" > router_flags="-s" > gateway_enable="YES" > router="/sbin/routed" > routed uses by default ripv1, which is clasful. That means that your net/26 surely won't work. I doubt your other_net/24 is a C class network, (from 192.0.0.0/24 to 223.255.255.0/24). Use explicitly ripv2("-P ripv2") and see what's going on. You can use rtquery to query routed. Check the neighbour routeds as well. Be sure to check the in-kernel routing table using "netstat -r". Hope this helps, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Routed and netmask...
> The top interface address is wrong. It cant be eee.eee.eee.11 with /26 > mask. > The lowest address with this mask is 193. Ops... I'm wrong here ofcourse... The address is correct ;] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Routed and netmask...
If eee.eee.eee.0/26 is a separate network (wich i guess it is) there needs to be a routing device there too. How can a packet find its way to the internet? The router sees only eee.eee.eee.o network on its port (not mentioning the iii.iii.iii.0 network from wich the packet travels) It is also possible that im missing something. Your network visualization is kinda weird... The top interface address is wrong. It cant be eee.eee.eee.11 with /26 mask. The lowest address with this mask is 193. What actually is this eee network? How did you connect your eee network to the internet? For me it makes little sense... Sorry if im wrong. Please explain more! Cheers, greg > Hi, > > I'm using "FreeBSD 6.2 Stable" with routed to connect > networks(gateway) > > >THE INTERNET > | > | > > | eee.eee.eee.0/26 | > > | > | >eee.eee.eee.11/26 >ROUTER >iii.iii.iii.1 > | > | > > | iii.iii.iii.0/24 | "My Network" > > > > The problem... > > The system is routing, but only to iii.iii.iii.0/26 . > > Look... my rc.conf > > ifconfig_em0="inet iii.iii.iii.1 netmask 255.255.255.0" > ifconfig_sk0="inet eee.eee.eee.11 netmask 255.255.255.192" > > defaultrouter="eee.eee.eee.1" > router_enable="YES" > router_flags="-s" > gateway_enable="YES" > router="/sbin/routed" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: routed vpn between two freebsd machines
10.8.0.1 is your servers IP! According to the manpage the parameter "server 10.8.0.0 255.255.255.0" sets therouter to 10.8.0.1. Why do you push a route to 192.168.2.0/24 ??? Do you have such a subnet? Greetz, Ice dave schrieb: Hello, My apologies if this is a repost i didn't see it go through. I'm trying to set up a routed vpn between two freebsd 5.4 machines. Currently they're on the same physical subnet, 192.168.0.x to make testing easier and for vpn they're using 10.8.0.x. My first problem, although both server and client start, i can only ping the client's ip address 10.8.0.6, not the server's of 10.8.0.5, and an IP of 10.8.0.1 is also showing up. Eventually i'd like to add windows boxes accessing the vpn via samba and remote clients from beyound the firewall, but i'd like to know if my basic configuration looks good. Any help appreciated. Thanks. Dave. client: openvpn.conf: client dev tun proto udp remote 192.168.0.3 1194 resolv-retry infinite nobind user nobody group nobody persist-key persist-tun mute-replay-warnings ca keys/ca.crt cert keys/client1.crt key keys/client1.key ns-cert-type server tls-auth keys/ta.key 1 comp-lzo status openvpn-status.log log openvpn.log verb 3 mute 20 server: openvpn.conf: local 192.168.0.3 port 1194 proto udp dev tun ca keys/ca.crt cert keys/vpn.crt dh keys/dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 192.168.2.0 255.255.255.0" client-to-client keepalive 10 120 comp-lzo max-clients 100 user nobody group nobody persist-key persist-tun status openvpn-status.log log openvpn.log verb 3 mute 20 server: OpenVPN CLIENT LIST Updated,Fri Sep 16 11:09:42 2005 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since client1,192.168.0.4:53537,75321,75571,Fri Sep 16 08:18:50 2005 ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref 10.8.0.6,client1,192.168.0.4:53537,Fri Sep 16 10:34:37 2005 GLOBAL STATS Max bcast/mcast queue length,0 END server: Fri Sep 16 00:10:50 2005 OpenVPN 2.0.2 i386-portbld-freebsd5.4 [SSL] [LZO] built on Aug 30 2005 Fri Sep 16 00:10:50 2005 Diffie-Hellman initialized with 2048 bit key Fri Sep 