PoPToP and... routing?
From: Archevis (archevis_at_hotmail.com)
Date: 08/28/04
- Next message: Archevis: "Re: PoPToP and... routing?"
- Previous message: Dave Uhring: "Re: I want to buy OpenBSD CDs from OpenBSD.org."
- Next in thread: Archevis: "Re: PoPToP and... routing?"
- Reply: Archevis: "Re: PoPToP and... routing?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 28 Aug 2004 07:01:36 -0700
I'm at a complete loss here... I had PoPToP VPN up and running on my
OpenBSD 3.5 firewall before installing a third network card for an
"external" IP zone. After setting up dhcpd and named on the firewall
for the new nic (rl1) I discovered that I could still connect and
login on the firewall/VPN server, but all of a sudden I was unable to
ping anything behind the firewall.
To be as specific as I can: I can ping the firewall's local IP from
the Windows XP (built-in VPN) client, and also ping both the XP client
and all machines on the local network ("behind" the firewall) from the
firewall/VPN server. But I'm unable to ping machines behind the
firewall from the XP client, and the XP client is also unreachable
from machines behind the firewall/VPN server.
Aside from the above problems everything works like a charm. The
web/mail server (behind the firewall) is accessible through ordinary
access over the Internet. Similarly, the Internet is accessible from
every machine behind the firewall (I'm using packet filter NAT).
My first thought was: Check, double check and then triple check
pf.conf, in case the firewall is accidentally blocking traffic. But
the problem persists even if i add "pass in quick all" and "pass out
quick all" as the first filtering lines in pf.conf. So I'm assuming
that the firewall is innocent...
Which leads me to suspect routing to be my cause of grief. Which gives
me the shivers, since I'm by far no qualified system administrator. ;)
Output from "route show" yields (my external IP shown as
<A>.<B>.<C>.<D>):
Internet:
Destination Gateway Flags
default <A>.<B>.<C>.<D> UG
<A>.<B>.<C>.<D-2> link#2 U
<A>.<B>.<C>.<D-1> <a MAC address> UH
localhost localhost UG
localhost localhost UH
192.168.0.0 link#1 U
gate localhost UGH
euclid <a MAC address> UH
galileo <a MAC address> UH
192.168.0.145 <a MAC address> UH
BASE-ADDRESS.MCA localhost U
Line 3 is my ISP's gateway for my external nic, with last IP byte a
value of 1 less than on my IP. Knowing less than little of the inner
workings of routing, I'm still a little surprised by line 2 where the
last of the four IP bytes is 2 less than on my external nic. This
being link#2 and all...
>From my XP client (at 192.168.0.145) I'm able to tracert machines
behind the firewall to my firewall/VPN server at 192.168.0.1, but no
further.
Anyone have any idea what I'm up against? Is there some setting in the
PoPToP or PPP config files reagrding routing? Or is this perhaps noe a
routing problem at all? How can I figure out if it is?
All suggestions appriciated :)
- 4rch3v15
- Next message: Archevis: "Re: PoPToP and... routing?"
- Previous message: Dave Uhring: "Re: I want to buy OpenBSD CDs from OpenBSD.org."
- Next in thread: Archevis: "Re: PoPToP and... routing?"
- Reply: Archevis: "Re: PoPToP and... routing?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
