SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-16-2008, 05:08 AM
| ||||
| ||||
 Route problem? Thanks for taking time to help out. I must be missing something very basic, and I could use some help. I have recently replaced a commercial firewall appliance with an OpenBSD firewall. I've built OpenBSD firewalls a few times, so, while I'm not an expert by any means, I feel like I have some idea about what I'm doing. Everything works as I expect, with one exception. I have a FreeBSD 4.9-RELEASE machine that I want to set up as a web server inside the firewall. The problem is that I cannot ping the OpenBSD firewall from the FreeBSD web server, and I cannot ping the FreeBSD web server from the Open BSD firewall. Both machines can ping other machines on the network. Any thoughts? Let me know if there's additional diagnostic information I could collect that would be helpful.      |
|
02-16-2008, 05:08 AM
| |||
| |||
| Re: Route problem? - More info Neither machine shows up in the routing table of the other machine. So, I'm inclined to believe it's a routing problem, but still don't understand why it's happening. "Struggler" <americusfree1@hotmail.com> wrote in message news:bsui34$m07$1@news.onecall.net... > Thanks for taking time to help out. I must be missing something very basic, > and I could use some help. > > I have recently replaced a commercial firewall appliance with an OpenBSD > firewall. I've built OpenBSD firewalls a few times, so, while I'm not an > expert by any means, I feel like I have some idea about what I'm doing. > Everything works as I expect, with one exception. I have a FreeBSD > 4.9-RELEASE machine that I want to set up as a web server inside the > firewall. The problem is that I cannot ping the OpenBSD firewall from the > FreeBSD web server, and I cannot ping the FreeBSD web server from the Open > BSD firewall. Both machines can ping other machines on the network. Any > thoughts? > > Let me know if there's additional diagnostic information I could collect > that would be helpful. > > |
|
02-16-2008, 05:08 AM
| |||
| |||
| Re: Route problem? - More info Struggler wrote: > Neither machine shows up in the routing table of the other machine. So, I'm > inclined to believe it's a routing problem, but still don't understand why > it's happening. > How about netmasks and stuff? Peter |
|
02-16-2008, 05:08 AM
| |||
| |||
| Re: Route problem? - More info Good thought. The internal address of the Open BSD Firewall is 10.0.1.254, with a netmask of 255.255.255.0 The FreeBSD web server is 10.0.1.251, with a netmask of 255.255.255.0 Of course, this looks OK to me. Any other stuff to consider? "Peter Boosten" <niemand@nergens.loc> wrote in message news:bsul90$fpf$1@news4.tilbu1.nb.home.nl... > Struggler wrote: > > > Neither machine shows up in the routing table of the other machine. So, I'm > > inclined to believe it's a routing problem, but still don't understand why > > it's happening. > > > > How about netmasks and stuff? > > Peter > |
|
02-16-2008, 05:08 AM
| |||
| |||
| Re: Route problem? - More info Struggler wrote: > Good thought. > > The internal address of the Open BSD Firewall is 10.0.1.254, with a netmask > of 255.255.255.0 > The FreeBSD web server is 10.0.1.251, with a netmask of 255.255.255.0 > > Of course, this looks OK to me. Any other stuff to consider? > Looks OK to me as well.. ;-) Just to make an impression: you have an OBSD firewall, with two NICs, FBSD is on the inside. netstat -rn doesn't show the FBSD-box, but shows the other servers. Wat about default gateway on the FBSD-box? (defaultrouter in /etc/rc.conf) Peter |
