From owner-freebsd-questions@FreeBSD.ORG Thu Feb 8 13:34:42 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4CDB716A51C for ; Thu, 8 Feb 2007 13:34:38 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.freebsd.org (Postfix) with ESMTP id D772C13C481 for ; Thu, 8 Feb 2007 13:34:37 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from vanquish.pgh.priv.collaborativefusion.com (vanquish.pgh.priv.collaborativefusion.com [192.168.2.61]) (SSL: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Thu, 08 Feb 2007 08:34:37 -0500 id 00056405.45CB26ED.000153AC Date: Thu, 8 Feb 2007 08:34:36 -0500 From: Bill Moran To: George.Vanev@gmail.com Message-Id: <20070208083436.14bcef3f.wmoran@collaborativefusion.com> In-Reply-To: <6f4f57f60702080514n388e435fmfa7d46e10723be77@mail.gmail.com> References: <6f4f57f60702080210m5d3ffbc1o33105f1b75564963@mail.gmail.com> <20070208080613.9eb65d64.wmoran@collaborativefusion.com> <6f4f57f60702080514n388e435fmfa7d46e10723be77@mail.gmail.com> Organization: Collaborative Fusion X-Mailer: Sylpheed 2.3.0 (GTK+ 2.10.7; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: FreeBSD Questions Subject: Re: Routing problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2007 13:34:43 -0000 In response to "George Vanev" : > On 2/8/07, Bill Moran wrote: > > > > In response to "George Vanev" : > > > > > I have FreeBSD 6.2 box with 1 NIC and 2 IPs. > > > The first IP is to access internet, the second > > > is for the ISP's LAN. > > > Unfortunately I have internet, but no access to > > > the other network. > > > > > > I made a test. I assigned to the NIC only the local > > > IP and removed the defaultrouter. Then, of course, > > > I have no internet but was able to access the ISP's > > > network. > > > > > > I've tried everything I know, but still nothing > > > > Consider providing more details, such as the output of ifconfig and > > netstat -rn. > > > > Sure sounds like a routing issue, but I doubt anyone can say anything > > more without details. > > You are right. > > ifconfig > ---------- > rl0: flags=8843 mtu 1500 > options=8 > inet 212.25.37.96 netmask 0xffffff00 broadcast 212.25.37.255 > inet 192.168.67.41 netmask 0xfffffc00 broadcast 192.168.67.255 > ether 00:17:31:e7:92:18 > media: Ethernet autoselect (100baseTX ) > status: active > rl1: flags=8843 mtu 1500 > options=8 > inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 > ether 00:50:bf:d5:f1:33 > media: Ethernet autoselect (100baseTX ) > status: active > plip0: flags=108810 mtu 1500 > lo0: flags=8049 mtu 16384 > inet 127.0.0.1 netmask 0xff000000 > > > > > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 212.25.37.1 UGS 0 458268 rl0 > 10/24 link#2 UC 0 0 rl1 > 10.0.0.2 00:15:60:ae:f7:61 UHLW 1 231827 rl1 922 > 10.0.0.3 00:17:08:2d:08:26 UHLW 1 1686 rl1 1004 > 10.0.0.255 ff:ff:ff:ff:ff:ff UHLWb 1 67 rl1 > 127.0.0.1 127.0.0.1 UH 0 0 lo0 > 192.168.64/22 link#1 UC 0 0 rl0 > 192.168.64.1 00:02:a5:90:a9:b6 UHLW 1 0 rl0 1200 > 192.168.64.3 00:17:08:58:83:8d UHLW 1 0 rl0 1113 > 212.25.37 link#1 UC 0 0 rl0 > 212.25.37.1 00:02:a5:90:a9:b6 UHLW 2 0 rl0 1195 > In this case I can't access nothing from 192.168.64/22 Nothing? You're able to arp 192.168.64.1 and 192.168.64.3, can you ping them? Since you have an RFC-1918 address on both the inside and the outside, I assume you're running nat on this machine to translate internal machine traffic. It looks like you have all the routes you need, so my _guess_ at this point is that when the public address is up, the nat is preventing traffic from going out that interface without being translated. Once it has a public address, it can't route properly on the 192.168.64/22 space. Have a look at what you're using for nat. If you can't see anything obviously at odds, post your nat/firewall/related config. -- Bill Moran Collaborative Fusion Inc.