Re: ipfilter openbsdrouter router/gateway

From: Lasse Stig Thomsen (none@lasse--tt-trading.dk.lh.bsd-dk.dk)
Date: Mon 25 Aug 2003 - 22:59:28 CEST

Next message: Henrik Lund Kramshøj: "Re: ipfilter openbsdrouter router/gateway"
Previous message: Hack Kampbjorn: "Re: ipfilter openbsdrouter router/gateway"
Maybe in reply to: Lasse Stig Thomsen: "ipfilter openbsdrouter router/gateway"
Next in thread: Hack Kampbjorn: "Re: ipfilter openbsdrouter router/gateway"
Reply: Hack Kampbjorn: "Re: ipfilter openbsdrouter router/gateway"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Date: Mon, 25 Aug 2003 22:59:28 +0200
From: Lasse Stig Thomsen <none@lasse--tt-trading.dk.lh.bsd-dk.dk>
To: "bsd-novice@bsd-dk.dk" <none@bsd-novice--bsd-dk.dk.lh.bsd-dk.dk>
Subject: Re: ipfilter openbsdrouter router/gateway

> 193.168.1.2 er ikke en delen af de IP-adresser reserveret til interne netværk
> bruge (ikke offentlig tilgængelige på internettet) i RFC1918.
>
> Med mindre at du har fået hele det subnet af RIPE burde du holde dig til RFC1918
> adresser til dit private LAN.
>

Yes det opdagede jeg. Så jeg har rettet den til 10.0.1.2 som der skulle være en RFC1918 ip.
> >
> dine klienter kan muligvis ikke route traffik til dit xl0 interface? Din router
> tror den skal route svare via the eksterne interface?

I første omgang vil jeg blot kunne tilgå min maskine via det interne interface. DVS jeg prøver at lave en ssh 10.0.1.2 og så kunne logge ind igennem det, men så timer den bare ud.

>
> Har du fra din router adgang til internettet? Ligner ja.

Yes den kan fint komme på nettet nu.

> Har du fra din router adgang til dinne klienter?

jeg kan ikke pinge mine win2k klienter fra routeren/openbsd'en, hvis jeg prøver at pinge så får jeg et 100% packetloss.

> Har du fra dinne klienter adgang til routeren?

Jeg kan via putty logge på routeren/openbsd'en hvis jeg skriver ip'en på det externe netkort eller skriver min globale ip. Hvis jeg prøver at bruge det interne netkort så timer den ud.

> Har du fra dine klienter adgang til internettet?

Ja og nej. Jeg had adgang når jeg sætter min gamle speedstream router op, ellers ikke.

> Det ville hjælpe vide hvilken IP adresser dine interface har og hvordan din
> routing tabel ser ud.
ifconfig -a

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
lo1: flags=8008<LOOPBACK,MULTICAST> mtu 33224
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:50:da:ee:cd:3c
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 10.0.1.2 netmask 0xffffff00 broadcast 10.0.1.255
        inet6 fe80::250:daff:feee:cd3c%xl0 prefixlen 64 scopeid 0x1
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:02:b3:8e:92:38
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::202:b3ff:fe8e:9238%fxp0 prefixlen 64 scopeid 0x2
        inet 192.168.1.8 netmask 0xffffff00 broadcast 192.168.1.255
pflog0: flags=0<> mtu 33224
pfsync0: flags=0<> mtu 2020
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
tun0: flags=10<POINTOPOINT> mtu 3000
tun1: flags=10<POINTOPOINT> mtu 3000
enc0: flags=0<> mtu 1536
bridge0: flags=0<> mtu 1500
bridge1: flags=0<> mtu 1500
vlan0: flags=0<> mtu 1500
        address: 00:00:00:00:00:00
vlan1: flags=0<> mtu 1500
        address: 00:00:00:00:00:00
gre0: flags=9010<POINTOPOINT,LINK0,MULTICAST> mtu 1450
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

bash# route -n show
Routing tables

Internet:
Destination Gateway Flags
default 192.168.1.1 UG
10.0.1.0 link#1 U
127.0.0.0 127.0.0.1 UG
127.0.0.1 127.0.0.1 UH
192.168.1.0 link#2 U
192.168.1.1 0:20:ea:bf:62:1a UH
192.168.1.6 0:10:4b:9e:77:28 UH
192.168.1.8 127.0.0.1 UGH
224.0.0.0 127.0.0.1 U

Internet6:
Destination Gateway Flags
default ::1 UG
default ::1 UG
::1 ::1 UH
::127.0.0.0 ::1 UG
::224.0.0.0 ::1 UG
::255.0.0.0 ::1 UG
::ffff:0.0.0.0 ::1 UG
2002:: ::1 UG
2002:7f00:: ::1 UG
2002:e000:: ::1 UG
2002:ff00:: ::1 UG
fe80:: ::1 UG
fe80::%xl0 link#1 U
fe80::250:daff:feee:cd3c%xl0 0:50:da:ee:cd:3c UH
fe80::%fxp0 link#2 U
fe80::202:b3ff:fe8e:9238%fxp0 0:2:b3:8e:92:38 UH
fe80::%lo0 fe80::1%lo0 U
fe80::1%lo0 link#6 UH
fec0:: ::1 UG
ff01:: ::1 U
ff02::%xl0 link#1 U
ff02::%fxp0 link#2 U
ff02::%lo0 ::1 U

sysctl net.inet.ip.forwarding den har jeg sat til.

> Og lign. på dinne klienter.

Min klienter er win2k maskiner.

MVH: Lasse Stig Thomsen

Next message: Henrik Lund Kramshøj: "Re: ipfilter openbsdrouter router/gateway"
Previous message: Hack Kampbjorn: "Re: ipfilter openbsdrouter router/gateway"
Maybe in reply to: Lasse Stig Thomsen: "ipfilter openbsdrouter router/gateway"
Next in thread: Hack Kampbjorn: "Re: ipfilter openbsdrouter router/gateway"
Reply: Hack Kampbjorn: "Re: ipfilter openbsdrouter router/gateway"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:25:08 CET