Does anyone remember the steps to set up a dual interface IRIX box as a gateway for other systems?
Something about routed...
Thanks.
Something about routed...
Thanks.
IRIX and Software
Setting up a gateway
man route
man netstat
man ifconfig
From memory...
route add network 10.10.0.0 gateway 192.168.0.10
Regan
man netstat
man ifconfig
From memory...
route add network 10.10.0.0 gateway 192.168.0.10
Regan
J5600, 2 x SUN, 2 x Mac, 3 x Alpha, 2 x RS/6000
awesome thanks!
"gated" has some more flexible capabilities than "routed," but either is fine.
If you want persistent static routes, put them in /etc/config/static-route.options for 6.2+.
If you want persistent static routes, put them in /etc/config/static-route.options for 6.2+.
Ack.
I've got the Tzero with 2 Gig-E card working on both networks, but I can't get it to route packets from machines on the private net. I found my notes and followed the same procedure as I did on my Octane many years ago to get it work, but no dice!
My is /etc/config/routed.options
The /etc/config/netif.options has (there are three interfaces actually, but I'm just using tg0 and tg1)
I've chkconfiged gated on and rebuilt the kernel with /etc/autoconfig -vf.
I even get from netstat -s -p ip |grep forward
But the machines behind the firewall just sit and spin. The ugly part is I configured a Linux box as the gateway previously and all the firewalled machines could get web access OK (but were slow). I figured--based on my experiences with the Octane--that the Tzero would make a much better gateway.
Help!
I've got the Tzero with 2 Gig-E card working on both networks, but I can't get it to route packets from machines on the private net. I found my notes and followed the same procedure as I did on my Octane many years ago to get it work, but no dice!
My is /etc/config/routed.options
-h -Prdisc_interval=45 -q
The /etc/config/netif.options has (there are three interfaces actually, but I'm just using tg0 and tg1)
if1name=tg0
if1addr=$HOSTNAME
if2name=tg1
if2addr=gate-$HOSTNAME
if3name=tg2
if3addr=gate2-$HOSTNAME
I've chkconfiged gated on and rebuilt the kernel with /etc/autoconfig -vf.
I even get from netstat -s -p ip |grep forward
86 packets forwarded (forwarding enabled)
0 packets not forwardable
But the machines behind the firewall just sit and spin. The ugly part is I configured a Linux box as the gateway previously and all the firewalled machines could get web access OK (but were slow). I figured--based on my experiences with the Octane--that the Tzero would make a much better gateway.
Help!
What does the output of
netstat -rn
look like on the Tezro and on one of the machines that can't get to the public net?
From the Tzero with the IP address modified to protect the innocent
From the Linux box behind the Tzero
networking has never been one of my strengths, so your help is greatly appreciated
Code: Select all
netstat -rn
Routing tables
Internet:
Destination Gateway Netmask Flags Refs Use Interface
default 999.999.112.1 UGS 4 298 tg0
127.0.0.1 127.0.0.1 UH 42 7 lo0
999.999.112 link#4 0xffffff00 UC 0 0 tg0
999.999.112.141 127.0.0.1 UGHS 10 1 lo0
192.168.10 link#2 0xffffff00 UC 0 0 tg1
224 link#4 0xf0000000 UCS 0 0 tg0
255.255.255.255 1X8.123.112.255 UGHS 0 0 tg0
From the Linux box behind the Tzero
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.10.1 0.0.0.0 UG 0 0 0 eth0
networking has never been one of my strengths, so your help is greatly appreciated
did you delete it or does the linux box lack the lo0 entry?
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
r-a-c.de
One more thing:
man traceroute
Regan
posted from my tv!
man traceroute
Regan
posted from my tv!
J5600, 2 x SUN, 2 x Mac, 3 x Alpha, 2 x RS/6000
Ack! I really need to resolve this one. Help me in my ignorance. I'll beg!
Here's the instructions in IRIX Admin: Networking and Mail Chapter 3
Which I did. My /etc/hosts looks like
The contents of /etc/config/netif.options are
I also have a static-route set up in /etc/config/static-route.options
Right now the Tezro see both networks and can ping, SSH, HTML etc. just fine. I have
and told the network (through the System Manager GUI) to forward IP packets .
From the private network (Linux and OS X boxes) I can ssh into heimdall (the gateway) just fine. They are set up to use a default route of 192.168.10.1 (again, the Tezro gateway).
If I traceroute from the Tezro (gateway) to our Onyx server (eno) in another building I get:
however, from the linux box behind the gateway I get
so I goes through the gateway to the gateway's default route and then stops.
I had a Linux box gateway working using the commands
Help!
