deadlast
asked on
openbsd router
I have 2 networks I need to join via a router.
interface 1 : 10.69.69.2/8
interface 2 : 192.168.0.200/24
I set net.inet.ip.forwarding=1 in sysctl.conf
this doesn't work at all.
I'm having a hard time figuring this one out, I tried google but that was unsuccesfull
I could really use some help =D
heres my route table
10/8 link#2 UC 0 0 - rl1
10.69.69.2 0:50:ba:b4:12:7d UHL 0 0 - lo0
10.69.69.114 0:30:48:27:51:2a UHL 0 3 - rl1
loopback localhost UGRS 0 0 33224 lo0
localhost localhost UH 2 0 33224 lo0
192.168.0/24 link#1 UC 0 0 - rl0
192.168.0.1 0:e0:1e:7e:8a:c1 UHL 1 0 - rl0
192.168.0.200 0:50:ba:be:c:3 UHL 0 0 - lo0
192.168.12/24 192.168.0.1 UGS 1 352 - rl0
bsdrouter localhost UGHS 0 0 33224 lo0
BASE-ADDRESS.MCAST localhost URS 0 0 33224 lo0
interface 1 : 10.69.69.2/8
interface 2 : 192.168.0.200/24
I set net.inet.ip.forwarding=1 in sysctl.conf
this doesn't work at all.
I'm having a hard time figuring this one out, I tried google but that was unsuccesfull
I could really use some help =D
heres my route table
10/8 link#2 UC 0 0 - rl1
10.69.69.2 0:50:ba:b4:12:7d UHL 0 0 - lo0
10.69.69.114 0:30:48:27:51:2a UHL 0 3 - rl1
loopback localhost UGRS 0 0 33224 lo0
localhost localhost UH 2 0 33224 lo0
192.168.0/24 link#1 UC 0 0 - rl0
192.168.0.1 0:e0:1e:7e:8a:c1 UHL 1 0 - rl0
192.168.0.200 0:50:ba:be:c:3 UHL 0 0 - lo0
192.168.12/24 192.168.0.1 UGS 1 352 - rl0
bsdrouter localhost UGHS 0 0 33224 lo0
BASE-ADDRESS.MCAST localhost URS 0 0 33224 lo0
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
FYI
I tried this with freebsd and it did work. I could ping through it and it appeared to be working find, but we couldn't "really" connect. For instance remote admin would not connect. I did a tcp dump on the router and noticed that the box that we were trying to connect to was only sending ACK's, same for the box trying to connect. So they wern't SYNcing up.
I tried this with freebsd and it did work. I could ping through it and it appeared to be working find, but we couldn't "really" connect. For instance remote admin would not connect. I did a tcp dump on the router and noticed that the box that we were trying to connect to was only sending ACK's, same for the box trying to connect. So they wern't SYNcing up.
1) dual paths is when you have two ppp leased lines between offices, configured addresses have routes labeled link #1 #2 etc, they are on while iface is up, and this is the purpose netmask serves.
2) disable pf or other firewall, some other firewalls send simple ack instead of syn+ack on first response and pf is against it
2) disable pf or other firewall, some other firewalls send simple ack instead of syn+ack on first response and pf is against it
ASKER
Alright it worked. turns out I had it right the first time I tried. The reason why it didn't work for me in freebsd is because it was need to have an option complied into the kernel.
Now if only I could have it set so that I didn't have to add static routes... using the OBSD router as a default gateway would do the trick..
any ideas let me know..
Thanks again.
Now if only I could have it set so that I didn't have to add static routes... using the OBSD router as a default gateway would do the trick..
any ideas let me know..
Thanks again.
you can set routes in /etc/hostname.rl0 and .rl1 files
inet address ... mask ...
up
route -n add ...
route -n add ...
if you have only one router to go out use it's IP in /etc/mygate instead
and add last server in /etc/resolv.conf an 127.0.0.1, so you should not type route -n , but just route, have fun.
be careful - patch the arp if your networks are large, and turn on GATEWAY option in kernel for longer uptimes.
check out man brconfig too
inet address ... mask ...
up
route -n add ...
route -n add ...
if you have only one router to go out use it's IP in /etc/mygate instead
and add last server in /etc/resolv.conf an 127.0.0.1, so you should not type route -n , but just route, have fun.
be careful - patch the arp if your networks are large, and turn on GATEWAY option in kernel for longer uptimes.
check out man brconfig too
! route -n add
in these hostname files, it is parsed like via # xargs -n 1 ifconfig rl0
in these hostname files, it is parsed like via # xargs -n 1 ifconfig rl0
somehow missed your rip comment:
in rip you set address and mask on broadcast link like ethernet and exchange rip info via ppp links, so if you have complex web of leased lines, it will surely help. try routed -q to see if your gateway talks rip
in rip you set address and mask on broadcast link like ethernet and exchange rip info via ppp links, so if you have complex web of leased lines, it will surely help. try routed -q to see if your gateway talks rip
ASKER
so then it would look like this?
