|
|
|
|
|
|
| Author |
Message |
sam
*nix forums beginner
Joined: 14 Jul 2006
Posts: 11
|
 Posted: Tue Jul 18, 2006 4:08 am Post subject:
routing issue
|
|
|
Hi,
We have a freebsd router directly connected to the Internet, behind the
freebsd router, there is a mail server. The mail server has its ethernet
port configured as 10.1.2.253 and aliased as 201.111.222.111 (pub ip)
From the other machine (eg. 10.1.2.180), sending icmp packet to
201.111.222.111 received not replies. The ping test is "hang" for very
long time and never get a reply. Is there anything wrong with this
setup? It seems that it has trouble in the connection with
201.111.222.111. How to solve this issue? I have attached some
configuration/test script in the following section.
Thanks
Sam
The network configuration is illustrated as follow,
Internet - freebsd router (10.1.2.1) - (10.1.2.253) mail server
The routing table in freebsd router(10.1.2.1) is created using command
route add 201.111.222.111 10.1.2.253
The routing table in freebsd router (10.1.2.1) is,
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
....
201.111.222.111 10.1.2.253 UGHS 0 123 fxp0
The ethernet configuration in the mail server is,
The routing table in the mail server is# ifconfig
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 10.1.2.253 netmask 0xff000000 broadcast 10.255.255.255
inet 201.111.222.111 netmask 0xffffff00 broadcast 201.111.222.255
ether 00:e0:81:31:3a:d8
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.1.2.1 UGS 0 192 bge0 |
|
| Back to top |
|
 |
sam
*nix forums beginner
Joined: 14 Jul 2006
Posts: 11
|
| Posted: Tue Jul 18, 2006 5:49 am Post subject:
Re: routing issue
|
|
|
sam wrote:
| Quote: | Hi,
We have a freebsd router directly connected to the Internet, behind the
freebsd router, there is a mail server. The mail server has its ethernet
port configured as 10.1.2.253 and aliased as 201.111.222.111 (pub ip)
From the other machine (eg. 10.1.2.180), sending icmp packet to
201.111.222.111 received not replies. The ping test is "hang" for very
long time and never get a reply. Is there anything wrong with this
setup? It seems that it has trouble in the connection with
201.111.222.111. How to solve this issue? I have attached some
configuration/test script in the following section.
Thanks
Sam
The network configuration is illustrated as follow,
Internet - freebsd router (10.1.2.1) - (10.1.2.253) mail server
The routing table in freebsd router(10.1.2.1) is created using command
route add 201.111.222.111 10.1.2.253
The routing table in freebsd router (10.1.2.1) is,
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
...
201.111.222.111 10.1.2.253 UGHS 0 123 fxp0
The ethernet configuration in the mail server is,
The routing table in the mail server is# ifconfig
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING
inet 10.1.2.253 netmask 0xff000000 broadcast 10.255.255.255
inet 201.111.222.111 netmask 0xffffff00 broadcast 201.111.222.255
ether 00:e0:81:31:3a:d8
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.1.2.1 UGS 0 192 bge0
|
"Magically", after I left it for 30 minutes, sending icmp to
201.111.222.111 works.
Does anyone know why?
Thanks
Sam |
|
| Back to top |
|
|
sam
*nix forums beginner
Joined: 14 Jul 2006
Posts: 11
|
| Posted: Tue Jul 18, 2006 11:13 pm Post subject:
Re: routing issue
|
|
|
sam wrote:
| Quote: | sam wrote:
Hi,
We have a freebsd router directly connected to the Internet, behind
the freebsd router, there is a mail server. The mail server has its
ethernet port configured as 10.1.2.253 and aliased as 201.111.222.111
(pub ip)
From the other machine (eg. 10.1.2.180), sending icmp packet to
201.111.222.111 received not replies. The ping test is "hang" for very
long time and never get a reply. Is there anything wrong with this
setup? It seems that it has trouble in the connection with
201.111.222.111. How to solve this issue? I have attached some
configuration/test script in the following section.
Thanks
Sam
The network configuration is illustrated as follow,
Internet - freebsd router (10.1.2.1) - (10.1.2.253) mail server
The routing table in freebsd router(10.1.2.1) is created
using command
route add 201.111.222.111 10.1.2.253
The routing table in freebsd router (10.1.2.1) is,
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif
Expire
...
