Date: Tue, 3 Dec 2002 11:38:15 -0600 From: "Lewis Watson" <lists@visionsix.com> To: "freebsd-net" <freebsd-net@FreeBSD.org> Subject: Re: FreeBSD Gateway Question / Problem Message-ID: <00b301c29af2$c27f9720$a977ca41@yogi> References: <005d01c297dc$6939f340$a977ca41@yogi><3DE8745D.8030201@ccrle.nec.de> <000e01c29850$ae535e20$a977ca41@yogi> <1038684192.13717.7.camel@nivomede.internal.lustygrapes.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry for the lengthy delay and thank you all for the responses. I think the response below explains what was happening because the entire Internet could find the way to the new network, all hosts on my network could as well except for the linux machines. Once I set a static route for the linux machines they could find it too. Thanks. Lewis ----- Original Message ----- From: "Brian McDonald" <brianmcd@columbus.rr.com> To: "Lewis Watson" <lists@visionsix.com> Sent: Saturday, November 30, 2002 1:23 PM Subject: Re: FreeBSD Gateway Question / Problem > You might check to see if the machines are using a different policy for > icmp redirects. When a gateway receives a packet destined for a network > who's next hop is on the same interface the packet came in on, it can > issue an ICMP redirect message to the sender, instructing it who the > next hop is, thus preventing the expense of having the packet traverse > the LAN twice. Some machines listen to these, but some don't, since it > can be a security problem on unsecured (border/external) networks. > > If the gateway is sending a redirect and not forwarding the packet (most > do this) and the linux box isn't accepting the redirect but the BSD and > Windows machines are, you'd see exactly the behavior you describe. You > can check the value of the sysctl net.inet.icmp.drop_redirect, which is > 0 (accept them) on my 4.7 box. If you change that to 1, and the BSD > boxes lose contact with your interior network (might take a while for > it's learned routes to disappear) then you have some good evidence. > > Unfortunately, I'm not super-up-to-date on how to check the behavior > with respect to redirects in linux, but you should be able to google > around for more information. I believe Windows listens to them by > default. > > Brian > > On Sat, 2002-11-30 at 04:13, Lewis Watson wrote: . I went > > ahead and did a route add for each linux machine (there were three) now they > > can find the new network as if nothing was wrong. I am still just really > > confused about it. Maybe they have to have a static route entered even > > though the router for the old network knows where the new network is.... I > > have tried every host over the Internet and all seem to find the new network > > hosts ok.... See below for a simple layout.... > > > > Internet --- Old Network --- New Network > > | > > | > > Another Network > > > > > > Anyways, Any other ideas? > > Thank you for your time and thoghts, > > Lewis > > > > > > > > > > Lewis Watson wrote: > > > > Hello, > > > > I am currently trying to add another /24 network to my existing network > > with > > > > a FreeBSD machine as the gateway to it. Currently, I have a /24 network > > > > connected to the Internet w/ a cisco router. I have specified to the > > cisco > > > > router that the new /24 network is connected to 192.168.0.14, which is > > the > > > > external ip address of the bsd gateway machine. The internal ip address > > for > > > > that machine is 192.168.1.1. which is what I have specified to all > > systems > > > > on > > > > the new network as the gateway. > > > > > > > > I thought I had everything exactly the way it should be, except that > > > > specifically my Linux machines on the old network cannot find the new > > > > network at all. My windows machines on the old network can find the new > > > > network. The bsd machines on the old network can find the new network. > > Other > > > > non-Linux machines on the Internet can find the new network. The > > machines on > > > > the new network can find everything but the linux machines on the old > > > > network. It appears that only Linux machines cannot figure out where the > > new > > > > network is and I am not so sure that I have set up the bsd gateway > > properly. > > > > Its only one static route that has to be added so I think that routed > > and > > > > certainly gated is overkill. > > > > > > > > Please tell me what I need other than to specify enable_gateway="YES". I > > > > have tried enable_firewall="YES" and set it to "open" but yet I still am > > > > having these problems. What do I need to add here to get this going? > > > > Thanks. > > > > Lewis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00b301c29af2$c27f9720$a977ca41>