|
|
| help needed with routed problem |
 
Brazil |
2007-05-28 09:21:02 |
Hi,
I am trying to set up multi-homed a firewall with OpenBSD
4.1 stable.
Basically, we have 3 network interfaces: sk0, sk1 and vr0.
SK0 is used for the internal LAN and is configured via
hostname.sk0
as follows:
inet 150.161.3.1 255.255.255.0 NONE description "Rede
Interna"
inet alias 150.161.3.100 255.255.255.255 150.161.3.100
inet alias 150.161.9.1 255.255.255.0 NONE
SK0 is used for the external interface and is configured
this way:
inet 150.161.200.3 255.255.255.0 NONE description
"Backbone UFPE"
And vr0 is used for the wireless network and is configured
like:
inet 172.16.255.1 255.255.255.0 NONE description "Rede
Wireless"
I have set up IP forwarding
net.inet.ip.forwarding=1 # 1=Permit forwarding
(routing) of
IPv4 packets
I start routed from rc.conf.local via:
routed_flags="-s"
My default gateway is 150.161.200.22
For some reason, the conectivity keeps going up and down. I
noticed the
following messages:
May 25 18:00:15 gw-int routed[8019]: Send bcast sendto(vr0,
172.16.255.255.520): No route to host
May 25 18:00:15 gw-int routed[8019]: Send bcast sendto(sk1,
150.161.200.255.520): No route to host
May 25 18:00:15 gw-int routed[8019]: Send bcast sendto(sk0,
150.161.3.255.520):No route to host
I told PF to log all blocked packets and I did not see
anything related to
routed.
I would be grateful to anyone who helped me to discover what
I am doing
wrong.
Regards,
H
------------------------------------------------------------
----
This message was sent from 30Gigs.com. If you believe that
this
message is unsolicited [SPAM] in nature, please send the
complete
SMTP headers to abuse 30gigs.com and we will take immediate
action to rectify the problem.
|
|
| Re: help needed with routed problem |
 
