routing problem

• Previous message: augusta Zhou: "How can use two 7204 for redundance in HA environment?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date:         Tue, 29 Jul 2003 11:00:02 +0200
To: aix-l@Princeton.EDU

Dear list,
I have the following routing problem:

An AIX 5.1-Box has 2 IP adresses in the same subnet, 172.16.125.121 and
172.16.125.123. Both are on the same adapter, en0, .121 als "real" adress,
.123 as an alias. I would like to send mails to an Exchange-Server with the
IP 1.4.13.29 which is behind a firewall. If I do for example a traceroute to
1.4.13.29 my box uses its .121-adress.

I tried the following
 route add -host 1.4.13.29 -interface 172.16.125.123

then netstat -rn tells me:

Routing tables
Destination Gateway Flags Refs Use If PMTU Exp
Groups

Route Tree for Protocol Family 2 (Internet):
default 172.16.125.97 UG 10 2347933 en0 - -
1.4.13.29 172.16.125.123 UH 0 44 en0 - -
127/8 127.0.0.1 U 7 828343 lo0 - -
172.16.125.96/27 172.16.125.123 U 2 1889714 en0 - -
172.16.125.121 127.0.0.1 UGHS 5 12027 lo0 - -
172.16.125.123 127.0.0.1 UGHS 4 12036 lo0 - -
172.16.125.128/25 172.16.125.143 U 7 1592778 en1 - -
172.16.125.143 127.0.0.1 UGHS 42 2070163 lo0 - -

a traceroute says

# traceroute 1.4.13.29
trying to get source for 1.4.13.29
source should be 172.16.125.123
traceroute to 1.4.13.29 (1.4.13.29) from 172.16.125.123 (172.16.125.123), 30
hops max
outgoing MTU = 1500
 1 * * *
 2 * * *
 3 * * *
 4 * * *
 5 *

but with iptrace I can see that my box doesn't send anything at all - it
behave as if it would miss a route. Also the Firewall-guys tell me nothing
is received by the firewall.

I'm guessing my box "thinks" it could reach the destination IP 1.4.13.29
via a local interface and then sends ARP-Requests for the 1.4.13.29 which
aren't forwarded by the firewall - but I'm not shure about what's going on.

So how can I tell my box if it wants to reach 1.4.13.29 to use it's
sender-IP .123 and the default gateway?

Any help is really appreciated, thanks a lot,

Christian

• Previous message: augusta Zhou: "How can use two 7204 for redundance in HA environment?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages ICMP pokes holes in firewalls... ... Traceroute uses two protocols: UDP and ICMP ... A system inside a firewall performs a traceroute to a system ... Traceroute chooses the next available UDP port. ... (Bugtraq) Re: port 0 not stealth ... > traceroute - and sometimes seen using the windoze TRACERT). ... > always confirms that the target computer exists and is being operated ... > firewall is in use. ... port scans are not done by six year old skript ... (comp.security.firewalls) Re: cannot ping from subnet A to subnet B for a specific host ... On your office router, do you have 192.168.5.x set up as a /24 network ... Failed to resolve Hop#1 [DNS Servers Reports Query Name Error] ... Traceroute from 192.168.11.65 to 192.168.5.10 ... The diagram makes it look like the firewall and the router are two ... (comp.dcom.sys.cisco) Problems accessing specific site ... I've got cruzio's dsl circuit providing dhcp address ... This connects to a redhat 8.0 firewall system running nat ... I opened up the firewall and tried a traceroute... ... Chain FORWARD (policy ACCEPT) ... (comp.os.linux.networking) RE: Cant see some web pages after Server 2003 install ... Most likely a routing problem between somewhere between you and the ... If you do a traceroute (pending you permit icmp traceroute packets etc ... every unreachable site begins with ... > using the basic firewall under Routing & Remote Access - I've tried turning ... (microsoft.public.windows.server.general)