From owner-freebsd-questions Wed Jan 22 5:48:55 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 435CB37B405 for ; Wed, 22 Jan 2003 05:48:53 -0800 (PST) Received: from mail.adelphia.net (pa-plum1b-166.pit.adelphia.net [24.53.161.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 13D1A43F3F for ; Wed, 22 Jan 2003 05:48:52 -0800 (PST) (envelope-from wmoran@potentialtech.com) Received: from potentialtech.com ([172.16.0.95]) by mail.adelphia.net (8.12.3/8.12.3) with ESMTP id h0MDoCko001876; Wed, 22 Jan 2003 08:50:12 -0500 (EST) (envelope-from wmoran@potentialtech.com) Message-ID: <3E2EA138.5040306@potentialtech.com> Date: Wed, 22 Jan 2003 08:48:40 -0500 From: Bill Moran User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021127 X-Accept-Language: en-us, en MIME-Version: 1.0 To: twig les Cc: freebsd-questions@freebsd.org Subject: Re: routing problem on 4.7 release References: <20030122023501.75590.qmail@web10106.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG twig les wrote: > Hey all, I have a 4.7 release box that needs to cvsup > its ports. The problem is that this box never sees > the outside world normally; it does IDS on an IP-less > interface and of course has a backnet interface. So > basically I added a temporary IP address to this box, > edited my /etc/cvsupfile to use the IP address of the > cvs server (to avoid dealing with DNS), added a few > lines in IPFW and then used the route command to force > packets out the correct interface. > > The problem is that packets destined for the legal > gateway (I'll call it 1.1.1.1) are still going out the > backnet interface. So if I ping 1.1.1.1, I can sit > and watch access-list denies show up as the backnet > interface tries to ping an IP that isn't even > reachable. The fact that these pings are getting out > tells me that IPFW isn't the problem and that the > route table is screwed up. > > Please chime in if anyone has an answer, all I need to > do is add a static route temporarily. > > My config looks like this below. As you may notice, I > even tried adding a route to 1.1.1.1 out the specific > interface "route -n add 1.1.1.1/26 -interface ti0". > > mas01# netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 10.20.0.1 UGSc 7 56 fxp0 > 10.20/25 link#1 UC 2 0 fxp0 > 10.20.0.1 00:00:0c:07:ac:60 UHLW 5 4 fxp0 1196 > 10.20.0.14 00:60:ab:03:7d:2f UHLW 0 0 fxp0 938 > 1.1.1.1/32 00:00:00:00:00:00 ULSc 0 12 ti0 > 1.1.1.1/26 link#2 UC 0 0 ti0 > 127.0.0.1 127.0.0.1 UH 0 604 lo0 > 165.64.255/24 1.1.1.1 UGSc 0 0 fxp0 > 208.185.175.214/32 1.1.1.1 UGSc 1 0 fxp0 Ouch ... please configure your mailer so it doesn't wrap netstat -rn output. I feel like I'm decyphering a secret code. I'm a little confused by your explanation. I thought 1.1.1.1 was the IP of the gateway you want to use? My suggestion might be bogus, since I'm not 100% sure I understand, but try this: ifconfig ti0 inet 1.1.1.1 netmask 255.255.255.0 Set the IP address on the gateway to 1.1.1.2 route delete default route add default 1.1.1.2 If you really want 10.20.0.1 to be your default route, add it back in after the cvsup is done: route delete default route add default 10.20.0.1 Note that this might disrupt services not on the local network during the cvsup, so it might not be the solution you really want. But if it works, you'll be one step closer to a real solution. Do you have additional machines off fxp0 that this machine needs to go through a gateway to access? -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message