Re: [foxboro] Getting routing to work in Unix
- From: "Boulay, Russ" <russ.boulay@xxxxxxxxxxxxxxxx>
- To: <foxboro@xxxxxxxxxxxxx>
- Date: Thu, 18 Jun 2009 08:20:31 -0400
I believe your issue is that the ATS doesn't route anything but 151.128
"foxboro" packets. Same as old LAN modules...Your Nodebus box will need
2nd ethernet to reach the firewall
-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx]
On Behalf Of Targosky, Richard S.
Sent: Thursday, June 18, 2009 7:51 AM
To: Stan Brown
Cc: foxboro@xxxxxxxxxxxxx
Subject: Re: [foxboro] Getting routing to work in Unix
I do not plan to leave the routing of DEFAULT to my gateway - I will set
my table to route only my desired connections to go back thru my
firewall.
But for now - while trying to get the network to function - I have set
up this one box with a default route to goto the firewall via the MESH
network. I plan to use an outside server (at 10.54.55.11) for login
authentication to the WPs.
Rick T
-----Original Message-----
From: Stan Brown [mailto:stanb@xxxxxxxxx]
Sent: Thursday, June 18, 2009 7:43 AM
To: Targosky, Richard S.
Cc: foxboro@xxxxxxxxxxxxx
Subject: Re: [foxboro] Getting routing to work in Unix
OK, this is strnage. All of your setup looks corect to me. BTW, I would
NEVER do what you are doing, and route external traffic over the
"nodebus".
Perhaps this is OK in a mesh world, but it is not OK in a classic
nodebus
environment.
Hopefully someone else will see what I am missing here. but all looks
correct to me.
On Thu, Jun 18, 2009 at 07:25:31AM -0400, Targosky, Richard S. wrote:
> As an update to this issue - This is how I have the network configed
on this workstation - It also shows that the firewall is accessible from
W20302.
>
> ___________________________________________
>
> W20302#
> W20302# ifconfig -a
> lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232
> inet 127.0.0.1 netmask ff000000
> le0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500
> inet 151.128.16.133 netmask ffff0000 broadcast 151.128.255.255
> ether 8:0:20:76:f1:a0
> W20302#
> W20302# ping 151.128.152.200
> 151.128.152.200 is alive
> W20302#
> W20302# ping 10.54.55.11
> no answer from 10.54.55.11
> W20302#
> ______________________________
>
> This also shows the lan-side box (10.54.55.11) is unreachable - but it
can be found from my P92s (MESH-based WP70s)
>
> Rick T
>
> -----Original Message-----
> From: foxboro-bounce@xxxxxxxxxxxxx
[mailto:foxboro-bounce@xxxxxxxxxxxxx] On Behalf Of Targosky, Richard S.
> Sent: Wednesday, June 17, 2009 3:44 PM
> To: foxboro@xxxxxxxxxxxxx
> Subject: Re: [foxboro] Getting routing to work in Unix
>
> Hello All -
>
> Thanks for the help so far --
>
> Our system is set up like #1 - My Firewall is connected to a MESH Edge
switch on one port (INSIDE), and to my Corporate network on another port
(OUTSIDE).
>
> My WinXP stations have no problem using the firewall as a default
gateway. I have also set-up the Unix stations to use the firewall as
their gateway.
>
> -----------------------------
>
> W20302# netstat -rn
>
> Routing Table:
> Destination Gateway Flags Ref Use Interface
> -------------------- -------------------- ----- ----- ------ ---------
> 127.0.0.1 127.0.0.1 UH 0 22 lo0
> 151.128.0.0 151.128.16.133 U 3 11 le0
> 224.0.0.0 151.128.16.133 U 3 0 le0
> default 151.128.152.200 UG 0 0
>
> -----------------------------
>
>
> I thought maybe this was a firewall issue - so I have checked it out
by watching packets. I have found that the requests from my nodebus unix
stations are not getting to my firewall. From these unix workstations -
I can ping the firewall - I can also connect to the windows based
machines and Unix boxes on other nodes.
>
> >From me MESH based Windows boxes - the default gateway works fine - I
can get connections thru the firewall.
>
> There seems to be a problem with the WP51s recognizing the routing to
the firewall.
>
> We have several boxes at our site where we use a second Ethernet card
- and routing for those boxes works fine.
>
> I even added a hop to the route table (thinking that the ATS was
taking a "hop")
>
> Instead of -
> /usr/sbin/route add net default ROUTER 1
>
>
> I tried -
> /usr/sbin/route add net default ROUTER 2
>
> And even increased it to 5 (in case the edge and root switches counted
as hops).
>
> Without a traceroute tool - I do not know how many "hops" it is taking
to get to the firewall - I can only guess based on my network config.
>
> I have looked thru the Foxboro support website for some guidance - but
no luck.
>
> Is there something that prevents the WP51Bs (IA v6.1.2) from routing
on the nodebus thru the ATS and to my firewall?? Or is there some trick
to getting the system to actually use the route table?
>
> I guess we have an option of adding a second Ethernet card to each of
our WPs - and then hooking them up to a network switch ... but I would
prefer to avoid that.
>
> Thanks-
>
> Rick T
>
> -----Original Message-----
> From: foxboro-bounce@xxxxxxxxxxxxx
[mailto:foxboro-bounce@xxxxxxxxxxxxx] On Behalf Of Corey R Clingo
> Sent: Friday, June 05, 2009 2:38 PM
> To: foxboro@xxxxxxxxxxxxx
> Subject: Re: [foxboro] Getting routing to work in Unix
>
> Richard,
>
> What is the overall architecture? Is it like this:
>
>
> WinXP WinXP Unix Unix
> WP WP WP WP
> | | | |
> --+---Mesh--+-+----|ATS|--+-----Nodebus-----+--
> |
> |
> Firewall
> |
> |
> Corp. Net
>
>
> or like this:
>
>
> Corp. Net
> |
> |
> Firewall
> |
> +-----+----+
> | |
> WinXP WinXP Unix Unix
> WP WP WP WP
> | | | |
> --+---Mesh--+-+----|ATS|--+-----Nodebus-----+--
>
>
> If it is like the first one, it should work, but I do not know how the
ATS
> handles generic IP traffic (i.e., that involving non-I/A stations) so
I
> cannot be certain.
>
>
> If it is like the second one, it will not work unless you set up one
of
> the WinXP WPs to route traffic between the Mesh and the firewall.
>
>
> Either way, I would probably be more inclined to put 2nd (or 3rd, as
the
> case may be) ethernet cards in all the boxes that need to get out and
hook
> them to a small LAN that had the firewall plugged into it. It
simplifies
> the routing and keeps "extraneous" traffic off of your control
networks
> (less of a problem on Mesh than classic nodebus, but still doesn't
hurt).
> I would also be careful about what I let any Windows box do outside of
the
> firewall, what with all the "drive-by" browser/Flash/PDF exploits that
are
> out there for Windows.
>
>
> Corey Clingo
> BASF
>
>
>
>
>
>
> "Targosky, Richard S." <rstargosky@xxxxxxx>
> Sent by: foxboro-bounce@xxxxxxxxxxxxx
> 06/05/2009 07:34 AM
> Please respond to
> foxboro@xxxxxxxxxxxxx
>
>
> To
> "foxboro@xxxxxxxxxxxxx" <foxboro@xxxxxxxxxxxxx>
> cc
>
> Subject
> [foxboro] Getting routing to work in Unix
>
>
>
>
>
>
> Hello List -
> We have a firewall/gateway to isolate the Foxboro network from our
> corporate network.
>
> We have several WinXP WPs that are able to get to the corporate
network by
> defining the firewall as the default gateway.
>
> I also have several WP51s (IA v6.2) that are not connected directly to
the
> network with a second ethernet card. They are connected to the
nodebus
> and then to the MESH via an ATS.
>
> These WP51s have no problem finding any of the other WPs in our system
-
> Unix and Win alike. However - I cannot get to any outside devices.
>
> I have set the /etc/defaultrouter file to point to the firewall. It
does
> not seem to help.
>
> How do I get routing thru a gateway set-up in a Unix environment?
>
> Rick Targosky
>
>
>
>
>
>
>
_______________________________________________________________________
> This mailing list is neither sponsored nor endorsed by Invensys
Process
> Systems (formerly The Foxboro Company). Use the info you obtain here
at
> your own risks. Read
http://www.thecassandraproject.org/disclaimer.html
>
> foxboro mailing list:
http://www.freelists.org/list/foxboro
> to subscribe:
mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
> to unsubscribe:
mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>
>
>
>
>
_______________________________________________________________________
> This mailing list is neither sponsored nor endorsed by Invensys
Process
> Systems (formerly The Foxboro Company). Use the info you obtain here
at
> your own risks. Read
http://www.thecassandraproject.org/disclaimer.html
>
> foxboro mailing list:
http://www.freelists.org/list/foxboro
> to subscribe:
mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
> to unsubscribe:
mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>
>
>
>
>
_______________________________________________________________________
> This mailing list is neither sponsored nor endorsed by Invensys
Process
> Systems (formerly The Foxboro Company). Use the info you obtain here
at
> your own risks. Read
http://www.thecassandraproject.org/disclaimer.html
>
> foxboro mailing list:
http://www.freelists.org/list/foxboro
> to subscribe:
mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
> to unsubscribe:
mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>
--
One of the main causes of the fall of the roman empire was that, lacking
zero, they had no way to indicate successful termination of their C
programs.
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
** Confidentiality Notice:
This e-mail, including any associated or attached files, is intended solely for
the individual or entity to which it is addressed. This e-mail is confidential
and may well also be legally privileged. If you have received it in error, you
are on notice of its status. Please notify the sender immediately by reply
e-mail and then delete this message from your system. Please do not copy it or
use it for any purposes, or disclose its contents to any other person.
This email is from the Invensys Process Systems business unit of the Invensys
Group, a group of companies owned by Invensys plc, which is a company
registered in England and Wales with its registered office at Portland House,
Bressenden Place, London, SW1E 5BF (Registered number 166023). For a list of
European legal entities within the Invensys Group, please go to
http://www.invensys.com/legal/default.asp?top_nav_id=77&nav_id=80&prev_id=77.
You may contact Invensys plc on +44 (0)20 7821 3848 or e-mail
inet.hqhelpdesk@xxxxxxxxxxxxx This e-mail and any attachments thereto may be
subject to the terms of any agreements between Invensys (and/or its
subsidiaries and affiliates) and the recipient (and/or its subsidiaries and
affiliates).
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
Other related posts: