Date: Thu, 22 Jul 1999 23:30:13 -0400 (EDT) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: gill@topsecret.net (James Gill) Cc: freebsd-questions@FreeBSD.ORG Subject: Re: my gateway is a gate, but not a way! Message-ID: <199907230330.XAA14753@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <NDBBJDFMIMOCFNNCEKADMEHHCKAA.gill@topsecret.net> from James Gill at "Jul 22, 99 10:03:03 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
James Gill wrote,
> Here is a diagram of the network as it is currently implemented (wrapped for
> readability):
>
>
> +==========+==========\
> .130 .131 .129
> +
> .2
> _____ /
> Internet<==/_.1_/====+========
> .33
>
> .130 and .131 are on the internal half of the 255.255.255.192 subnet.
^^^^^^^^^^^^^^^
OK, first point of confusion for me. If you have a mask like that, you
only can be using numbers from 0-63 (1-62 usable), right? Actually, it
would be more proper to say that you only have 62 host addresses to
work with; they need not start at 1.
I think I may not understand what that is a mask for.
> The gateway, which has two NICs and .129 on the internal one and .2 on the
> external one *should* route packets. .1 is an ISDN routing device (no ppp,
> dialup headaches, yay!) and .33 is a machine that is (currently) on the
> external side of the gateway.
Ignoring that netmask stuff, I'm with you.
> from .130 and .131 I can ping each other, .129 *and* .2 addresses, but *not*
> the .33 or .1 addresses. from the gateway machine I can ping all addresses
> on the network and internet.
OK. Sounds like .33 and .1 don't know what to do with the packets, or
(less likely) .129 is not passing them along.
> I'm really not sure where to look first to make .33 and the internet
> accessable from the internal machines. Eventually, the gateway machine will
> be a firewall and NAT (and .33 will go to .133) but currently it is
> installed with a minimal config, the source distribution, make, and bind
> (bind is not yet configured).
>
> So let's start with what is in my /etc/rc.conf file on the gateway:
>
> # -- sysinstall generated deltas -- #
> ntpdate_flags="ncar.ucar.edu"
> saver="star"
> blanktime="300"
> gateway_enable="YES"
> ntpdate_enable="YES"
> network_interfaces="ed0 ed1 lo0"
> ifconfig_ed0="inet 10.101.101.2 netmask 255.255.255.192"
> ifconfig_ed1="inet 10.101.101.129 netmask 255.255.255.192"
> defaultrouter="10.101.101.1"
> #defaultrouter="NO"
> hostname="panama.int.topsecret.net"
> releaseName=""
> #static_routes="route_int route_ext" #list of static routes
> #route_int="-net 10.101.101.0 10.101.101.2"
> #route_ext="-net 10.101.101.128 10.101.101.129"
>
> as you can see, i've tried a few things already and the gateway_enable="YES"
> *is* turned on. When I uncomment the last three lines I get errors in the
> myst that goes by as the system boots, but it's at some point after what
> shows up in /var/run/dmesg.boot
OK, I think I understand your netmasks now.
> and here's what ifconfig -a shows me:
>
> ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 10.101.101.2 netmask 0xffffffc0 broadcast 10.101.101.63
> ether 00:80:29:ef:61:71
> ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 10.101.101.129 netmask 0xffffffc0 broadcast 10.101.101.191
> ether 00:80:29:ef:81:d1
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> inet 127.0.0.1 netmask 0xff000000
[snip]
> any suggestions?
Sure. The problem likely has absolutely nothing to do with the gateway
machine. The problem is the configuration of .1 and .33. How are .1
and .33 configured? When .33 or .1 receives a packet with an address
to .130, what will it do with it? Does .33 expect .130 to be on the
local ethernet? Does it have the route in place to send the packet to
.2? Or does it send it to the default, .1? You're hosed if it thinks
it's local. It should be working if it knows the route. And if it
sends it to .1, it will only work if .1 then knows to bounce it back
to .2.
So, how are .33 and .1 set up? Turn on tcpdump on .2 and listen for
packets when .33 tries to ping .130. Any trying to go?
--
Crist J. Clark cjclark@home.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907230330.XAA14753>