|
02-16-2008, 05:08 AM
| |||
| |||
| Re: Route problem? - More info You have a pretty clear picture of the problem. However, netstat -rn sheds new light on the problem (I had been using netstat -r). <cut> 10.0.1.66 0:4:76:b9:fd:db UHLc 0 3 - xl1 10.0.1.73 0:4:76:b7:1f:b5 UHLc 0 22 - xl1 10.0.1.148 2:7:1:1c:6e:3f UHLc 0 88 - xl1 10.0.1.251 127.0.0.1 UGHS 1 11102 33224 lo0 <cut> So, the firewall thinks 10.0.1.251 can be reached through the loopback interface. How did that happen? This is most helpful, by the way, thanks! "Peter Boosten" <niemand@nergens.loc> wrote in message news:bsum1l$rfj$1@news3.tilbu1.nb.home.nl... > Struggler wrote: > > > Good thought. > > > > The internal address of the Open BSD Firewall is 10.0.1.254, with a netmask > > of 255.255.255.0 > > The FreeBSD web server is 10.0.1.251, with a netmask of 255.255.255.0 > > > > Of course, this looks OK to me. Any other stuff to consider? > > > > Looks OK to me as well.. ;-) > > Just to make an impression: > > you have an OBSD firewall, with two NICs, FBSD is on the inside. > netstat -rn doesn't show the FBSD-box, but shows the other servers. > > Wat about default gateway on the FBSD-box? (defaultrouter in /etc/rc.conf) > > Peter > |
|
02-16-2008, 05:08 AM
| |||
| |||
| Re: Route problem? - More info Oh, and the default router/gateway on the FreeBSD box is 10.0.1.254. "Peter Boosten" <niemand@nergens.loc> wrote in message news:bsum1l$rfj$1@news3.tilbu1.nb.home.nl... > Struggler wrote: > > > Good thought. > > > > The internal address of the Open BSD Firewall is 10.0.1.254, with a netmask > > of 255.255.255.0 > > The FreeBSD web server is 10.0.1.251, with a netmask of 255.255.255.0 > > > > Of course, this looks OK to me. Any other stuff to consider? > > > > Looks OK to me as well.. ;-) > > Just to make an impression: > > you have an OBSD firewall, with two NICs, FBSD is on the inside. > netstat -rn doesn't show the FBSD-box, but shows the other servers. > > Wat about default gateway on the FBSD-box? (defaultrouter in /etc/rc.conf) > > Peter > |
|
02-16-2008, 05:08 AM
| |||
| |||
| Re: Route problem? - More info Struggler wrote: > You have a pretty clear picture of the problem. However, netstat -rn sheds > new light on the problem (I had been using netstat -r). > > <cut> > 10.0.1.66 0:4:76:b9:fd:db UHLc 0 3 - xl1 > 10.0.1.73 0:4:76:b7:1f:b5 UHLc 0 22 - xl1 > 10.0.1.148 2:7:1:1c:6e:3f UHLc 0 88 - xl1 > 10.0.1.251 127.0.0.1 UGHS 1 11102 33224 lo0 > <cut> > > So, the firewall thinks 10.0.1.251 can be reached through the loopback > interface. How did that happen? > > This is most helpful, by the way, thanks! > Would you show us your /etc/rc.conf? Peter |
|
02-16-2008, 05:08 AM
| |||
| |||
| Re: Route problem? - More info On the firewall, or the FreeBSD box? "Peter Boosten" <niemand@nergens.loc> wrote in message news:bsumo2$bfg$1@news4.tilbu1.nb.home.nl... > Struggler wrote: > > > You have a pretty clear picture of the problem. However, netstat -rn sheds > > new light on the problem (I had been using netstat -r). > > > > <cut> > > 10.0.1.66 0:4:76:b9:fd:db UHLc 0 3 - xl1 > > 10.0.1.73 0:4:76:b7:1f:b5 UHLc 0 22 - xl1 > > 10.0.1.148 2:7:1:1c:6e:3f UHLc 0 88 - xl1 > > 10.0.1.251 127.0.0.1 UGHS 1 11102 33224 lo0 > > <cut> > > > > So, the firewall thinks 10.0.1.251 can be reached through the loopback > > interface. How did that happen? > > > > This is most helpful, by the way, thanks! > > > > Would you show us your /etc/rc.conf? > > Peter > |
Linear Mode
