TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:8792] Multiple Ethernet Woes



This maching WILL BE the firewall...when I can put it between the router and the
rest of the network.  But, I can't put the 'bridge' in place when one of ends of
the bridge points off into space...so, to get things working I've just got both
cards plugged into the hub....

Brian...

----------
>From: Nate Carlson <natecars@infiniteloop.com>
>To: tclug-list@mn-linux.org
>Subject: Re: [TCLUG:8792] Multiple Ethernet Woes
>Date: Thu, Sep 30, 1999, 1:28 PM
>

> Those routing tables _should_ be fine. But, just out of curiosity, why are
> you running two cards on the same physical lan? It'd make more sense (to
> me at least) to just use the PCI card and use aliasing, which allows you
> to emulate multiple cards on a single physical device. To use this, just
> make sure you have aliasing in your kernel (RH6 does by default), and run
> 'ifconfig eth0:[0..n] ip' or configure the
> /etc/sysconfig/network-scripts/ifcfg-eth0:[0..n] devices (the same way as
> a standard ethernet card.) Should work fine. Just my $.02..
>
> ----
> Nate Carlson
> the infinite loop
> natecars@infiniteloop.com
>
> On Thu, 30 Sep 1999, Brian Ackermann wrote:
>
>> hosts.allow and hosts.deny are both empty....
>>
>> The firewall machine(which is not currently setup in the 'bridge'
position...as
>> I can't install the firewall machine and interrupt service to our
network...I've
>> got to get things working first...)
>>
>> The way things are (until I can make this box the bridge/firewall..) right
now,
>> both cards plug into the network with both subnets on it....the 'boomerang'
card
>> correctly pings and can be pinged, but not the 3c509, no incoming, no
>> outgoing...
>>
>> I want to believe that the problem is the routing tables and my inability to
>> configure it, and not the card itself....I'll post the current route table
>> here...
>>
>> Script started on Thu Sep 30 07:53:00 1999
>> [root@firewall /root]# route
>>
>> Kernel IP routing table
>>
>> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
>>
>> 205.218.57.25   *               255.255.255.255 UH    0      0        0 eth0
>>
>> 192.168.6.48    *               255.255.255.255 UH    0      0        0 eth1
>>
>> 192.168.6.0     *               255.255.255.0   U     0      0        0 eth1
>>
>> 205.218.57.0    *               255.255.255.0   U     0      0        0 eth0
>>
>> 127.0.0.0       *               255.0.0.0       U     0      0        0 lo
>>
>> default         gw.bbros.com    0.0.0.0         UG    0      0        0 eth0
>>
>> [root@firewall /root]# exit
>>
>> exit
>>
>>
>> Script done on Thu Sep 30 07:53:08 1999
>>
>> Thanks guys...I appreciate all this....
>>
>>
>> ----------
>> >From: Mark Dalton <mwd@sgi.com>
>> >To: tclug-list@mn-linux.org
>> >Subject: Re: [TCLUG:8792] Multiple Ethernet Woes
>> >Date: Thu, Sep 30, 1999, 11:47 AM
>> >
>>
>> >
>> > I will take a look.. Rather than just using /etc/hosts.deny
/etc/hosts.allow,
>> > I should have suggested to the others to use 'ipchains', so you can
determine
>> > which side of the firewall the person/IP address is comming from.
>> >
>> > I will see if I can go and find your message and take a look.
>> >
>> > That said:
>> >    1. Can you firewall machine see/connect to the other machines?
>> >  - Does it know the IP address from the firewall and try to
>> >    connect but fails?
>> >  - Does it connect then fail.
>> >  - What is the netstat -rn and netstat -output?
>> >    2. What happens when your other machines try to connect to/through
>> >       the firewall machine.
>> >    3. What security do you have on for the various machines?
>> >  /etc/hosts.deny ALL:ALL and /etc/hosts.allow
>> >  IPChains? filtering
>> >
>> > Mark
>> >
>> >>
>> >> And, on the other front, I'm still not getting my firewall working.
>> >>
>> >> I've got a 3c509, and a 3c590(Vortex Card).  The machine boots, and the
>> kernel
>> >> recognizes the cards and sets them up as eth0 and eth1.  Then it assigns
IP
>> >> addys to them.
>> >>
>> >> Well, the long and short is that eth1 does not see machines on the subnet
its
>> >> assigned to, let alone any others...
>> >>
>> >> Its been suggested that my route tables were setup incorrectly, but I
posted
>> >> them a while back and nobody seemed to think they were the problem....
>> >>
>> >> So, we have a firewall machine with only one working
>> card....appearantly...and I
>> >> have to get this firewall installed by friday...
>> >>
>> >> Somebody please help me *begging*
>> >>
>> >> Thanks in advance...
>> >>
>> >> Brian
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
>> >> For additional commands, e-mail: tclug-list-help@mn-linux.org
>> >>
>> >
>> >
>> > --
>> > Mark Dalton       CH3-S-CH2 H                      H      O       H
>> > Silicon Graphics, Inc.  |   |                      |       \      |
>> > Eagan, MN 55121         CH2-C-COO    //\ ---C--CH2-C-COO    C-CH2-C-COO
>> > mwd@sgi.com                 |       |  ||   ||     |       //     |
>> >                             NH3      \\/ \ / CH    NH3    O       NH3
>> >                                           NH
>> > My home page: http://www.cbc.umn.edu/~mwd/mwd.html
>> > Cell Biology: http://www.cbc.umn.edu/~mwd/cell.html
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
>> > For additional commands, e-mail: tclug-list-help@mn-linux.org
>> >
>> >
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
>> For additional commands, e-mail: tclug-list-help@mn-linux.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
>
>