Re: [foxboro] Getting routing to work in Unix

From: stan <stanb@xxxxxxxxx>
To: "Targosky, Richard S." <rstargosky@xxxxxxx>
Date: Thu, 18 Jun 2009 07:43:12 -0400
OK, this is strnage. All of your setup looks corect to me. BTW, I would
NEVER do what you are doing, and route external traffic over the "nodebus".
Perhaps this is OK in a mesh world, but it is not OK in a classic nodebus
environment.

Hopefully someone else will see what I am missing here. but all looks
correct to me.


On Thu, Jun 18, 2009 at 07:25:31AM -0400, Targosky, Richard S. wrote:
> As an update to this issue - This is how I have the network configed on this 
> workstation - It also shows that the firewall is accessible from W20302.
> 
> ___________________________________________
> 
> W20302# 
> W20302# ifconfig -a
> lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232
>       inet 127.0.0.1 netmask ff000000 
> le0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500
>       inet 151.128.16.133 netmask ffff0000 broadcast 151.128.255.255
>       ether 8:0:20:76:f1:a0 
> W20302# 
> W20302# ping 151.128.152.200
> 151.128.152.200 is alive
> W20302# 
> W20302# ping 10.54.55.11
> no answer from 10.54.55.11
> W20302# 
> ______________________________
> 
> This also shows the lan-side box (10.54.55.11) is unreachable - but it can be 
> found from my P92s (MESH-based WP70s)
> 
> Rick T
> 
> -----Original Message-----
> From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On 
> Behalf Of Targosky, Richard S.
> Sent: Wednesday, June 17, 2009 3:44 PM
> To: foxboro@xxxxxxxxxxxxx
> Subject: Re: [foxboro] Getting routing to work in Unix
> 
> Hello All -
> 
> Thanks for the help so far --
> 
> Our system is set up like #1 - My Firewall is connected to a MESH Edge switch 
> on one port (INSIDE), and to my Corporate network on another port (OUTSIDE).
> 
> My WinXP stations have no problem using the firewall as a default gateway.  I 
> have also set-up the Unix stations to use the firewall as their gateway.
> 
> -----------------------------
> 
> W20302# netstat -rn
> 
> Routing Table:
>   Destination           Gateway           Flags  Ref   Use   Interface
> -------------------- -------------------- ----- ----- ------ ---------
> 127.0.0.1            127.0.0.1             UH       0     22  lo0
> 151.128.0.0          151.128.16.133        U        3     11  le0
> 224.0.0.0            151.128.16.133        U        3      0  le0
> default              151.128.152.200       UG       0      0  
> 
> -----------------------------
> 
> 
> I thought maybe this was a firewall issue - so I have checked it out by 
> watching packets. I have found that the requests from my nodebus unix 
> stations are not getting to my firewall.  From these unix workstations - I 
> can ping the firewall - I can also connect to the windows based machines and 
> Unix boxes on other nodes.
> 
> >From me MESH based Windows boxes - the default gateway works fine - I can 
> >get connections thru the firewall.
> 
> There seems to be a problem with the WP51s recognizing the routing to the 
> firewall.
> 
> We have several boxes at our site where we use a second Ethernet card - and 
> routing for those boxes works fine.
> 
> I even added a hop to the route table (thinking that the ATS was taking a 
> "hop")
> 
> Instead of -
> /usr/sbin/route add net default ROUTER 1
> 
> 
> I tried - 
> /usr/sbin/route add net default ROUTER 2
> 
> And even increased it to 5 (in case the edge and root switches counted as 
> hops).
> 
> Without a traceroute tool - I do not know how many "hops" it is taking to get 
> to the firewall - I can only guess based on my network config.
> 
> I have looked thru the Foxboro support website for some guidance - but no 
> luck.  
> 
> Is there something that prevents the WP51Bs (IA v6.1.2) from routing on the 
> nodebus thru the ATS and to my firewall??  Or is there some trick to getting 
> the system to actually use the route table?
> 
> I guess we have an option of adding a second Ethernet card to each of our WPs 
> - and then hooking them up to a network switch ...  but I would prefer to 
> avoid that.
> 
> Thanks-
> 
> Rick T
> 
> -----Original Message-----
> From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On 
> Behalf Of Corey R Clingo
> Sent: Friday, June 05, 2009 2:38 PM
> To: foxboro@xxxxxxxxxxxxx
> Subject: Re: [foxboro] Getting routing to work in Unix
> 
> Richard,
> 
> What is the overall architecture?  Is it like this:
> 
> 
> WinXP           WinXP           Unix                    Unix
>  WP              WP              WP                      WP
>   |           |           |               |
> --+---Mesh--+-+----|ATS|--+-----Nodebus-----+--
>             |
>             |
