Re: [TCLUG:8792] Multiple Ethernet Woes

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:8792] Multiple Ethernet Woes
From: Nate Carlson <natecars@infiniteloop.com>
Date: Thu, 30 Sep 1999 14:01:52 -0500 (CDT)
In-Reply-To: <199909301844.NAA17785@infinity.infiniteloop.com>
Ahh, makes sense then.  :)  If you pull the PCI card, does the ISA one
start cooperating and talking on the network?

----
Nate Carlson
the infinite loop
natecars@infiniteloop.com

On Thu, 30 Sep 1999, Brian Ackermann wrote:

> This maching WILL BE the firewall...when I can put it between the router and the
> rest of the network.  But, I can't put the 'bridge' in place when one of ends of
> the bridge points off into space...so, to get things working I've just got both
> cards plugged into the hub....
> 
> Brian...
> 
> ----------
> >From: Nate Carlson <natecars@infiniteloop.com>
> >To: tclug-list@mn-linux.org
> >Subject: Re: [TCLUG:8792] Multiple Ethernet Woes
> >Date: Thu, Sep 30, 1999, 1:28 PM
> >
> 
> > Those routing tables _should_ be fine. But, just out of curiosity, why are
> > you running two cards on the same physical lan? It'd make more sense (to
> > me at least) to just use the PCI card and use aliasing, which allows you
> > to emulate multiple cards on a single physical device. To use this, just
> > make sure you have aliasing in your kernel (RH6 does by default), and run
> > 'ifconfig eth0:[0..n] ip' or configure the
> > /etc/sysconfig/network-scripts/ifcfg-eth0:[0..n] devices (the same way as
> > a standard ethernet card.) Should work fine. Just my $.02..
> >
> > ----
> > Nate Carlson
> > the infinite loop
> > natecars@infiniteloop.com
> >
> > On Thu, 30 Sep 1999, Brian Ackermann wrote:
> >
> >> hosts.allow and hosts.deny are both empty....
> >>
> >> The firewall machine(which is not currently setup in the 'bridge'
> position...as
> >> I can't install the firewall machine and interrupt service to our
> network...I've
> >> got to get things working first...)
> >>
> >> The way things are (until I can make this box the bridge/firewall..) right
> now,
> >> both cards plug into the network with both subnets on it....the 'boomerang'
> card
> >> correctly pings and can be pinged, but not the 3c509, no incoming, no
> >> outgoing...
> >>
> >> I want to believe that the problem is the routing tables and my inability to
> >> configure it, and not the card itself....I'll post the current route table
> >> here...
> >>
> >> Script started on Thu Sep 30 07:53:00 1999
> >> [root@firewall /root]# route
> >>
> >> Kernel IP routing table
> >>
> >> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> >>
> >> 205.218.57.25   *               255.255.255.255 UH    0      0        0 eth0
> >>
> >> 192.168.6.48    *               255.255.255.255 UH    0      0        0 eth1
> >>
> >> 192.168.6.0     *               255.255.255.0   U     0      0        0 eth1
> >>
> >> 205.218.57.0    *               255.255.255.0   U     0      0        0 eth0
> >>
> >> 127.0.0.0       *               255.0.0.0       U     0      0        0 lo
> >>
> >> default         gw.bbros.com    0.0.0.0         UG    0      0        0 eth0
> >>
> >> [root@firewall /root]# exit
> >>
> >> exit
> >>
> >>
> >> Script done on Thu Sep 30 07:53:08 1999
> >>
> >> Thanks guys...I appreciate all this....
> >>
> >>
> >> ----------
> >> >From: Mark Dalton <mwd@sgi.com>
> >> >To: tclug-list@mn-linux.org
> >> >Subject: Re: [TCLUG:8792] Multiple Ethernet Woes
> >> >Date: Thu, Sep 30, 1999, 11:47 AM
> >> >
> >>
> >> >
> >> > I will take a look.. Rather than just using /etc/hosts.deny
> /etc/hosts.allow,
> >> > I should have suggested to the others to use 'ipchains', so you can
> determine
> >> > which side of the firewall the person/IP address is comming from.
> >> >
> >> > I will see if I can go and find your message and take a look.
> >> >
> >> > That said:
> >> >    1. Can you firewall machine see/connect to the other machines?
> >> >  - Does it know the IP address from the firewall and try to
> >> >    connect but fails?
> >> >  - Does it connect then fail.
> >> >  - What is the netstat -rn and netstat -output?
> >> >    2. What happens when your other machines try to connect to/through
> >> >       the firewall machine.
> >> >    3. What security do you have on for the various machines?
> >> >  /etc/hosts.deny ALL:ALL and /etc/hosts.allow
> >> >  IPChains? filtering
> >> >
> >> > Mark
> >> >
> >> >>
> >> >> And, on the other front, I'm still not getting my firewall working.
> >> >>
> >> >> I've got a 3c509, and a 3c590(Vortex Card).  The machine boots, and the
> >> kernel
> >> >> recognizes the cards and sets them up as eth0 and eth1.  Then it assigns
> IP
> >> >> addys to them.
> >> >>
> >> >> Well, the long and short is that eth1 does not see machines on the subnet
> its
> >> >> assigned to, let alone any others...
> >> >>
> >> >> Its been suggested that my route tables were setup incorrectly, but I
> posted
> >> >> them a while back and nobody seemed to think they were the problem....
> >> >>
> >> >> So, we have a firewall machine with only one working
> >> card....appearantly...and I
> >> >> have to get this firewall installed by friday...
> >> >>
> >> >> Somebody please help me *begging*
> >> >>
> >> >> Thanks in advance...
> >> >>
> >> >> Brian
> >> >>
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> >> >> For additional commands, e-mail: tclug-list-help@mn-linux.org
> >> >>
> >> >
> >> >
> >> > --
> >> > Mark Dalton       CH3-S-CH2 H                      H      O       H
> >> > Silicon Graphics, Inc.  |   |                      |       \      |
> >> > Eagan, MN 55121         CH2-C-COO    //\ ---C--CH2-C-COO    C-CH2-C-COO
> >> > mwd@sgi.com                 |       |  ||   ||     |       //     |
> >> >                             NH3      \\/ \ / CH    NH3    O       NH3
> >> >                                           NH
> >> > My home page: http://www.cbc.umn.edu/~mwd/mwd.html
> >> > Cell Biology: http://www.cbc.umn.edu/~mwd/cell.html
> >> >
> >> > ---------------------------------------------------------------------
> >> > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> >> > For additional commands, e-mail: tclug-list-help@mn-linux.org
> >> >
> >> >
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> >> For additional commands, e-mail: tclug-list-help@mn-linux.org
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > For additional commands, e-mail: tclug-list-help@mn-linux.org
> >
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
>
Prev by Date: tweaking mail headers
Next by Date: Re: [TCLUG:8807] Decoding BinHex format
Prev by thread: Re: [TCLUG:8792] Multiple Ethernet Woes
Next by thread: Re: [TCLUG:8792] Multiple Ethernet Woes
Index(es):
- Date
- Thread