201.111.222.111 10.1.2.253 UGHS 0 123 fxp0
The ethernet configuration in the mail server is,
The routing table in the mail server is# ifconfig
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING
inet 10.1.2.253 netmask 0xff000000 broadcast 10.255.255.255
inet 201.111.222.111 netmask 0xffffff00 broadcast 201.111.222.255
ether 00:e0:81:31:3a:d8
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif
Expire
default 10.1.2.1 UGS 0 192 bge0
"Magically", after I left it for 30 minutes, sending icmp to
201.111.222.111 works.
Does anyone know why?
Thanks
Sam
|
Hi, I also noticed that at some points when I tried to ping
201.111.222.111 from a host, I got the following replies,
# ping 201.111.222.111
PING 201.111.222.111 (201.111.222.111): 56 data bytes
36 bytes from router.abc.com (10.1.2.1): Redirect Host(New addr: 10.1.2.253)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 a635 0 0000 40 01 28e7 10.1.2.184 201.111.222.111
64 bytes from 201.111.222.111: icmp_seq=0 ttl=64 time=0.243 ms
64 bytes from 201.111.222.111: icmp_seq=1 ttl=64 time=0.226 ms
Is the above replies appeared normal?
Thanks
S |
|
| Back to top |
|
|
the other guy
*nix forums beginner
Joined: 13 May 2005
Posts: 23
|
| Posted: Wed Jul 19, 2006 4:16 am Post subject:
Re: routing issue
|
|
|
sam <samboy@chips.net> wrote:
| Quote: |
Hi, I also noticed that at some points when I tried to ping
201.111.222.111 from a host, I got the following replies,
# ping 201.111.222.111
PING 201.111.222.111 (201.111.222.111): 56 data bytes
36 bytes from router.abc.com (10.1.2.1): Redirect Host(New addr: 10.1.2.253)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 a635 0 0000 40 01 28e7 10.1.2.184 201.111.222.111
64 bytes from 201.111.222.111: icmp_seq=0 ttl=64 time=0.243 ms
64 bytes from 201.111.222.111: icmp_seq=1 ttl=64 time=0.226 ms
Is the above replies appeared normal?
Thanks
S
|
Redirects are normal if the thingy you try to ping is not
reachable via your default gateway.
I'm still trying to figure out how your network setup
has been done. Can you publish some kind of ASCII art?
Peter
--
http://www.boosten.org
Mail: peter at boosten dot org |
|
| Back to top |
|
|
the other guy
*nix forums beginner
Joined: 13 May 2005
Posts: 23
|
| Posted: Wed Jul 19, 2006 8:48 am Post subject:
Re: routing issue
|
|
|
sam <samboy@chips.net> wrote:
| Quote: | Hi,
We have a freebsd router directly connected to the Internet, behind the
freebsd router, there is a mail server. The mail server has its ethernet
port configured as 10.1.2.253 and aliased as 201.111.222.111 (pub ip)
|
This is the part I get confused (after reading your entire post).
Since you're using private IP addresses on the inside (behind the
freebsd router), why do you assign a public address to the mail server?
You could/should have resolved this with inbound NAT on your
freebsd router.
| Quote: |
From the other machine (eg. 10.1.2.180), sending icmp packet to
201.111.222.111 received not replies. The ping test is "hang" for very
long time and never get a reply. Is there anything wrong with this
setup? It seems that it has trouble in the connection with
201.111.222.111. How to solve this issue? I have attached some
configuration/test script in the following section.
|
Since the other machine knows nothing about 201.111.222.111 it assumes
this IP address is behind its 'default gateway'. Pinging 10.1.2.253
should go as expected.
| Quote: | Internet:
Destination Gateway Flags Refs Use Netif Expire
...
201.111.222.111 10.1.2.253 UGHS 0 123 fxp0
|
This is actually kinda cool, I guess. You've created a static route for
201.111.222.111 to host 10.1.2.253. This actually means that every ping from
10.1.2.180 to 201.111.222.111 goes to the default gateway 10.1.2.1, which
has to redirect your ping to 10.1.2.253. This can only work if 10.1.2.180
accepts redirect packages (this is not always the case).
So my suggestion: keep public IP addresses public (as in: use them only on
the internet) and use inbound NAT for accessing the mail server (probably only
port 25 for SMTP).
Peter
--
http://www.boosten.org
Mail: peter at boosten dot org |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Mon Dec 01, 2008 11:04 pm | All times are GMT
|
|
Discount Magazines | eBay | Horoscopes | Credit Cards | Loans
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
BSD
»
FreeBSD