I can't actually test this for a bit.
hostname.rl0
inet 192.168.0.200 0xffffff00 NONE
up
route -n add 10.0.0.0/24 10.69.69.2
route -n add 192.168.12.0/24 192.168.0.1 # note: this is another router
hostname.rl1
inet 10.69.69.2 0xff000000 NONE
up
route -n add 192.168.0.0/24 192.168.0.200
I can't actually test this for a bit.
hostname.rl0
inet 192.168.0.200 0xffffff00 NONE
up
route -n add 10.0.0.0/24 10.69.69.2
route -n add 192.168.12.0/24 192.168.0.1 # note: this is another router
hostname.rl1
inet 10.69.69.2 0xff000000 NONE
up
route -n add 192.168.0.0/24 192.168.0.200
* fixing media is better than nWay autoselect, sometimes you need to set same setting on ethernet switch, duplex mismatch is painful.
* link routes work as interface comes up, no need to add them
* rl netcard inefficient, de or fxp or anything gigabit works much better (like four-port 100BaseTX)
* suggested config in the end.
hostname.rl0
inet 192.168.0.200 0xffffff00 media 100baseTX mediaopt full-duplex
# up # see below
! /sbin/route -n add 192.168.12.0/24 192.168.0.1 # note: you see it depends on that interface being up, so its place is here
# ! /sbin/route -n add 192.168.0.0/24 192.168.0.200 # this is default link route
hostname.rl1
inet 10.69.69.2 0xff000000 media 100baseTX mediaopt full-duplex
# up # not needed, it is up anyway after configuring address
# ! /sbin/route -n add 10.0.0.0/24 10.69.69.2 #this is default no need to write, mask is /8 for 0xff000000
So:
hostname.rl0:
inet 192.168.0.200 0xffffff00 media 100baseTX mediaopt full-duplex
! /sbin/route -n add 192.168.12.0/24 192.168.0.1
hostname.rl1:
inet 10.69.69.2 0xff000000 media 100baseTX mediaopt full-duplex
* link routes work as interface comes up, no need to add them
* rl netcard inefficient, de or fxp or anything gigabit works much better (like four-port 100BaseTX)
* suggested config in the end.
hostname.rl0
inet 192.168.0.200 0xffffff00 media 100baseTX mediaopt full-duplex
# up # see below
! /sbin/route -n add 192.168.12.0/24 192.168.0.1 # note: you see it depends on that interface being up, so its place is here
# ! /sbin/route -n add 192.168.0.0/24 192.168.0.200 # this is default link route
hostname.rl1
inet 10.69.69.2 0xff000000 media 100baseTX mediaopt full-duplex
# up # not needed, it is up anyway after configuring address
# ! /sbin/route -n add 10.0.0.0/24 10.69.69.2 #this is default no need to write, mask is /8 for 0xff000000
So:
hostname.rl0:
inet 192.168.0.200 0xffffff00 media 100baseTX mediaopt full-duplex
! /sbin/route -n add 192.168.12.0/24 192.168.0.1
hostname.rl1:
inet 10.69.69.2 0xff000000 media 100baseTX mediaopt full-duplex
and beware that 10/8 net will not work unless you set route on 192.168.0.1 pointig a gateway to -net 10/8 to 192.168.0.200 (or RIP if you really consider more networks)
ASKER
Well, I've been unsuccessful in getting it to advertise its routes, looks like I'll be manually adding them on the clients. Either way, it works. Yes I did try you method gheist, but it made no difference in the way operated.
the 10.0.0.0/24 was a typo
the 10.0.0.0/24 was a typo
advertisements are made using routed or zebra, no harm in packets reflecting via same interface back to another router.
NEVER do anything on client (except DHCP maybe) it is lots of work & hate.
NEVER do anything on client (except DHCP maybe) it is lots of work & hate.
ASKER
Routed didnt work at all.... I tried many different flags. I'll see about trying Zebra.
default 10.19.16.1 UG
10.19.16.0 link#1 U
10.19.16.1 0:30:85:00:00:00 UH
some more ...