Here's the instructions in IRIX Admin: Networking and Mail Chapter 3
Configuring a Router With Two Interfaces
The /etc/init.d/network script is designed to automatically detect and configure a router with two interfaces if the default naming scheme for the interfaces is used. By default, the Internet addresses of the primary and secondary interfaces are derived from the /etc/sys_id file. The primary interface uses the name in the sys_id file. The secondary interface prefixes gate- to the name specified in the sys_id file.
To set up a router with two interfaces using the default naming scheme, follow this procedure:
1. Log in as root.
2. Assign valid Internet names and addresses to both interfaces in the /etc/hosts file. For example, the /etc/hosts file entries for the primary and secondary interfaces on the station biway might look like this:
198.70.75.2 biway.salad.com biway
198.70.80.3 gate-biway.salad.com gate-biway
3. Ensure that the router has the appropriate name in its /etc/sys_id file. Following this example, the /etc/sys_id file should look like this:
biway
4. Reconfigure the kernel and reboot the station to initialize your changes and interfaces. Some systems prompt you for permission, as in the following example. Others simply return a shell prompt. In either case, enter the reboot command when the kernel has been reconfigured:
/etc/autoconfig
Automatically reconfigure the operating system? (y/n)y
reboot
Which I did. My /etc/hosts looks like
Code: Select all
999.999.112.141 heimdall
192.168.10.1 gate-heimdall
The contents of /etc/config/netif.options are
Code: Select all
f1name=tg0
if1addr=$HOSTNAME
if2name=tg1
if2addr=gate-$HOSTNAME
I also have a static-route set up in /etc/config/static-route.options
Code: Select all
$ROUTE $QUIET add -net default 999.999.112.1
Right now the Tezro see both networks and can ping, SSH, HTML etc. just fine. I have
routed on
gated off
and told the network (through the System Manager GUI) to forward IP packets .
From the private network (Linux and OS X boxes) I can ssh into heimdall (the gateway) just fine. They are set up to use a default route of 192.168.10.1 (again, the Tezro gateway).
If I traceroute from the Tezro (gateway) to our Onyx server (eno) in another building I get:
Code: Select all
traceroute 999.999.228.160
traceroute to 999.999.228.160 (999.999.228.160), 30 hops max, 60 byte packets
1 vlan112-rtr-b28 (999.999.112.1) 1 ms 1 ms 1 ms
2 vlan900-rtr-b5 (999.999.58.181) 0 ms 0 ms 0 ms
3 eno (999.999.228.160) 0 ms 0 ms 0 ms
however, from the linux box behind the gateway I get
Code: Select all
traceroute 999.999.228.160
traceroute to 999.999.228.160 (999.999.228.160), 30 hops max, 46 byte packets
1 heimdall (192.168.10.1) 0.406 ms 0.302 ms 0.298 ms
2 999.999.112.1 (999.999.112.1) 1.151 ms 0.992 ms 0.986 ms
3 * * *
4 * * *
5 * * *
so I goes through the gateway to the gateway's default route and then stops.
I had a Linux box gateway working using the commands
Code: Select all
/sbin/iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
/sbin/iptables --append FORWARD --in-interface eth1 -j ACCEPT
/sbin/route add -net 192.168.10.0 netmask 255.255.255.0 gw 999.999.112.141 dev eth1
Help!
@foetz: No the didn't remove the localhost entry, but the netstat output is exactly as I reported.
Also, I tried
but all I get is
Also, I tried
Code: Select all
route add -net 192.168.10.0 -gateway 999.999.112.141
but all I get is
Code: Select all
add net 192.168.10.0: File exists
I put 999's in the example above to protect the innocent. I probably should have put xxx's instead.
Sorry for the confusion.
Sorry for the confusion.
anotheradamdickson
has suggested that I use
IPFilter
. Tech pubs describes how to use it
http://techpubs.sgi.com/library/tpl/cgi ... index.html
and I remember when Iit was on the "Cool Software" site for download--but I thought it was put on the system discs. I just checked the 6.5.30 discs and can't find it. It has command line apps things like ipf and ipfstat . Does anyone know where it lives these days?
BTW I'm not talking about the older ipfilterd that lives in eoe.sw.ipgate .
Thanks.
http://techpubs.sgi.com/library/tpl/cgi ... index.html
and I remember when Iit was on the "Cool Software" site for download--but I thought it was put on the system discs. I just checked the 6.5.30 discs and can't find it. It has command line apps things like ipf and ipfstat . Does anyone know where it lives these days?
BTW I'm not talking about the older ipfilterd that lives in eoe.sw.ipgate .
Thanks.
I think the "Cool Software" section is gone, and the IPFilter on there was never put on the IRIX system discs. I stuck it here (it's open source anyway; shouldn't be a problem to distribute):
ftp://ftp.nekochan.net/pub/irix/General ... 27.tardist
ftp://ftp.nekochan.net/pub/irix/General ... 27.tardist
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.
Neko,
you...
this site...
the community...
words fail
you...
this site...
the community...
words fail