Oh, forgot a route dump:
[EMAIL PROTECTED] [~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
67.159.49.182 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
67.159.49.183 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
67.159.49.180 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
67.159.49.181 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
67.159.49.179 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
67.159.49.190 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
67.159.49.188 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
67.159.49.189 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
67.159.49.186 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
67.159.49.187 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
66.90.117.9 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
67.159.49.184 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
67.159.49.185 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
66.90.117.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
67.159.44.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 67.159.44.1 0.0.0.0 UG 0 0 0 eth0
[EMAIL PROTECTED] [~]#
.80's gateway should be .44.1 - the normal destination for my main eth0 IP
(according to my isp).
Thanks,
Jan
On 10/06/07, Jan Mulders <[EMAIL PROTECTED]> wrote:
I can't ping .177... Perhaps it's the broadcast address for my IP range:
if another machine can't find my mac address, it sends it to the broadcast
address which spams it out over my subnet?
[EMAIL PROTECTED] [~]# ping 67.159.49.177
PING 67.159.49.177 (67.159.49.177) 56(84) bytes of data.
--- 67.159.49.177 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 4998ms
32/0.014 ms, pipe 2
I've tried flushing the arp cache on my machine, and I don't think it's an
issue with my ISP (why would .177 be arping if it was cached?).
My network diagram is along the lines of:
[a bunch of computers] - each with IP address 67.159.49.179-190, connected
via a vpn to tun0
|
|
[tun0 on my shorewall box] - 67.159.49.178 for convenience's sake
[shorewall with proxyarp between the two interfaces]
[eth0 on my shorewall box] - 67.159.44.246
|
[the wild internet] - where I've been assigned 44.246 for my server, and a
range of 13 usable addresses - 49.178 to 49.190.
Any bright ideas?
Thanks for the reply.
Jan
On 10/06/07, Jerry Vonau <[EMAIL PROTECTED]> wrote:
>
> Jan Mulders wrote:
> > Hello all.
> >
> > Having a few troubles with ProxyARP - Despite being configured in what
> > looks
> > to be a correct manner, my server is not responding to incoming ARP
> > queries.
> > Take a look:
> >
> > One machine (external to this entire network) pinging 67.159.49.180, a
> > client on my VPN interface, tun0:
> > seeds:~# ping 67.159.49.180
> > PING 67.159.49.180 (67.159.49.180) 56(84) bytes of data.
> > [no responses]
> >
> > My firewall machine, which is configured to proxyarp traffic between
> eth0
> > and tun0 (see later for configs):
> > [EMAIL PROTECTED] [/etc/openvpn]# tcpdump -i eth0 -n src 67.159.49.180 or
dst
> > 67.159.49.180
> > tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> > listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> > 11:58:42.451208 arp who-has 67.159.49.180 tell 67.159.49.177
> > 11:58:44.450829 arp who-has 67.159.49.180 tell 67.159.49.177
> > 11:58:46.450709 arp who-has 67.159.49.180 tell 67.159.49.177
> >
>
> >From where I am, I can ping 67.159.49.177 and .178 only
>
> > The output of 'arp -n' on the firewall machine:
> >
> > [EMAIL PROTECTED] [~]# arp -n
> > Address HWtype HWaddress Flags Mask
> > Iface
> > 67.159.44.1 ether 00:D0:01:1E:50:0A C
> > eth0
> > 67.159.49.184 * * MP
> > eth0
> > 67.159.49.185 * * MP
> > eth0
> > 67.159.49.186 * * MP
> > eth0
> > 67.159.49.187 * * MP
> > eth0
> > 67.159.49.188 * * MP
> > eth0
> > 67.159.49.189 * * MP
> > eth0
> > 67.159.49.190 * * MP
> > eth0
> > 67.159.49.179 * * MP
> > eth0
> > 67.159.49.180 * * MP
> > eth0
> > 67.159.49.181 * * MP
> > eth0
> > 67.159.49.182 * * MP
> > eth0
> > 67.159.49.183 * * MP
> > eth0
>
> Can you ping .177 from the firewall?
> >
> > My ifconfig:
> >
> > [EMAIL PROTECTED] [~]# ifconfig
> > eth0 Link encap:Ethernet HWaddr 00:E0:4C:77:85:4A
> > inet addr: 67.159.44.246 Bcast:67.159.44.255 Mask:
> 255.255.255.0
> > inet6 addr: fe80::2e0:4cff:fe77:854a/64 Scope:Link
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:60822 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:3960 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:1000
> > RX bytes:4747174 ( 4.5 MiB) TX bytes:623330 (608.7 KiB)
> > Interrupt:169 Base address:0x6000
> >
> > eth0:1 Link encap:Ethernet HWaddr 00:E0:4C:77:85:4A
> > inet addr:66.90.117.9 Bcast:66.90.117.255 Mask:
> 255.255.255.0
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > Interrupt:169 Base address:0x6000
> >
> > lo Link encap:Local Loopback
> > inet addr:127.0.0.1 Mask:255.0.0.0
> > inet6 addr: ::1/128 Scope:Host
> > UP LOOPBACK RUNNING MTU:16436 Metric:1
> > RX packets:116 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:116 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:0
> > RX bytes:12509 (12.2 KiB) TX bytes:12509 (12.2 KiB)
> >
> > tun0 Link encap:UNSPEC HWaddr
> > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> > inet addr:67.159.49.178 P-t-P: 67.159.49.178 Mask:
> 255.255.255.240
> > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
> > RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:100
> > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
> >
> > (tun0 is handing out IPs to clients as .179, .180, etc)
> >
> > I have been given a /28 by my ISP, giving me 13 usable IPs. I've
> handed all
> > but one of these out to my clients on tun0 (except for .178, which I'm
> > using
> > for hosting DNS and other things the clients should use directly).
> >
> > Interestingly, the machine complaining about the lack of arp is
> > 67.159.49.177, which is one off the beginning of my range. Perhaps
> related
> > to the 'network', 'router', and 'broadcast addresses of my IP range?
> >
>
> What is .177? The router/gateway for the rest of the lan?
>
> > My proxyarp configuration:
> >
> > #ADDRESS INTERFACE EXTERNAL HAVEROUTE
> PERSISTENT
> > # 67.159.49.178 tun0 eth0 no # commented out for tun0 ip use
> > 67.159.49.179 tun0 eth0 no
> > 67.159.49.180 tun0 eth0 no
> > 67.159.49.181 tun0 eth0 no
> > 67.159.49.182 tun0 eth0 no
> > 67.159.49.183 tun0 eth0 no
> > 67.159.49.184 tun0 eth0 no
> > 67.159.49.185 tun0 eth0 no
> > 67.159.49.186 tun0 eth0 no
> > 67.159.49.187 tun0 eth0 no
> > 67.159.49.188 tun0 eth0 no
> > 67.159.49.189 tun0 eth0 no
> > 67.159.49.190 tun0 eth0 no
> > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> >
> > Can anyone figure out why a previously working configuration (it
> worked
> > fine
> > last night!) would suddenly stop working? Why would my machine stop
> > responding to arp requests? Have I broken something, or
>
> arp cache maybe?
>
> > overlooked/misunderstood/misconfigured anything?
> >
> > Any and all help will be greatly appreciated.
>
> Maybe, need a better understanding of your layout.
> .180's gateway is get to what?
> What does ip route ls look like? Better yet how about a dump?
>
> Jerry
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