10.19.19.9 127.0.0.1 UGH
127.0.0.0 127.0.0.1 UG
127.0.0.1 127.0.0.1 UH
192.168.144.0 link#2 U
192.168.144.3 0:80:c8:00:00:00 UH
many more ...
works, forwards etc, no zebra-s or routed-s, only
net.inet.ip.forwarding=1
will be a problem even when you use zebra or so...
can you ping and telnet ??? you do not need routed or zebra, they will not do anything magic...
10.19.16.0 link#1 U
10.19.16.1 0:30:85:00:00:00 UH
some more ...
10.19.19.9 127.0.0.1 UGH
127.0.0.0 127.0.0.1 UG
127.0.0.1 127.0.0.1 UH
192.168.144.0 link#2 U
192.168.144.3 0:80:c8:00:00:00 UH
many more ...
works, forwards etc, no zebra-s or routed-s, only
net.inet.ip.forwarding=1
will be a problem even when you use zebra or so...
can you ping and telnet ??? you do not need routed or zebra, they will not do anything magic...
ASKER
I can do everything just fine through the router. It just that I have to add the routes into the Windows workstations.
you can add route on their default router and make it anounce your new router via RIP (preferably) or ICMP redirects in hope workstations accept one
ASKER
their default router is the OpenBSD router..
This or another ??? :-) Forgive - me dumb
ASKER
=D hehe..
The openbsd router box IS the default gateway for the 10/8 side.
I'll try and draw a little netgraph
10/8------openbsdrouter---
what my network really consists of;
10/8------openbsdrouter---
I have no problems communicating bettween any networks if I hate routes to the 192.168.0.0/24 and the 10/8 network.
I can even SYN_ACK from 10/8 to 192.168.12.0/24.
So the only thing is is that I don't want to have to add peristante routes on the 10/8 and 192.168.0.0/24 networks. like this
10/8 C:\route add 192.168.0.0 mask 255.255.255.0 10.69.69.2
192.168.0.0/24 C:\route add 10.0.0.0 mask 255.255.255.0 192.168.0.200
I hope that makes more sense. =D
The openbsd router box IS the default gateway for the 10/8 side.
I'll try and draw a little netgraph
10/8------openbsdrouter---
what my network really consists of;
10/8------openbsdrouter---
I have no problems communicating bettween any networks if I hate routes to the 192.168.0.0/24 and the 10/8 network.
I can even SYN_ACK from 10/8 to 192.168.12.0/24.
So the only thing is is that I don't want to have to add peristante routes on the 10/8 and 192.168.0.0/24 networks. like this
10/8 C:\route add 192.168.0.0 mask 255.255.255.0 10.69.69.2
192.168.0.0/24 C:\route add 10.0.0.0 mask 255.255.255.0 192.168.0.200
I hope that makes more sense. =D
ASKER
btw, the 10/8 and 192.168.0.0/24 ranges also have another NIC in each box using no-privite address, REAL inet addresses.
ASKER
thanks for your paitience gheist, this is really appreciated.
I'll throw some more points your way after this is finished =D
I'll throw some more points your way after this is finished =D
ASKER
THIS IS A TYPO 192.168.0.0/24 C:\route add 10.0.0.0 mask 255.255.255.0 192.168.0.200
it should be an 8 bit mask
it should be an 8 bit mask
Thanks for info - preloaded routed is enough for cisco to exchange RIP information
1) read "man networks" and build /etc/networks file
2) read "man hosts" and build /etc/hosts containing involved router addresses including own
3) read man routed and build /etc/gateways like this
net 192.168.12.0/24 gateway 192.168.0.cisco metric 1 active
assuming cisco runs rip on interface (i.e. it has never been disabled or must be enables using rou rip <cr> ver 2 <cr> net 1.1.1.1 and so on)
as I said run routed -q to see if rip is running
1) read "man networks" and build /etc/networks file
2) read "man hosts" and build /etc/hosts containing involved router addresses including own
3) read man routed and build /etc/gateways like this
net 192.168.12.0/24 gateway 192.168.0.cisco metric 1 active
assuming cisco runs rip on interface (i.e. it has never been disabled or must be enables using rou rip <cr> ver 2 <cr> net 1.1.1.1 and so on)
as I said run routed -q to see if rip is running
ASKER
the cisco doesn't really matter, we don't have any problems with it. I only have to add the routes from 10/8 and 192.160.0.0/24.
going to 192.168.12.0/24 isn't a problem after I have the routes add from the above.
I'll try doing what you said when I get to work in the mornning.
once again thanks =D
going to 192.168.12.0/24 isn't a problem after I have the routes add from the above.
I'll try doing what you said when I get to work in the mornning.
once again thanks =D
ASKER
if possible I would like to not have to add any static routes on the boxes, I would like it to be automatic.
Would routed be a better idea because its has rip?