Hello All,

I have a server with two network interfaces. I need the first one to have an IP-address on my DMZ and the other on my Backup LAN. Basically like this:

ifconfig_de0="inet 172.30.10.100 netmask 255.255.255.0"
defaultrouter="172.30.10.1"
ifconfig_de1="inet 192.168.100.100 netmask 255.255.255.0"

I believe that the missing part here is some sort of route for 192.168.100.100. Looking at my switch port statistics I can't see any traffic whatsoever coming from 192.168.100.100 interface.

How do I go about to make this work?

Many thanks advance,

Andreas

I believe that the missing part here is some sort of route for 192.168.100.100.
On the machines in the 192.168.100.0/24 network set 192.168.100.100 as default gateway.

Make sure you turn on forwarding in /etc/rc.conf:

gateway_enable="YES"

Thanks but I don't need the server to bridge between these networks. I just need to access both 172.30.10.0/24 and 192.168.100.0/24 from the server and the server itself from these networks.

172.30.10.0/24 works fine but I can't access anything on 192.168.100.0/24 from the server or access the server from this network.

Thanks but I don't need the server to bridge between these networks. I just need to access both 172.30.10.0/24 and 192.168.100.0/24 from the server and the server itself from these networks.

172.30.10.0/24 works fine but I can't access anything on 192.168.100.0/24 from the server or access the server from this network.

Both networks are "directly connected" so there's no need for additional routing. You can verify this with netstat -rn.

I can get both interfaces to work independently if I disable the other one and set defaultrouter to x.x.x.1. But if I try to have both enabled at the same time only the interface on the network, for which the default route is configured, will work. As a computer should normally just have one default route there must be a special way to handle this scenario.

Set the default route to what it's supposed to be and post the output of


ifconfig
netstat -rn


Also make sure there's no firewall running or blocking the traffic.

ifconfig

de0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:15:5d:14:51:04
inet 172.30.20.100 netmask 0xffffff00 broadcast 172.30.20.255
media: Ethernet autoselect (100baseTX)
status: active
de1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:15:5d:14:51:05
inet 192.168.100.100 netmask 0xffffff00 broadcast 192.168.100.255
media: Ethernet autoselect (100baseTX)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000



netstat -nr

Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 172.30.20.1 UGS 0 108 de0
127.0.0.1 127.0.0.1 UH 0 0 lo0
172.30.20.0/24 link#1 UC 0 0 de0
172.30.20.1 00:22:b0:4f:27:b9 UHLW 2 0 de0 1018
172.30.20.81 00:22:19:aa:40:d0 UHLW 1 2 de0 1144
192.168.100.0/24 link#2 UC 0 0 de1

Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 link#3 UHL lo0
ff01:3::/32 fe80::1%lo0 UC lo0
ff02::%lo0/32 fe80::1%lo0 UC lo0

Looking at the info, there's no reason why the machine shouldn't be able to access 192.168.100.0/24. This all looks good.

Is there a firewall running on the hosts in 192.168.100.0/24? That may be blocking the traffic?

For completeness' sake, try route -n get 192.168.100.x as well (substitute x, of course).

It should give you (best guess)

route to: 192.168.100.x
destination: 192.168.100.0
mask: 255.255.255.0
interface: de1
flags: <UP,DONE>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 1500 1 0

route -n get 192.168.100.1

route to: 192.168.100.1
destination: 192.168.100.0
mask: 255.255.255.0
interface: de1
flags: <UP,DONE,CLONING>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 -33233

Ok, two more:

route -vn get 192.168.100.x

And ping known live hosts in the .100 network, ping the machine from the .100 network (so ping from both sides), and then run

arp -an -i de1 on this machine.

Try to run "tcpdump -n -i de1" and watch if you see traffic at all. Then try to ping 192.168.10.100 from a box in your backup lan and watch the tcpdump output if you see incoming echo request packets or at least arp request (who has 192.168.10.100 / 192.168.10.100 is at messages...).

Thank you all for your contributions. I had a lot of problems with the network configuration on my Hyper-V server and it might have been that which started all this. I ended up with uninstalling all network interfaces, rebooting the server and reconfiguring all my virtual networks.

And after having a few good hours of sleep and setting up a reference environment this morning I also realized that I had done a creative test configuration with a subnet mask which I forgot about.

But you always learn something new and route get is definitely a keeper!

BTW, what's the tag for highlighting text?

All tags are here, but please don't go overboard with a tagfest .. we like clean and simple posts: http://forums.freebsd.org/misc.php?do=bbcode