[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Routing Problem - Need Help

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Routing Problem - Need Help
From: Simon Slaytor <sslaytor_(_at_)_iom_(_dot_)_com>
Date: Wed, 23 Feb 2005 18:15:00 +0000

Hi Folks,

I'm wondering if any of your guys in the know can shed some light on
this little problem.

OpenBSD 3.6 Stable, configured as a Firewall/Router

2 Interface Cards XL0 XL1 configured as follows

XL0 (Internal LAN)
Ip - 10.190.50.99 / 255.255.0.0

XL1 (External WAN)
Ip - 10.190.0.254 / 255.255.255.0
GW - 10.190.0.100

Ok so as you can see the two network 10.190 & 10.190.0 and VERY similar
in their ip addresses.

I currently do not have any PF rules configured and routing is OFF.

When I configure my two hostname files as per the above addresses doing
an ifconfig -a confirms that both cards have been assigned the correct
addresses.

However if I do a route show the routing table only shows 1 entry for
the cards as follows

10.190/16	LINK#1	UC	XL0

I can ping any host on my internal network, however when I try and ping
the external default gateway 10.190.0.100 connected to XL1 or the
10.190.0.254 address of the interface itself I get a host is down
message.

Re running route show after issuing the ping command shows the following
additional line indicating that the packet is being sent out of the xl0
interface.

10.190.0.100	LINK#1  UHLc XL0

Ok so I know that the remote network beyond the 10.190.0.100 gateway is
10.232.14.0 after deleting the host route of 10.190.0.100 and the
default gateway from the routing table I added a new route using the
following.

route add -net 10.232.14.0 -netmask 255.255.255.0 10.190.0.100 -ifp xl1

Now when I do a route show I find the following line is now listed.

10.232.14/24	10.190.0.100	UGS	XL1

However if I now ping a host on the 10.212.14 network I get a 'host is
down' message and the host 10.190.0.100 LINK#1 XL0 routing table entry
returns.

Unfortunately I have no control over the Internal or External IP
addressing schemes. I currently have everything working using a Linux
2.4 box but would like to move to PF as my firewall over iptables.

Any help that you guys can give sorting out this problem would be very
much appreciated.

Simon

P.S. If I change the internal address to say 10.191.50.99 everything
works as expected so it's literally down to the IP addresses and how
routed handles them.

Follow-Ups:
- Re: Routing Problem - Need Help
  - From: Karsten McMinn
- Re: Routing Problem - Need Help
  - From: Jason Opperisano

Prev by Date: Re: Part 4: In which I confess to Attempted Murder
Next by Date: Re: Routing Problem - Need Help
Previous by thread: Re: /dev/sound always records 4 bytes per sample? (3.5 auich ac97)
Next by thread: Re: Routing Problem - Need Help
Index(es):
- Date
- Thread

Visit your host, monkey.org