16 00:10:50 2005 Control Channel Authentication: using 'keys/ta.key' as a OpenVPN static key file Fri Sep 16 00:10:50 2005 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Sep 16 00:10:50 2005 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Sep 16 00:10:50 2005 TLS-Auth MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ] Fri Sep 16 00:10:50 2005 gw 192.168.0.254 Fri Sep 16 00:10:50 2005 TUN/TAP device /dev/tun0 opened Fri Sep 16 00:10:50 2005 /sbin/ifconfig tun0 10.8.0.1 10.8.0.2 mtu 1500 netmask 255.255.255.255 up Fri Sep 16 00:10:50 2005 /sbin/route add -net 10.8.0.0 10.8.0.2 255.255.255.0 add net 10.8.0.0: gateway 10.8.0.2 Fri Sep 16 00:10:50 2005 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Fri Sep 16 00:10:50 2005 GID set to nobody Fri Sep 16 00:10:50 2005 UID set to nobody Fri Sep 16 00:10:50 2005 UDPv4 link local (bound): 192.168.0.3:1194 Fri Sep 16 00:10:50 2005 UDPv4 link remote: [undef] Fri Sep 16 00:10:50 2005 MULTI: multi_init called, r=256 v=256 Fri Sep 16 00:10:50 2005 IFCONFIG POOL: base=10.8.0.4 size=62 Fri Sep 16 00:10:50 2005 IFCONFIG POOL LIST Fri Sep 16 00:10:50 2005 Initialization Sequence Completed Fri Sep 16 08:18:50 2005 MULTI: multi_create_instance called Fri Sep 16 08:18:50 2005 192.168.0.4:53537 Re-using SSL/TLS context Fri Sep 16 08:18:50 2005 192.168.0.4:53537 LZO compression initialized Fri Sep 16 08:18:50 2005 192.168.0.4:53537 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ] Fri Sep 16 08:18:50 2005 192.168.0.4:53537 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Fri Sep 16 08:18:50 2005 192.168.0.4:53537 Local Options hash (VER=V4): '14168603' Fri Sep 16 08:18:50 2005 192.168.0.4:53537 Expected Remote Options hash (VER=V4): '504e774e' Fri Sep 16 08:18:50 2005 192.168.0.4:53537 TLS: Initial packet from 192.168.0.4:53537, sid=c06f4d68 1e59a37e Fri Sep 16 08:18:51 2005 192.168.0.4:53537 VERIFY OK: depth=1, /C=US/ST=OH/L=ENGLEWOOD/O=davemehler.com_OpenVPN/CN=OpenVPN-CA/emailAddress= [EMAIL PROTECTED] Fri Sep 16 08:18:51 2005 192.168.0.4:53537 VERIFY OK: depth=0, /C=US/ST=OH/O=davemehler.com_OpenVPN/CN=client1/[EMAIL PROTECTED] ehler.com Fri Sep 16 08:18:51 2005 192.168.0.4:53537 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Fri Sep 16 08:18:51 2005 192.168.0.4:53537 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Sep 16 08:18:51 2005 192.168.0.4:53537 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Fri Sep 16 08:18:51 2005 192.168.0.4:53537 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Sep 16 08:18:51 2005 192.168.0.4:53537 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RS
Re: routed daemon
Jim Pazarena <[EMAIL PROTECTED]> writes: > Can the routed daemon co-exist with a CISCO router which, by default, > also responds to routing requests? > > The reason I ask, is that I accidentally installed routed, and it > was running, and my whole network came to a grinding halt, until > I de-activated routed. I had not set up *any* configuration file > or anything other than installing the port (by accident). > > So did this halt my system because I had no configuration file, or > because routed cannot co-exist with (in this case) my telco provided > CISCO gateway router? Certainly they *can* co-exist, but in your case there is no reason for them to do so. Your routed doesn't know about any routes that the Cisco doesn't. This is also (most likely) where the problem came from; your routed was probably advertising routes that went through the Cisco, causing the Cisco to pick up those routes through the FreeBSD box, causing a routing loop. In ordinary routing situations, "split horizon" would keep this from happening, but because the default route was configured statically, routed couldn't detect this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: routed(8)
Try to put two lines in /etc/gateways if=fxp2 passive if=fxp3 passive Cheers Tom > Is it possible to have routed(8) ignore certain ethernet interfaces. > > For example, on a device with fxp[0-3], I only need routed to > interact with fxp[0-1], and to ignore the existence of fxp[2-3]. > > TIA, > rip > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: routed
