Sun box used as a router: some issues

Steven Plunkett steven at sjp.dropbear.id.au
Tue Oct 23 21:19:12 EDT 2001


  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime at docserver.cac.washington.edu for more info.

--1405755977-2121742131-1003881941=:1736
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.LNX.4.33.0110241006181.1736 at artemis.darkrising.com>

Sun gurus,

I've had continual problems with routing on this network. Not having a
budget for a proper router, I got an E420R with a quad ethernet card and
turned it into a router.

There are a few problems.

1) The router can traceroute/ping other hosts, but the 202.139.xxx.xxx and
10.0.0.x envirionment cannot, since it uses this Sun Router as a gateway.
I've fiddled with the ndd settings to no avail.

2) We have some external hosts which connect via a wan to the MIS
division's firewall, 172.16.1.39. That machine has a route for anything
destined for 202.139.xxx.xxx to go via 172.16.22.1. When this is setup,
these external hosts cannot talk to any of these 202.139.xxx.xxx hosts.
When the route on 172.16.1.39 is taken off, this pushing those packets via
the default route on 172.16.1.39, which is to the MIS firewall then to the
outside world. When this is set, they can now reach the 202.139.xxx.xxx
machines by going through the internet first.

Why do you we want machines to NOT go through the outside world?
1) To save on charged bandwidth
2) A most of the 202.139.xxx.xxx machines are firewalled out to the
outside world, go through through the "back way" is preferable.

I want anything on 172.16.22.x to go out 172.16.22.1 directly to the
172.16.22.x network. Anything else on 172.16/16 and 172.30/16 to go out to
172.16.1.39 (which has to go out 172.16.22.1 first, but look at the
routing table below).

Here is a diagram of the network.

  Outside world
     /|\
      |
      |   +-----------------------------+
      |---| 202.139.xxx.xxx environment |
      |   +-----------------------------+
      |
      |
      | 202.139.xxx.XXX (qfe0)
+------------+
|            |10.0.0.1 (qfe1) +----------------------+
| SUN ROUTER |----------------| 10.0.0.x environment |
|            |                +----------------------+
+------------+
      | 172.16.22.1 (hme0)
      |
      |                    +-------------+
 -----+--------------------| 172.16.1.39 |-------------> Outside World
 |                         +-------------+                (MIS Pipe)
 |                                |
 |                                |
 |                                |  +---------------------------+
+-------------------------+       |--| 172.16-31.x.x Environment |
| 172.16.22.x environment |          +---------------------------+
+-------------------------+                    |
                                               | WAN Connection
                                               |
                                       +----------------+
                                       | External Hosts |
                                       | (172.16.xx.xx) |
                                       +----------------+

Some other data.

sunrouter# netstat -rn

Routing Table: IPv4
  Destination           Gateway           Flags  Ref   Use   Interface
-------------------- -------------------- ----- ----- ------ ---------
172.16.1.39          172.16.22.1           UH       1     27  hme0
10.0.0.0             10.0.0.1              U        1   1034  qfe1
172.16.22.0          172.16.22.1           U        1    742  hme0
192.168.253.0        172.16.1.39           UG       1      0
202.139.xxx.xxx      202.139.xxx.XXX       U        1   2263  qfe0
172.30.0.0           172.16.1.39           UG       1      1
172.16.0.0           172.16.1.39           UG       1     57
default              202.139.xxx.YYY       UG       1   7657
127.0.0.1            127.0.0.1             UH       1   3106  lo0

sunrouter# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
qfe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
        inet 202.139.xxx.XXX netmask ffffff00 broadcast 202.139.xxx.255
        ether 8:0:20:c5:95:8f
qfe1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
        inet 10.0.0.1 netmask ffffff00 broadcast 10.0.0.255
        ether 8:0:20:c5:95:8f
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 5
        inet 172.16.22.1 netmask ffffff00 broadcast 172.16.255.255
        ether 8:0:20:c5:95:8f


Can anything give me any clues to the problem, and how to fix it.

Thanks in advance,

Steven

--1405755977-2121742131-1003881941=:1736
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; NAME="networkdiagram.txt"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.33.0110241017020.1736 at artemis.darkrising.com>
Content-Description: 
Content-Disposition: ATTACHMENT; FILENAME="networkdiagram.txt"

DQogIE91dHNpZGUgd29ybGQgICAgICANCiAgICAgL3xcDQogICAgICB8DQog
ICAgICB8ICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKw0KICAg
ICAgfC0tLXwgMjAyLjEzOS54eHgueHh4IGVudmlyb25tZW50IHwNCiAgICAg
IHwgICArLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgICB8
DQogICAgICB8DQogICAgICB8IDIwMi4xMzkueHh4Lnh4eCAocWZlMCkNCist
LS0tLS0tLS0tLS0rDQp8ICAgICAgICAgICAgfDEwLjAuMC4xIChxZmUxKSAr
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCnwgU1VOIFJPVVRFUiB8LS0tLS0t
LS0tLS0tLS0tLXwgMTAuMC4wLnggZW52aXJvbm1lbnQgfA0KfCAgICAgICAg
ICAgIHwgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0r
DQorLS0tLS0tLS0tLS0tKw0KICAgICAgfCAxNzIuMTYuMjIuMSAoaG1lMCkN
CiAgICAgIHwNCiAgICAgIHwgICAgICAgICAgICAgICAgICAgICstLS0tLS0t
LS0tLS0tKw0KIC0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0tfCAxNzIuMTYu
MS4zOSB8LS0tLS0tLS0tLS0tLT4gT3V0c2lkZSBXb3JsZA0KIHwgICAgICAg
ICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0rICAgICAgICAgICAg
ICAgIChNSVMgUGlwZSkNCiB8ICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICB8DQogfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfA0K
IHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICstLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0rDQorLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLSsgICAgICAgfC0tfCAxNzIuMTYtMzEueC54IEVudmlyb25tZW50IHwN
CnwgMTcyLjE2LjIyLnggZW52aXJvbm1lbnQgfCAgICAgICAgICArLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tKw0KKy0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0rICAgICAgICAgICAgICAgICAgICB8DQogICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgV0FOIENvbm5lY3Rp
b24NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgfA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgKy0tLS0tLS0tLS0tLS0tLS0rDQogICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICB8IEV4dGVybmFsIEhvc3RzIHwNCiAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgKDE3Mi4xNi54eC54
eCkgfA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
Ky0tLS0tLS0tLS0tLS0tLS0rDQo=
--1405755977-2121742131-1003881941=:1736--



More information about the sunmanagers mailing list