Multi homed server routing?

FreeBIE

FreeBIE

Hello All,

I have a server with two network interfaces. I need the first one to have an IP-address on my DMZ and the other on my Backup LAN. Basically like this:

Code: 
ifconfig_de0="inet 172.30.10.100  netmask 255.255.255.0"
defaultrouter="172.30.10.1"
ifconfig_de1="inet 192.168.100.100  netmask 255.255.255.0"

I believe that the missing part here is some sort of route for 192.168.100.100. Looking at my switch port statistics I can't see any traffic whatsoever coming from 192.168.100.100 interface.

How do I go about to make this work?

Many thanks advance,

Andreas
 
FreeBIE said:
I believe that the missing part here is some sort of route for 192.168.100.100.
Click to expand...
On the machines in the 192.168.100.0/24 network set 192.168.100.100 as default gateway.

Make sure you turn on forwarding in /etc/rc.conf:
Code: 
gateway_enable="YES"
 
Thanks but I don't need the server to bridge between these networks. I just need to access both 172.30.10.0/24 and 192.168.100.0/24 from the server and the server itself from these networks.

172.30.10.0/24 works fine but I can't access anything on 192.168.100.0/24 from the server or access the server from this network.
 
FreeBIE said:
Thanks but I don't need the server to bridge between these networks. I just need to access both 172.30.10.0/24 and 192.168.100.0/24 from the server and the server itself from these networks.

172.30.10.0/24 works fine but I can't access anything on 192.168.100.0/24 from the server or access the server from this network.
Click to expand...

Both networks are "directly connected" so there's no need for additional routing. You can verify this with % netstat -rn.
 
I can get both interfaces to work independently if I disable the other one and set defaultrouter to x.x.x.1. But if I try to have both enabled at the same time only the interface on the network, for which the default route is configured, will work. As a computer should normally just have one default route there must be a special way to handle this scenario.
 
Set the default route to what it's supposed to be and post the output of

Code: 
ifconfig
netstat -rn

Also make sure there's no firewall running or blocking the traffic.
 
Code: 
ifconfig

de0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:15:5d:14:51:04
        inet 172.30.20.100 netmask 0xffffff00 broadcast 172.30.20.255
        media: Ethernet autoselect (100baseTX)
        status: active
de1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:15:5d:14:51:05
        inet 192.168.100.100 netmask 0xffffff00 broadcast 192.168.100.255
        media: Ethernet autoselect (100baseTX)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000



netstat -nr

Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            172.30.20.1        UGS         0      108    de0
127.0.0.1          127.0.0.1          UH          0        0    lo0
172.30.20.0/24     link#1             UC          0        0    de0
172.30.20.1        00:22:b0:4f:27:b9  UHLW        2        0    de0   1018
172.30.20.81       00:22:19:aa:40:d0  UHLW        1        2    de0   1144
192.168.100.0/24   link#2             UC          0        0    de1

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::1                               ::1                           UHL         lo0
fe80::%lo0/64                     fe80::1%lo0                   U           lo0
fe80::1%lo0                       link#3                        UHL         lo0
ff01:3::/32                       fe80::1%lo0                   UC          lo0
ff02::%lo0/32                     fe80::1%lo0                   UC          lo0
 
Looking at the info, there's no reason why the machine shouldn't be able to access 192.168.100.0/24. This all looks good.

Is there a firewall running on the hosts in 192.168.100.0/24? That may be blocking the traffic?
 
For completeness' sake, try [cmd=]route -n get 192.168.100.x[/cmd] as well (substitute x, of course).

It should give you (best guess)
Code: 
   route to: 192.168.100.x
destination: 192.168.100.0
       mask: 255.255.255.0
  interface: de1
      flags: <UP,DONE>
 recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
       0         0         0         0      1500         1         0
 
Code: 
route -n get 192.168.100.1

   route to: 192.168.100.1
destination: 192.168.100.0
       mask: 255.255.255.0
  interface: de1
      flags: <UP,DONE,CLONING>
 recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire
       0         0         0         0         0         0      1500    -33233
 
Ok, two more:

[cmd=]route -vn get 192.168.100.x[/cmd]

And ping known live hosts in the .100 network, ping the machine from the .100 network (so ping from both sides), and then run

[cmd=]arp -an -i de1[/cmd] on this machine.
 
Try to run "tcpdump -n -i de1" and watch if you see traffic at all. Then try to ping 192.168.10.100 from a box in your backup lan and watch the tcpdump output if you see incoming echo request packets or at least arp request (who has 192.168.10.100 / 192.168.10.100 is at messages...).
 
Thank you all for your contributions. I had a lot of problems with the network configuration on my Hyper-V server and it might have been that which started all this. I ended up with uninstalling all network interfaces, rebooting the server and reconfiguring all my virtual networks.

And after having a few good hours of sleep and setting up a reference environment this morning I also realized that I had done a creative test configuration with a subnet mask which I forgot about.

But you always learn something new and route get is definitely a keeper!

BTW, what's the tag for highlighting text?
 
You must log in or register to reply here.
Back
Top