Date: Wed, 7 May 2003 14:16:22 +0100 From: Jez Hancock <jez.hancock@munk.nu> To: Ronald Weinrich <freebsd@werosoft.com> Cc: FreeBSD questions List <freebsd-questions@freebsd.org> Subject: Re: no route to host Message-ID: <20030507131622.GC59479@users.munk.nu> In-Reply-To: <3EB8E570.5774.8DA49D3@localhost> References: <3EB87C2C.16955.73F15B3@localhost> <3EB8E570.5774.8DA49D3@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 07, 2003 at 10:52:32AM +0200, Ronald Weinrich wrote:
> Hi Jez Hancock,
> yesterday it was 4h in the morning so I had to go, I hope you get this mess.
> I did what you said -
> now I'm able to ping
> from the firewall-box to ep0 192.168.0.1
> from the firewall-box to ed0-213.47.28.166
>
> from intranet 192,168,0,xx to ep0 192.168.0.1 and
> from intranet 192,168,0,xx to ed0 213.47.28.166
> from intranet not to the DNS1-box in inet 213.47.28.160/8 on 213.47.28.162 or to the
> router 213.47.28.161
> I guess that's the reason I can't conect to the internet
> (does 160/8 mean 160 -175?)
> from outside 213.47.28.160/8 to ed0 213.47.28.166 works
>
> is that a ipnat problem? or a routing problem?
> I add
> > Try adding a simple /etc/ipf.rules ruleset:
> > pass out all
> > pass in all
> > ipfilter_enable="YES"
> > ipfilter_rules="/etc/ipf.rules"
> > you have no entry for the ep0 interface and your ifconfig output
> > suggests ep0 isn't active (or even present).
> therefore I run a script at boot-time
> ifconf.sh
> #!/bin/sh
> /sbin/ifconfig ep0 down
> /sbin/ifconfig ep0 inet 192.168.0.1 netmask 0xffffff00 broadcast
> 192.168.5.255
> /sbin/ifconfig ep0 up
> [ -x /sbin/ipnat ] && /sbin/ipnat -CF -f /etc/ipnat.conf && ipf -
> y && echo -n 'ipnat'
No - all your network interface configuration at boot time is done using
the 'ifconfig_' lines in /etc/rc.conf.
A good thing to do if you're familiar with shell scripting and unsure
how something is initiated at boot time is to grep for a keyword in the
/etc/ directory.
For example, say in this case you're wondering how your network
interfaces are initiated at boot time. You know the command you use to
configure a network interface is 'ifconfig' so you grep for 'ifconfig'
in /etc.
Doing this yields quite a few 'hits':
[13:51:41] root@users /root# grep ifconfig /etc/*
/etc/pccard_ether:# pccard_ether interfacename [start|stop] [ifconfig
option]
/etc/pccard_ether:case ${pccard_ifconfig} in
/etc/pccard_ether: eval ifconfig_${interface}=\${pccard_ifconfig}
<snip>
/etc/rc.network: ifconfig ${ifn} create
/etc/rc.network: # to go _before_ the general ifconfig section,
since in the case
/etc/rc.network: # gifconfig
/etc/rc.network: network_interfaces="`ifconfig -l`"
<snip>
In this case you think, 'ah ok /etc/rc.network must be where my network
ifaces are init'd', so you go investigate /etc/rc.network in your
editor...
The /etc/rc.network file isn't that hard to understand and worth reading
through a few times. The gist of it is that to bring up a network
interface at boot time you add a line in /etc/rc.conf along the lines:
ifconfig_ed0="inet 213.47.28.166 netmask 255.255.255.240"
Now this line above is used in /etc/rc.network to build the command that
freebsd executes on boot. The command resolves to:
ifconfig ed0 inet 213.47.28.166 netmask 255.255.255.240
and will be executed at boot.
So, if you have additional interfaces you need configuring you should
add extra ifconfig_ lines to /etc/rc.conf. In this case, add a line for
ep0, the netmask you want is 255.255.255.0. A line like this should do:
ifconfig_ep0="inet 192.168.0.1 netmask 255.255.255.0"
(Incidentally this is all the /stand/sysinstall application does).
This line means ep0 will be brought up and will accept connections on
192.168.0.1 from any host on the same network. In this case, the 'same
network' is any machine on 192.168.0.1/255.255.255.0 - any machine
in the range 192.168.0.1 - 192.168.0.255 will be able to talk to your
machine on the network interface ep0 (I think this is right, sure
someone will correct me if not!).
I would recommend you read this thread through fully a few times:
http://marc.theaimsgroup.com/?l=freebsd-questions&m=105163580919140&w=2
for information on netmasking - it covers how netmasking works with
particular relevance to FreeBSD.
To work out netmask ranges this calculator is good:
http://www.telusplanet.net/public/sparkman/netcalc.htm
The page is IMO a bit intimidating, but as an example for the
192.168.0.1 255.255.255.0 you'd enter 192.168.0.1 and 255.255.255.0 in
the second form on that page and then click 'calculate'. You can then
click on 'Explain' for an explanation of how your particular calculation
was worked out and what it means.
Hope that helps anyway,
Jez
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030507131622.GC59479>