>          Firewall
>             |
>             |
>         Corp. Net
> 
> 
> or like this:
> 
> 
>    Corp. Net
>         |
>         |
>     Firewall
>         |
>   +-----+----+
>   |          | 
> WinXP           WinXP           Unix                    Unix
>  WP              WP              WP                      WP
>   |           |           |               |
> --+---Mesh--+-+----|ATS|--+-----Nodebus-----+--
> 
> 
> If it is like the first one, it should work, but I do not know how the ATS 
> handles generic IP traffic (i.e., that involving non-I/A stations) so I 
> cannot be certain.
> 
> 
> If it is like the second one, it will not work unless you set up one of 
> the WinXP WPs to route traffic between the Mesh and the firewall.
> 
> 
> Either way, I would probably be more inclined to put 2nd (or 3rd, as the 
> case may be) ethernet cards in all the boxes that need to get out and hook 
> them to a small LAN that had the firewall plugged into it.  It simplifies 
> the routing and keeps "extraneous" traffic off of your control networks 
> (less of a problem on Mesh than classic nodebus, but still doesn't hurt). 
> I would also be careful about what I let any Windows box do outside of the 
> firewall, what with all the "drive-by" browser/Flash/PDF exploits that are 
> out there for Windows.
> 
> 
> Corey Clingo
> BASF
> 
> 
> 
> 
> 
> 
> "Targosky, Richard S." <rstargosky@xxxxxxx> 
> Sent by: foxboro-bounce@xxxxxxxxxxxxx
> 06/05/2009 07:34 AM
> Please respond to
> foxboro@xxxxxxxxxxxxx
> 
> 
> To
> "foxboro@xxxxxxxxxxxxx" <foxboro@xxxxxxxxxxxxx>
> cc
> 
> Subject
> [foxboro] Getting routing to work in Unix
> 
> 
> 
> 
> 
> 
> Hello List -
> We have a firewall/gateway to isolate the Foxboro network from our 
> corporate network.
> 
> We have several WinXP WPs that are able to get to the corporate network by 
> defining the firewall as the default gateway.
> 
> I also have several WP51s (IA v6.2) that are not connected directly to the 
> network with a second ethernet card.  They are connected to the nodebus 
> and then to the MESH via an ATS.
> 
> These WP51s have no problem finding any of the other WPs in our system - 
> Unix and Win alike. However - I cannot get to any outside devices.
> 
> I have set the /etc/defaultrouter file to point to the firewall.  It does 
> not seem to help.
> 
> How do I get routing thru a gateway set-up in a Unix environment?
> 
> Rick Targosky
> 
> 
> 
> 
>  
>  
> _______________________________________________________________________
> This mailing list is neither sponsored nor endorsed by Invensys Process
> Systems (formerly The Foxboro Company). Use the info you obtain here at
> your own risks. Read http://www.thecassandraproject.org/disclaimer.html
>  
> foxboro mailing list:             http://www.freelists.org/list/foxboro
> to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
> to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>  
> 
>  
>  
> _______________________________________________________________________
> This mailing list is neither sponsored nor endorsed by Invensys Process
> Systems (formerly The Foxboro Company). Use the info you obtain here at
> your own risks. Read http://www.thecassandraproject.org/disclaimer.html
>  
> foxboro mailing list:             http://www.freelists.org/list/foxboro
> to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
> to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>  
> 
>  
>  
> _______________________________________________________________________
> This mailing list is neither sponsored nor endorsed by Invensys Process
> Systems (formerly The Foxboro Company). Use the info you obtain here at
> your own risks. Read http://www.thecassandraproject.org/disclaimer.html
>  
> foxboro mailing list:             http://www.freelists.org/list/foxboro
> to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
> to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>  

-- 
One of the main causes of the fall of the roman empire was that, lacking
zero, they had no way to indicate successful termination of their C
programs.
 
 
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
 
foxboro mailing list:             http://www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
Follow-Ups:

Re: [foxboro] Getting routing to work in Unix
From: Targosky, Richard S.
References:
- [foxboro] Getting routing to work in Unix
  - From: Targosky, Richard S.
- Re: [foxboro] Getting routing to work in Unix
  - From: Corey R Clingo
- Re: [foxboro] Getting routing to work in Unix
  - From: Targosky, Richard S.
- Re: [foxboro] Getting routing to work in Unix
  - From: Targosky, Richard S.
Re: [foxboro] Getting routing to work in Unix

Other related posts:
