Re: [foxboro] Getting routing to work in Unix
- From: "Gardner, Mark" <mark.gardner@xxxxxxxxxxxxxxxx>
- To: <foxboro@xxxxxxxxxxxxx>
- Date: Thu, 18 Jun 2009 08:13:24 -0400
This may have been stated previously, but I assume the "/etc/notrouter" file
does not exist.
One of the release updates of Solaris added this touch file to turn off tcp/ip
packet routing.
I think it was added in the /etc/rc2.d/S92FOXBORO startup file.
If it exists you might want to remove it.
Mark
-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx on behalf of Targosky, Richard S.
Sent: Thu 6/18/2009 7:25 AM
To: foxboro@xxxxxxxxxxxxx
Subject: Re: [foxboro] Getting routing to work in Unix
As an update to this issue - This is how I have the network configed on this
workstation - It also shows that the firewall is accessible from W20302.
___________________________________________
W20302#
W20302# ifconfig -a
lo0: flags?9<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232
inet 127.0.0.1 netmask ff000000
le0: flags?3<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500
inet 151.128.16.133 netmask ffff0000 broadcast 151.128.255.255
ether 8:0:20:76:f1:a0
W20302#
W20302# ping 151.128.152.200
151.128.152.200 is alive
W20302#
W20302# ping 10.54.55.11
no answer from 10.54.55.11
W20302#
______________________________
This also shows the lan-side box (10.54.55.11) is unreachable - but it can be
found from my P92s (MESH-based WP70s)
Rick T
-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On
Behalf Of Targosky, Richard S.
Sent: Wednesday, June 17, 2009 3:44 PM
To: foxboro@xxxxxxxxxxxxx
Subject: Re: [foxboro] Getting routing to work in Unix
Hello All -
Thanks for the help so far --
Our system is set up like #1 - My Firewall is connected to a MESH Edge switch
on one port (INSIDE), and to my Corporate network on another port (OUTSIDE).
My WinXP stations have no problem using the firewall as a default gateway. I
have also set-up the Unix stations to use the firewall as their gateway.
-----------------------------
W20302# netstat -rn
Routing Table:
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
127.0.0.1 127.0.0.1 UH 0 22 lo0
151.128.0.0 151.128.16.133 U 3 11 le0
224.0.0.0 151.128.16.133 U 3 0 le0
default 151.128.152.200 UG 0 0
-----------------------------
I thought maybe this was a firewall issue - so I have checked it out by
watching packets. I have found that the requests from my nodebus unix stations
are not getting to my firewall. From these unix workstations - I can ping the
firewall - I can also connect to the windows based machines and Unix boxes on
other nodes.
From me MESH based Windows boxes - the default gateway works fine - I can get
connections thru the firewall.
There seems to be a problem with the WP51s recognizing the routing to the
firewall.
We have several boxes at our site where we use a second Ethernet card - and
routing for those boxes works fine.
I even added a hop to the route table (thinking that the ATS was taking a "hop")
Instead of -
/usr/sbin/route add net default ROUTER 1
I tried -
/usr/sbin/route add net default ROUTER 2
And even increased it to 5 (in case the edge and root switches counted as hops).
Without a traceroute tool - I do not know how many "hops" it is taking to get
to the firewall - I can only guess based on my network config.
I have looked thru the Foxboro support website for some guidance - but no luck.
Is there something that prevents the WP51Bs (IA v6.1.2) from routing on the
nodebus thru the ATS and to my firewall?? Or is there some trick to getting
the system to actually use the route table?
I guess we have an option of adding a second Ethernet card to each of our WPs -
and then hooking them up to a network switch ... but I would prefer to avoid
that.
Thanks-
Rick T
-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On
Behalf Of Corey R Clingo
Sent: Friday, June 05, 2009 2:38 PM
To: foxboro@xxxxxxxxxxxxx
Subject: Re: [foxboro] Getting routing to work in Unix
Richard,
What is the overall architecture? Is it like this:
WinXP WinXP Unix Unix
WP WP WP WP
| | | |
--+---Mesh--+-+----|ATS|--+-----Nodebus-----+--
|
|
Firewall
|
|
Corp. Net
or like this:
Corp. Net
|
|
Firewall
|
+-----+----+
| |
WinXP WinXP Unix Unix
WP WP WP WP
| | | |
--+---Mesh--+-+----|ATS|--+-----Nodebus-----+--
If it is like the first one, it should work, but I do not know how the ATS
handles generic IP traffic (i.e., that involving non-I/A stations) so I
cannot be certain.
If it is like the second one, it will not work unless you set up one of
the WinXP WPs to route traffic between the Mesh and the firewall.
Either way, I would probably be more inclined to put 2nd (or 3rd, as the
case may be) ethernet cards in all the boxes that need to get out and hook
them to a small LAN that had the firewall plugged into it. It simplifies
the routing and keeps "extraneous" traffic off of your control networks
(less of a problem on Mesh than classic nodebus, but still doesn't hurt).
I would also be careful about what I let any Windows box do outside of the
firewall, what with all the "drive-by" browser/Flash/PDF exploits that are
out there for Windows.
Corey Clingo
BASF
"Targosky, Richard S." <rstargosky@xxxxxxx>
Sent by: foxboro-bounce@xxxxxxxxxxxxx
06/05/2009 07:34 AM
Please respond to
foxboro@xxxxxxxxxxxxx
To
"foxboro@xxxxxxxxxxxxx" <foxboro@xxxxxxxxxxxxx>
cc
Subject
[foxboro] Getting routing to work in Unix
Hello List -
We have a firewall/gateway to isolate the Foxboro network from our
corporate network.
We have several WinXP WPs that are able to get to the corporate network by
defining the firewall as the default gateway.
I also have several WP51s (IA v6.2) that are not connected directly to the
network with a second ethernet card. They are connected to the nodebus
and then to the MESH via an ATS.
These WP51s have no problem finding any of the other WPs in our system -
Unix and Win alike. However - I cannot get to any outside devices.
I have set the /etc/defaultrouter file to point to the firewall. It does
not seem to help.
How do I get routing thru a gateway set-up in a Unix environment?
Rick Targosky
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
** Confidentiality Notice:
This e-mail, including any associated or attached files, is intended solely for
the individual or entity to which it is addressed. This e-mail is confidential
and may well also be legally privileged. If you have received it in error, you
are on notice of its status. Please notify the sender immediately by reply
e-mail and then delete this message from your system. Please do not copy it or
use it for any purposes, or disclose its contents to any other person.
This email is from the Invensys Process Systems business unit of the Invensys
Group, a group of companies owned by Invensys plc, which is a company
registered in England and Wales with its registered office at Portland House,
Bressenden Place, London, SW1E 5BF (Registered number 166023). For a list of
European legal entities within the Invensys Group, please go to
http://www.invensys.com/legal/default.asp?top_nav_idw&nav_id?&prev_idw.
You may contact Invensys plc on +44 (0)20 7821 3848 or e-mail
inet.hqhelpdesk@xxxxxxxxxxxxx This e-mail and any attachments thereto may be
subject to the terms of any agreements between Invensys (and/or its
subsidiaries and affiliates) and the recipient (and/or its subsidiaries and
affiliates).
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
Other related posts: