static routing
|
View:
New views
9 Messages
—
Rating Filter:
Alert me
|
 |
static routing
by beko
::
Rate this Message:
Hi,
is it possible to set static routing? I had to edit /etc/init.d/rc.local and add: route add -net ... I think this should be also in web management. |
|
|
Re: static routing
by Peter Warasin
::
Rate this Message:
hi
beko wrote: > is it possible to set static routing? > I had to edit /etc/init.d/rc.local and add: route add -net ... > I think this should be also in web management. it's currently under development peter -- :: e n d i a n :: open source - open minds :: peter warasin :: http://www.endian.it :: peter@... ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user |
|
|
Re: static routing
by Josephw
::
Rate this Message:
yeah , good question , EFW works perfectly except for static route, I had tried to add static route manually, but it didn't work. I checked everything, but still don't know what happend. Before EFW finish development, Is there any SOP of adding static routes ? |
|
|
Re: static routing
by Patricio A. Bruna
::
Rate this Message:
What problems do you have with statict routing?
> > Peter Warasin wrote: > hi beko wrote: > is it possible to set static routing? > I had to > edit /etc/init.d/rc.local and add: route add -net ... > I think > this should be also in web management. it's currently under > development peter -- :: e n d i a n :: open source - open minds :: > peter warasin :: http://www.endian.it :: peter@... > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, > security? Get stuff done quickly with pre-integrated technology to > make your job easier Download IBM WebSphere Application Server > v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ Efw-user mailing > list Efw-user@... > https://lists.sourceforge.net/lists/listinfo/efw-user > > yeah , good question , EFW works perfectly except for static route, I > had tried to add static route manually, but it didn't work. I checked > everything, but still don't know what happend. Before EFW finish > development, Is there any SOP of adding static routes ? > ------------------------------------------------------------------------ > View this message in context: Re: static routing > <http://www.nabble.com/static-routing-tf2115612.html#a6488957> > Sent from the efw-user <http://www.nabble.com/efw-user-f4485.html> > mailing list archive at Nabble.com. > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > ------------------------------------------------------------------------ > > _______________________________________________ > Efw-user mailing list > Efw-user@... > https://lists.sourceforge.net/lists/listinfo/efw-user > -- Patricio Bruna V. Red Hat Certified Engineer IT Linux Ltda. http://www.it-linux.cl Fono : (+56-2) 333 0051 Cel : (+56-09) 8288 5195 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user |
|
|
Re: static routing
by Josephw
::
Rate this Message:
ok Here is the network diagram Internet | | IP_A [EFW] ip_a | | LAN_A | | [cisco router] | | LAN_B | | ip_b[PC1] 1.I want to make PC1 be able to connect to the internet via EFW 2.I added the route for reaching LAN_B on EFW 3. I added the default route for accessing the internet on cisco router. 4.I added firewall policy which allows nods on LAN_B accessing the internet 5. The nodes on LAN_A could reach the internet. 6.I could ping EFW/ip_a from PC1 7. I also could ping PC1 with source ip EFW/ip_a 8. But I could not ping IP_A and other ip addresses in the internet from PC1 9.I used command tcpdump to observe icmp packets while I ping from PC1 to internet ip. there are always two related packets like below ICMP reply Destination -> IP_A ICMP reply Destination -> ip_b compare with ping from nodes on LAN_A , there's no 2nd ICMP reply packet. thanks for help |
|
|
Re: static routing
by Patricio A. Bruna
::
Rate this Message:
I think you have to add a "routeback" rules for ping from IP_B(PC1) to IP_A. I had a similar setup, but with 17 subnets.
What i do was: iptables -I FORWARD 1 -s IP_NETWORK_B/NETMASK -d IP_NETWORK_A/NETMASK -i br0 -o br0 -j ACCEPT iptables -I FORWARD 1 -d IP_NETWORK_B/NETMASK -s IP_NETWORK_A/NETMASK -i br0 -o br0 -j ACCEPT i had to put those lines in /etc/init.d/rc.local ----- Original Message ----- From: Josephw <josephw@...> To: efw-user@... Sent: martes 26 de septiembre de 2006 23H35 GMT-0400 Subject: Re: [Efw-user] static routing Patricio Bruna V.-2 wrote: > > What problems do you have with statict routing? > ok Here is the network diagram Internet | | IP_A [EFW] ip_a | | LAN_A | | [cisco router] | | LAN_B | | ip_b[PC1] 1.I want to make PC1 be able to connect to the internet via EFW 2.I added the route for reaching LAN_B on EFW 3. I added the default route for accessing the internet on cisco router. 4.I added firewall policy which allows nods on LAN_B accessing the internet 5. The nodes on LAN_A could reach the internet. 6.I could ping EFW/ip_a from PC1 7. I also could ping PC1 with source ip EFW/ip_a 8. But I could not ping IP_A and other ip addresses in the internet from PC1 9.I used command tcpdump to observe icmp packets while I ping from PC1 to internet ip. there are always two related packets like below ICMP reply Destination -> IP_A ICMP reply Destination -> ip_b compare with ping from nodes on LAN_A , there's no 2nd ICMP reply packet. thanks for help -- View this message in context: http://www.nabble.com/static-routing-tf2115612.html#a6519965 Sent from the efw-user mailing list archive at Nabble.com. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user |
|
|
Re: static routing
by Josephw
::
Rate this Message:
I spent entire day to try what you wrote, but it dosen't still work.
eventhough this , the situation is kind of different from before. here is my lab PC(210.17.1.2/24) | | eth1(210.17.1.1/24) [EFW] br0(192.168.3.89/24) | | e0/0(192.168.3.100/24) [cisco router] loop0(192.168.4.100/24) configuration: [EFW] 1.allow all traffic from Green interface to RED interface 2.disable proxy 3. iptables -I FORWARD 1 -s 192.168.4.0/24 -d 0.0.0.0/0 -j ACCEPT iptables -I FORWARD 1 -d 192.168.4.0/24 -s 0.0.0.0/0 -j ACCEPT 4. Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.3.0 * 255.255.255.0 U 0 0 0 br0 210.17.1.0 * 255.255.255.0 U 0 0 0 eth1 192.168.4.0 192.168.3.100 255.255.255.0 UG 0 0 0 br0 default 210.17.1.254 0.0.0.0 UG 0 0 0 eth1 symptom 1.cisco router source 192.168.3.100 -->ping-->pc ok 2.EFW source 192.168.3.89--> ping --> 192.168.4.100 ok 3.cisco router source 192.168.4.100 -->ping->pc failed tcpdump -n -p icmp -i br0 IP 192.168.4.100 > 210.17.1.2: icmp 80: echo request seq 1280 IP 192.168.4.100 > 210.17.1.2: icmp 80: echo request seq 1280 IP 192.168.4.100 > 210.17.1.2: icmp 80: echo request seq 1280 IP 192.168.4.100 > 210.17.1.2: icmp 80: echo request seq 1280 IP 192.168.4.100 > 210.17.1.2: icmp 80: echo request seq 1280 tcpdump -n -p icmp -i eth1 IP 210.17.1.1> 210.17.1.2: icmp 80: echo request seq 1280 IP 210.17.1.2> 210.17.1.1: icmp 80: echo reply seq 1280 IP 210.17.1.1> 210.17.1.2: icmp 180: host 192.168.4.100 unreachable ... thanks for help
|
|
|
Re: static routing
by Peter Warasin
::
Rate this Message:
hi
Josephw wrote: > I spent entire day to try what you wrote, but it dosen't still work. > eventhough this , the situation is kind of different from before. > here is my lab i think you run into the same problem, i always run if something does not work with a hop behind green. try this: ip rule add prio 5 to 192.168.4.0/24 lookup main our module which does loadbalancing of multiple red interfaces introduced a tricky routing configuration. each connection leaving the red interface will be marked by iptables mangle and then redirected to a separate routknkg table (ip route show table 200) in order to always leave the same interface even if the routing decision for that host will change due to expiration of the routing cache. the line above just says to look to the main routing table even if the connection is marked. otherwise the packets to local networks will also leave the red interface instead of green. hope this helps peter -- :: e n d i a n :: open source - open minds :: peter warasin :: http://www.endian.it :: peter@... ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user |
|
|
Re: static routing
by Josephw
::
Rate this Message:
hi
I solved the problem with your suggestion ! Thanks alot
|
| Free embeddable forum powered by Nabble | Forum Help |
