unable to communicate using external interface

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

unable to communicate using external interface

Chris Larsen-3
Hi, I just replaced one openbsd box with another , same network configuation, except went from 3.4 to 4.4. I have about 8 years experience building openbsd firewalls and mail filter servers but can't figure this one out. Since there's not a concise error I am having a hard time finding any resolutions through forums and newsgroups. I'm hoping someone can help steer me in the right direction. Thank you in advance.

THE CHALLENGE:
I can ping with the internal interface just fine and I can ping the address of the external interface just fine but cannot ping the other external addresses nor the gateway. There is no output at all with the ping. It would sit there forever without a single error.

BACKGROUND:
My cisco IAD is in bridged mode and my provider has given me 5 addresses. 4 are on 2 other servers and 1 is for this server. As I mentioned, the address was being used just fine prior to my new installation. PF is not running yet although I did turn on ip forwarding in sysctl.conf. This is a default install with nothing on it yet. I haven't even copied over the ports tree yet.

CONFIGS:
# cat /etc/hostname.rl0
inet 74.7.170.234 255.255.255.248 NONE

# netstat -rn
Routing tables

# cat /etc/mygate
74.7.170.233

Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default 74.7.170.233 UGS 0 28 - 48 rl0
74.7.170.232/29 link#1 UC 1 0 - 48 rl0
74.7.170.233 link#1 UHLc 1 107 - 48 rl0
127/8 127.0.0.1 UGRS 0 0 33204 48 lo0
127.0.0.1 127.0.0.1 UH 1 0 33204 48 lo0
192.168.168/24 link#2 UC 7 0 - 48 fxp0
192.168.168.2 00:30:48:21:c4:e0 UHLc 0 0 - 48 fxp0
192.168.168.5 00:08:02:c5:60:38 UHLc 0 1 - 48 fxp0
192.168.168.7 00:11:0a:9c:06:03 UHLc 1 8116 - 48 fxp0
192.168.168.8 00:04:4b:04:10:62 UHLc 1 71 - 48 fxp0
192.168.168.23 00:09:5b:af:31:a8 UHLc 0 307 - 48 fxp0
192.168.168.106 00:1f:e1:45:25:90 UHLc 0 3 - 48 fxp0
192.168.168.119 00:02:3f:fe:38:90 UHLc 1 111 - 48 fxp0
224/4 127.0.0.1 URS 0 0 33204 48 lo0

# ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33204
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:10:b5:f5:64:cf
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 74.7.170.234 netmask 0xfffffff8 broadcast 74.7.170.239
inet6 fe80::210:b5ff:fef5:64cf%rl0 prefixlen 64 scopeid 0x1
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:07:e9:d6:27:8e
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.168.1 netmask 0xffffff00 broadcast 192.168.168.255
inet6 fe80::207:e9ff:fed6:278e%fxp0 prefixlen 64 scopeid 0x2
enc0: flags=0<> mtu 1536

Reply | Threaded
Open this post in threaded view
|

Re: unable to communicate using external interface

Chris Larsen-3
By the way, I wanted to clarify the problem:

I cannot ping out using the external interface to any address besides itself. I also cannot get any replies from the external interface when i ping from other hosts to this external address. I hope that clarifies. It's binding just fine and it's obvious there's not a machine out there that has claimed this IP already, no firewall in place.

Oh and I have no errors in my dmesg output.

----- Original Message -----
From: "Chris Larsen" <[hidden email]>
To: [hidden email]
Sent: Wednesday, April 8, 2009 3:45:56 PM GMT -06:00 US/Canada Central
Subject: unable to communicate using external interface

Hi, I just replaced one openbsd box with another , same network configuation, except went from 3.4 to 4.4. I have about 8 years experience building openbsd firewalls and mail filter servers but can't figure this one out. Since there's not a concise error I am having a hard time finding any resolutions through forums and newsgroups. I'm hoping someone can help steer me in the right direction. Thank you in advance.

THE CHALLENGE:
I can ping with the internal interface just fine and I can ping the address of the external interface just fine but cannot ping the other external addresses nor the gateway. There is no output at all with the ping. It would sit there forever without a single error.

BACKGROUND:
My cisco IAD is in bridged mode and my provider has given me 5 addresses. 4 are on 2 other servers and 1 is for this server. As I mentioned, the address was being used just fine prior to my new installation. PF is not running yet although I did turn on ip forwarding in sysctl.conf. This is a default install with nothing on it yet. I haven't even copied over the ports tree yet.

CONFIGS:
# cat /etc/hostname.rl0
inet 74.7.170.234 255.255.255.248 NONE

# netstat -rn
Routing tables

# cat /etc/mygate
74.7.170.233

Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default 74.7.170.233 UGS 0 28 - 48 rl0
74.7.170.232/29 link#1 UC 1 0 - 48 rl0
74.7.170.233 link#1 UHLc 1 107 - 48 rl0
127/8 127.0.0.1 UGRS 0 0 33204 48 lo0
127.0.0.1 127.0.0.1 UH 1 0 33204 48 lo0
192.168.168/24 link#2 UC 7 0 - 48 fxp0
192.168.168.2 00:30:48:21:c4:e0 UHLc 0 0 - 48 fxp0
192.168.168.5 00:08:02:c5:60:38 UHLc 0 1 - 48 fxp0
192.168.168.7 00:11:0a:9c:06:03 UHLc 1 8116 - 48 fxp0
192.168.168.8 00:04:4b:04:10:62 UHLc 1 71 - 48 fxp0
192.168.168.23 00:09:5b:af:31:a8 UHLc 0 307 - 48 fxp0
192.168.168.106 00:1f:e1:45:25:90 UHLc 0 3 - 48 fxp0
192.168.168.119 00:02:3f:fe:38:90 UHLc 1 111 - 48 fxp0
224/4 127.0.0.1 URS 0 0 33204 48 lo0

# ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33204
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:10:b5:f5:64:cf
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 74.7.170.234 netmask 0xfffffff8 broadcast 74.7.170.239
inet6 fe80::210:b5ff:fef5:64cf%rl0 prefixlen 64 scopeid 0x1
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:07:e9:d6:27:8e
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.168.1 netmask 0xffffff00 broadcast 192.168.168.255
inet6 fe80::207:e9ff:fed6:278e%fxp0 prefixlen 64 scopeid 0x2
enc0: flags=0<> mtu 1536

Reply | Threaded
Open this post in threaded view
|

Re: unable to communicate using external interface

alvaro-28
Uhmmm....is it possible a physical problem? Did you check the cables,
switch port and router configuration?

I had a problem very similar a few months ago (when I asked about how many
aliases on one single card) and finally was a routing problem...some guy
decided to remove the IPs from the routing tables in the router device. I
wasted almost two crazy days trying to understand why the issue was
present and then I received an email from the DC asking for apologies
because the mistake they did in the router...no comments.

Regards,

     Alvaro



On Wed, 8 Apr 2009, Chris Larsen wrote:

> By the way, I wanted to clarify the problem:
>
> I cannot ping out using the external interface to any address besides itself. I also cannot get any replies from the external interface when i ping from other hosts to this external address. I hope that clarifies. It's binding just fine and it's obvious there's not a machine out there that has claimed this IP already, no firewall in place.
>
> Oh and I have no errors in my dmesg output.
>
> ----- Original Message -----
> From: "Chris Larsen" <[hidden email]>
> To: [hidden email]
> Sent: Wednesday, April 8, 2009 3:45:56 PM GMT -06:00 US/Canada Central
> Subject: unable to communicate using external interface
>
> Hi, I just replaced one openbsd box with another , same network configuation, except went from 3.4 to 4.4. I have about 8 years experience building openbsd firewalls and mail filter servers but can't figure this one out. Since there's not a concise error I am having a hard time finding any resolutions through forums and newsgroups. I'm hoping someone can help steer me in the right direction. Thank you in advance.
>
> THE CHALLENGE:
> I can ping with the internal interface just fine and I can ping the address of the external interface just fine but cannot ping the other external addresses nor the gateway. There is no output at all with the ping. It would sit there forever without a single error.
>
> BACKGROUND:
> My cisco IAD is in bridged mode and my provider has given me 5 addresses. 4 are on 2 other servers and 1 is for this server. As I mentioned, the address was being used just fine prior to my new installation. PF is not running yet although I did turn on ip forwarding in sysctl.conf. This is a default install with nothing on it yet. I haven't even copied over the ports tree yet.
>
> CONFIGS:
> # cat /etc/hostname.rl0
> inet 74.7.170.234 255.255.255.248 NONE
>
> # netstat -rn
> Routing tables
>
> # cat /etc/mygate
> 74.7.170.233
>
> Internet:
> Destination Gateway Flags Refs Use Mtu Prio Iface
> default 74.7.170.233 UGS 0 28 - 48 rl0
> 74.7.170.232/29 link#1 UC 1 0 - 48 rl0
> 74.7.170.233 link#1 UHLc 1 107 - 48 rl0
> 127/8 127.0.0.1 UGRS 0 0 33204 48 lo0
> 127.0.0.1 127.0.0.1 UH 1 0 33204 48 lo0
> 192.168.168/24 link#2 UC 7 0 - 48 fxp0
> 192.168.168.2 00:30:48:21:c4:e0 UHLc 0 0 - 48 fxp0
> 192.168.168.5 00:08:02:c5:60:38 UHLc 0 1 - 48 fxp0
> 192.168.168.7 00:11:0a:9c:06:03 UHLc 1 8116 - 48 fxp0
> 192.168.168.8 00:04:4b:04:10:62 UHLc 1 71 - 48 fxp0
> 192.168.168.23 00:09:5b:af:31:a8 UHLc 0 307 - 48 fxp0
> 192.168.168.106 00:1f:e1:45:25:90 UHLc 0 3 - 48 fxp0
> 192.168.168.119 00:02:3f:fe:38:90 UHLc 1 111 - 48 fxp0
> 224/4 127.0.0.1 URS 0 0 33204 48 lo0
>
> # ifconfig -a
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33204
> groups: lo
> inet 127.0.0.1 netmask 0xff000000
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
> rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:10:b5:f5:64:cf
> groups: egress
> media: Ethernet autoselect (100baseTX full-duplex)
> status: active
> inet 74.7.170.234 netmask 0xfffffff8 broadcast 74.7.170.239
> inet6 fe80::210:b5ff:fef5:64cf%rl0 prefixlen 64 scopeid 0x1
> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:07:e9:d6:27:8e
> media: Ethernet autoselect (100baseTX full-duplex)
> status: active
> inet 192.168.168.1 netmask 0xffffff00 broadcast 192.168.168.255
> inet6 fe80::207:e9ff:fed6:278e%fxp0 prefixlen 64 scopeid 0x2
> enc0: flags=0<> mtu 1536