United Kingdom |
2007-05-28 13:07:45 |
On 2007/05/28 07:21, hbritope30gigs.com wrote:
> I start routed from rc.conf.local via:
routed is an old RIP daemon. you almost certainly don't want
it.
|
|
| Re: help needed with routed problem |
Brazil |
2007-05-29 07:16:31 |
Hi,
Thanks for your reply.
Quoting Stuart Henderson <stuspacehopper.org>:
> routed is an old RIP daemon. you almost certainly don't
want it.
Do you know of any other way to publish/learn RIPv1
advertisements ?
I wish ripd would deal with this, but it seems that it
doesn't.
Regards,
H
------------------------------------------------------------
----
This message was sent from 30Gigs.com. If you believe that
this
message is unsolicited [SPAM] in nature, please send the
complete
SMTP headers to abuse30gigs.com and we will take immediate
action to rectify the problem.
|
|
| Re: help needed with routed problem |
|
2007-05-29 07:53:12 |
On 2007/05/29 05:16, hbritope30gigs.com wrote:
>> routed is an old RIP daemon. you almost certainly
don't want it.
>
> Do you know of any other way to publish/learn RIPv1
advertisements ?
> I wish ripd would deal with this, but it seems that it
doesn't.
good job I said 'almost', then (-: I am under the impression
some
people see the name 'routed' and think they need it in order
to route
packets, but if you know you need it, that's different.
>>> I told PF to log all blocked packets and I did
not see anything related
>>> to routed.
for a test, can you try disabling PF? if it helps, maybe
try
something like 'pass quick proto udp to port 520 no state'
fairly
early.
|
|
| Re: help needed with routed problem |
|
2007-05-29 09:42:33 |
On Tue, May 29, 2007 at 05:16:31AM -0700, hbritope30gigs.com wrote:
> Hi,
>
> Thanks for your reply.
>
> Quoting Stuart Henderson <stuspacehopper.org>:
>
> >routed is an old RIP daemon. you almost certainly
don't want it.
>
> Do you know of any other way to publish/learn RIPv1
advertisements ?
> I wish ripd would deal with this, but it seems that it
doesn't.
>
Who is sending you RIPv1 packets? RIPv1 does not even
support CIDR
addressing so you should better switch to RIPv2.
Btw. when you use routed you need to either remove the 224/4
blackhole
route or better add a host route to 224.0.0.9 like
route add 224.0.0.9 127.0.0.1
ripd does this for you but routed most probably not.
--
:wq Claudio
|
|
| Re: help needed with routed problem |
|
2007-05-29 11:58:22 |
I'm scared. You need to use ripv1 as opposed to ripv2 and
support network masks?
On 5/29/07, hbritope30gigs.com <hbritope30gigs.com> wrote:
> Hi,
>
> Thanks for your reply.
>
> Quoting Stuart Henderson <stuspacehopper.org>:
>
> > routed is an old RIP daemon. you almost certainly
don't want it.
>
> Do you know of any other way to publish/learn RIPv1
advertisements ?
> I wish ripd would deal with this, but it seems that it
doesn't.
>
> Regards,
>
> H
>
>
>
------------------------------------------------------------
----
> This message was sent from 30Gigs.com. If you believe
that this
> message is unsolicited [SPAM] in nature, please send
the complete
> SMTP headers to abuse30gigs.com and we will take
immediate
> action to rectify the problem.
|
|
| Re: help needed with routed problem |
Brazil |
2007-05-29 12:36:36 |
Hi,
Thanks for your message.
Quoting Nick Davey <ndavey3cogeco.ca>:
> I'm scared. You need to use ripv1 as opposed to ripv2
and support
> network masks?
Unfortunatelly, I think I have no options here. This a
university
network, and this is the only way any department has to join
the
backbone. Every router speaks RIPv1 (some of them, probably
most of
them, only speak or listen to that) in order to publish
their routes.
Regards,
H
------------------------------------------------------------
----
This message was sent from 30Gigs.com. If you believe that
this
message is unsolicited [SPAM] in nature, please send the
complete
SMTP headers to abuse30gigs.com and we will take immediate
action to rectify the problem.
|
|
| Re: help needed with routed problem |
|
2007-05-29 12:56:08 |
On Tue, May 29, 2007 at 10:36:36AM -0700, hbritope30gigs.com wrote:
> Hi,
>
> Thanks for your message.
>
> Quoting Nick Davey <ndavey3cogeco.ca>:
>
> >I'm scared. You need to use ripv1 as opposed to
ripv2 and support
> >network masks?
>
> Unfortunatelly, I think I have no options here. This a
university
> network, and this is the only way any department has to
join the
> backbone. Every router speaks RIPv1 (some of them,
probably most of
> them, only speak or listen to that) in order to publish
their routes.
>
You need to be kidding. RIPv1 to connect you to a campus
network.
What are they running, IMPs?
Oh wait, I forgot it's porbably the academics that like to
see split
horizon and count to infinity issues in real life. Maybe
they even enabled
source routing on all routers. Yuck!..
--
:wq Claudio
|
|
| Re: help needed with routed problem |
Brazil |
2007-05-29 12:57:03 |
The main point here is that I most likely need RIPv1. It
used to work
with OpenBSD 4.0. I still need to publish using RIPv1,
otherwise I
(actually, the firewall) will not be understood.
Would the the zebra package be a relatively safe
alternative?
Regards,
H
------------------------------------------------------------
----
This message was sent from 30Gigs.com. If you believe that
this
message is unsolicited [SPAM] in nature, please send the
complete
SMTP headers to abuse30gigs.com and we will take immediate
action to rectify the problem.
|
|
| Re: help needed with routed problem |
 
Taiwan |
2007-05-29 21:47:16 |
hbritope30gigs.com wrote:
> Would the the zebra package be a relatively safe
alternative?
Zebra should work but you'd be better off just following
Claudio's
advice and use routed.
Of course, when your campus network is using RIPv1 in 2007
(seriously,
wtf? Did the admin fall asleep 20 years ago?) you have way
more pain
coming your way then making routed work.
---
Lars Hansson
|
|