Re: [Shorewall-users] Troubleshooting ProxyARP

Sun, 10 Jun 2007 18:23:24 -0700 

After noting your observations regarding a lack of being able to ping .177,
I have successfully diagnosed that there was a missing route to this IP
address (because I was using a /24 netmask for my tun0 interface).

Some further investigation to try and obtain the right method of configuring
this whole thing with my current 'proper' range as pointed out by Jerry
(Thanks Jerry!) resulted in it working perfectly.

Here is my configuration, if anyone has the same problem in the future:

[EMAIL PROTECTED] [/etc/shorewall]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:E0:4C:77:85:4A
         inet addr:67.159.44.246  Bcast:67.159.44.255  Mask:255.255.255.0
         inet6 addr: fe80::2e0:4cff:fe77:854a/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:267729 errors:0 dropped:0 overruns:0 frame:0
         TX packets:70492 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:17932961 (17.1 MiB)  TX bytes:14432200 (13.7 MiB)
         Interrupt:169 Base address:0x6000

eth0:1    Link encap:Ethernet  HWaddr 00:E0:4C:77:85:4A
         inet addr:66.90.117.9  Bcast:66.90.117.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         Interrupt:169 Base address:0x6000

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:116 errors:0 dropped:0 overruns:0 frame:0
         TX packets:116 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:12521 (12.2 KiB)  TX bytes:12521 (12.2 KiB)

tun0      Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
         inet addr:67.159.49.177  P-t-P:67.159.49.177  Mask:255.255.255.240
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
         RX packets:54 errors:0 dropped:0 overruns:0 frame:0
         TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:3188 (3.1 KiB)  TX bytes:2400 (2.3 KiB)

[EMAIL PROTECTED] [/etc/shorewall]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
66.90.117.9     0.0.0.0         255.255.255.255 UH    0      0        0 eth0
67.159.49.176   0.0.0.0         255.255.255.240 U     0      0        0 tun0
66.90.117.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
67.159.44.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
67.159.49.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         67.159.44.1     0.0.0.0         UG    0      0        0 eth0

I learned some more about routing and netmasks today, and about how not to
take ISPs ip range assignments for granted - thank you Tom and Jerry (no pun
intended)!

Regards,

Jan



On 10/06/07, Jerry Vonau <[EMAIL PROTECTED]> wrote:


Jan Mulders wrote:
> I can't ping .177... Perhaps it's the broadcast address for my IP range:
if
> another machine can't find my mac address, it sends it to the broadcast
> address which spams it out over my subnet?
>

If I can ping .177 and you can't, as a guess, it sounds like your
missing a route to .177 (which is not in your route dump)

> [EMAIL PROTECTED] [~]# ping 67.159.49.177
> PING 67.159.49.177 (67.159.49.177) 56(84) bytes of data.
>
> --- 67.159.49.177 ping statistics ---
> 6 packets transmitted, 0 received, 100% packet loss, time 4998ms
>
> 32/0.014 ms, pipe 2
>
>
> I've tried flushing the arp cache on my machine, and I don't think it's
an
> issue with my ISP (why would .177 be arping if it was cached?).
>
> My network diagram is along the lines of:
>
> [a bunch of computers] - each with IP address 67.159.49.179-190,
connected
> via a vpn to tun0
>         |
>         |
> [tun0 on my shorewall box] - 67.159.49.178 for convenience's sake
> [shorewall with proxyarp between the two interfaces]
> [eth0 on my shorewall box] - 67.159.44.246
> |
> [the wild internet] - where I've been assigned 44.246 for my server, and
a
> range of 13 usable addresses - 49.178 to 49.190.
>
.177 is no one of them, it should be on your subnet:
/sbin/shorewall ipcalc 67.159.49.177/28
   CIDR=67.159.49.177/28
   NETMASK=255.255.255.240
   NETWORK=67.159.49.176
   BROADCAST=67.159.49.191

Is that your isp's router? If not, what would it be?

A shorewall dump would be very useful here, and you may get others
looking also.

Jerry



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to