On Mon, 15 Dec 2003 16:33:20 -0800 (PST) Valerian Galeru <[EMAIL PROTECTED]> wrote: > I want to understand about these routing tables I > run route flush (to remove all routes, gateways...). > Yes, all the routes are deleted(i try a web browser > and i get an error), but when i run netstat -r, i > dont see that. When i want to get again the routing > table, i run routed (probably this is what i need for > regetting the routing table) and when i try a web page > on the web browser, it shows me the same eror as in > the case of the deleted routing table. Probably i did > something wrong... Dou you have a default geteway in your rc.conf ? > Thank you very much or support Contrar to popular belive routed(8) is not necesary when running a standalone computer or event a simple gateway. I've spent half a day arging with a fren on that, just to dicover to our both amusament the cables where plugged each in the other nic ;) Try disable the routed_enable line in /etc/rc.conf or change it to "NO", reboot and you should have netwotk connnection, provided that you have a defaultrouter="xxx.xxx.xxx.xxx" in the above file. Routed(8) use RIP - Route Information Protocol, an interior gateway protocol, which is suitable to use on small networks, which it uses to get routing table from neghbour routers in order to build up a routing table. When you flush the routes you delete the defaul route seted in rc.conf so your system does not know where to send packets for network other that those directly connected. Example: Normal operation, without routed (I don't paste ipv6): it>/home/itetcu# netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.0.1UGSc50rl0 127.0.0.1 127.0.0.1 UH 04lo0 192.168.0 link#1 UC 10rl0 192.168.0.100:e0:4c:55:c3:13 UHLW6 56rl0 it>/home/itetcu# route flush it>/home/itetcu# netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire 127.0.0.1 127.0.0.1 UH 04lo0 192.168.0 link#1 UC 10rl0 192.168.0.100:e0:4c:55:c3:13 UHLW0 190rl0 1030 The deaflault route has gonw away, the directly connected networks are still present. it>/home/itetcu# ping www.freebsd.org PING www.freebsd.org (216.136.204.117): 56 data bytes ping: sendto: No route to host ping: sendto: No route to host ^C Note that www.freebsd.org resolves on 216.136.204.177 becouse I have a name server on 192.168.0.1 which is on a directly connected network: it>/home/itetcu# route get 192.168.0.1 route to: 192.168.0.1 destination: 192.168.0.1 interface: rl0 flags: recvpipe sendpipe ssthresh rtt,msecrttvar hopcount mtu expire 0 0 0 0 0 0 1500 820 Now if I add back the default route with: it>/home/itetcu# route add default 192.168.0.1 0.0.0.0 add net default: gateway 192.168.0.1 it>/home/itetcu# netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.0.1UGSc00rl0 127.0.0.1 127.0.0.1 UH 04lo0 192.168.0 link#1 UC 10rl0 192.168.0.100:e0:4c:55:c3:13 UHLW1 222rl0935 I get my freebsd connection back: it>/home/itetcu# ping www.freebsd.org PING www.freebsd.org (216.136.204.117): 56 data bytes 64 bytes from 216.136.204.117: icmp_seq=0 ttl=50 time=242.811 ms ^C All this time: it>/home/itetcu# ps axw | grep routed returns nada. Reference, besides the man pages: http://www.onlamp.com/pub/a/bsd/2000/08/23/FreeBSD_Basics.html and the rest networking articles from there. -- IOnut Unregistered ;) FreeBSD user ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Solved! Was: Re: routed 'forgets' it's path (or something)
Odd, but the soo simple solution which however I can't explain was to do a: route add default 192.168.0.1 (192.168.0.1 is my gateway) If someone can explain how the system could work for a while after the route daemon was started and then suddenly forget all routing tables it would be great, however it works for me know so I'm pleased again! ;) On Sat, 2003-06-28 at 00:04, freeBSD wrote: > I have run into a strange problem: > > Suddenly has my nic no routingtables so name lookups etc doesn't work. > > The only solution is to SU and kill routed and then start it again. > > Everything will then work for an hour or so and then I'm back on step > one again. > > I have laborated with cvsup etc the last day, so it's probably something > that's been changed, but I'm to novice to understan what. > > I am running 5.0p7 now. > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"