[rescue] Interesting Networking question

George Adkins george at webbastard.org
Thu Mar 14 18:00:38 CST 2002 

I have  a bit of a problem that's thumbing it's nose at me.
I have an older Alpha (running NetBSD) that I'm trying to use as a router 
between my firewall, ethernet and FDDI segments.

the firewall (and DMZ) is on the tlp0,live-address/24
the Ethernet is off of the fxp0, 192.168.0.x/24
the FDDI ring is off the fpa0, 192.168.1.x/24

I am running ipnat to let the RFC1918 addressed on the Ethernet and FDDI talk 
to the outside world.  Now, here's the rub, both of the private segments can 
talk to the outside world, but they cannot talk to each other.  I would think 
that the routing table would 'just handle it', but apparently it's not.
Pinging from the ether side and get replies from 192.168.0.1 and 192.168.1.1
Pinging from the FDDI side, I get replies only from 192.168.1.1
Neither side gets replies from anything further out than the router's 
interface.

Anyone have any suggestions?

George

(relevant info follows....)
on the router, 

ifconfig -a looks like: (media status edited out)
tlp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:00:f8:21:6c:28
        inet 66.92.169.148 netmask 0xffffff00 broadcast 66.92.169.255
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:d0:b7:ba:2d:7d
        inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
fpa0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 4470
        address: 00:a0:24:61:ee:5e
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 33192
        inet 127.0.0.1 netmask 0xff000000

netstat -rn:
Routing tables
Internet:
Destination      Gateway              Flags Refs Use  Mtu  Interface
default                66.92.169.1           UGS     2   3268  1500  tlp0
66.92.169/24    link#1                       UC       2    0      1500  tlp0
66.92.169.1      00:02:3b:00:b1:5f  UHLc   1     0     1500  tlp0
66.92.169.143  08:00:20:de:ad:02  UHLc 0    17   1500  tlp0
127                     127.0.0.1                 UGRS  0    0  33192  lo0
127.0.0.1           127.0.0.1                  UH      1     0  33192  lo0
192.168              link#2                       UC      3     0   1500 fxp0
192.168.0.14     00:08:c7:5d:d2:93  UHLc 2   118 1500  fxp0
192.168.0.17     08:00:20:9d:d2:7d  UHLc 0     5   1500  fxp0
192.168.0.46     00:40:05:35:3d:bb  UHLc 0    5528 1500  fxp0
192.168.1           link#3                        UC     1    0   4352  fpa0
192.168.1.18     08:00:20:8d:a8:c4  UHLc 1    50   4352  fpa0

/etc/ipnat.conf
rdr tlp0 66.92.169.148/32 port 3389 -> 192.168.0.99 port 3389
map tlp0 192.168.0.0/16 -> 66.92.169.148/32 proxy port ftp ftp/tcp
map tlp0 192.168.0.0/16 -> 66.92.169.148/32 portmap tcp/udp 10001:20000
map tlp0 192.168.0.0/16 -> 66.92.169.148/32

More information about the rescue mailing list