Re: [foxboro] Getting routing to work in Unix
- From: "Targosky, Richard S." <rstargosky@xxxxxxx>
- To: "foxboro@xxxxxxxxxxxxx" <foxboro@xxxxxxxxxxxxx>
- Date: Wed, 17 Jun 2009 15:43:44 -0400
Hello All -
Thanks for the help so far --
Our system is set up like #1 - My Firewall is connected to a MESH Edge switch
on one port (INSIDE), and to my Corporate network on another port (OUTSIDE).
My WinXP stations have no problem using the firewall as a default gateway. I
have also set-up the Unix stations to use the firewall as their gateway.
-----------------------------
W20302# netstat -rn
Routing Table:
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
127.0.0.1 127.0.0.1 UH 0 22 lo0
151.128.0.0 151.128.16.133 U 3 11 le0
224.0.0.0 151.128.16.133 U 3 0 le0
default 151.128.152.200 UG 0 0
-----------------------------
I thought maybe this was a firewall issue - so I have checked it out by
watching packets. I have found that the requests from my nodebus unix stations
are not getting to my firewall. From these unix workstations - I can ping the
firewall - I can also connect to the windows based machines and Unix boxes on
other nodes.
From me MESH based Windows boxes - the default gateway works fine - I can get
connections thru the firewall.
There seems to be a problem with the WP51s recognizing the routing to the
firewall.
We have several boxes at our site where we use a second Ethernet card - and
routing for those boxes works fine.
I even added a hop to the route table (thinking that the ATS was taking a "hop")
Instead of -
/usr/sbin/route add net default ROUTER 1
I tried -
/usr/sbin/route add net default ROUTER 2
And even increased it to 5 (in case the edge and root switches counted as hops).
Without a traceroute tool - I do not know how many "hops" it is taking to get
to the firewall - I can only guess based on my network config.
I have looked thru the Foxboro support website for some guidance - but no luck.
Is there something that prevents the WP51Bs (IA v6.1.2) from routing on the
nodebus thru the ATS and to my firewall?? Or is there some trick to getting
the system to actually use the route table?
I guess we have an option of adding a second Ethernet card to each of our WPs -
and then hooking them up to a network switch ... but I would prefer to avoid
that.
Thanks-
Rick T
-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On
Behalf Of Corey R Clingo
Sent: Friday, June 05, 2009 2:38 PM
To: foxboro@xxxxxxxxxxxxx
Subject: Re: [foxboro] Getting routing to work in Unix
Richard,
What is the overall architecture? Is it like this:
WinXP WinXP Unix Unix
WP WP WP WP
| | | |
--+---Mesh--+-+----|ATS|--+-----Nodebus-----+--
|
|
Firewall
|
|
Corp. Net
or like this:
Corp. Net
|
|
Firewall
|
+-----+----+
| |
WinXP WinXP Unix Unix
WP WP WP WP
| | | |
--+---Mesh--+-+----|ATS|--+-----Nodebus-----+--
If it is like the first one, it should work, but I do not know how the ATS
handles generic IP traffic (i.e., that involving non-I/A stations) so I
cannot be certain.
If it is like the second one, it will not work unless you set up one of
the WinXP WPs to route traffic between the Mesh and the firewall.
Either way, I would probably be more inclined to put 2nd (or 3rd, as the
case may be) ethernet cards in all the boxes that need to get out and hook
them to a small LAN that had the firewall plugged into it. It simplifies
the routing and keeps "extraneous" traffic off of your control networks
(less of a problem on Mesh than classic nodebus, but still doesn't hurt).
I would also be careful about what I let any Windows box do outside of the
firewall, what with all the "drive-by" browser/Flash/PDF exploits that are
out there for Windows.
Corey Clingo
BASF
"Targosky, Richard S." <rstargosky@xxxxxxx>
Sent by: foxboro-bounce@xxxxxxxxxxxxx
06/05/2009 07:34 AM
Please respond to
foxboro@xxxxxxxxxxxxx
To
"foxboro@xxxxxxxxxxxxx" <foxboro@xxxxxxxxxxxxx>
cc
Subject
[foxboro] Getting routing to work in Unix
Hello List -
We have a firewall/gateway to isolate the Foxboro network from our
corporate network.
We have several WinXP WPs that are able to get to the corporate network by
defining the firewall as the default gateway.
I also have several WP51s (IA v6.2) that are not connected directly to the
network with a second ethernet card. They are connected to the nodebus
and then to the MESH via an ATS.
These WP51s have no problem finding any of the other WPs in our system -
Unix and Win alike. However - I cannot get to any outside devices.
I have set the /etc/defaultrouter file to point to the firewall. It does
not seem to help.
How do I get routing thru a gateway set-up in a Unix environment?
Rick Targosky
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
Other related posts: