Re: [leaf-user] Logging route table actions

Fri, 03 Jun 2005 08:41:12 -0700 

Tibbs, Richard wrote:

Oh, yes it does log route adds/deletes...
What I was hoping for was ip route table "verbosity", so that I could
see if and when bering was dropping packets silently.

Situation is this: I have a Bering 1.2 firewall in my office on campus
connected to the campus network. All campus routers run IGRP. Everything
works fine on the office fw, without a routing protocol.
However, I take the same fw into the networks lab and put it behind
another cisco router, and I can't get past the lab gateway router (cisco
2621) which in turn connects to the campus network. The lab gw router runs ripv2. 

Unless you are running zebra it should not matter.

Can't understand why I have no internet

access from the internal net behind the firewall. Nor can I ping beyond
the lab gw rtr.

Both the campus routers and lab gw router have massive ACLs. I and a lab
tech (with CCNA) have put the lab gw rtr into several debug modes, and
can't see anything dropped. Assumption is it must be something with the
firewall.


Did you look on the Bering box itself?


Ascii art:
                               CampusNet
                                   |
NetworksLab --- lab-gw-rtr --- .192 subnet --- office | | lab fw office fw 

OK a few stupid questions....

You did change the network address when moving to the lab ;-(
Are you NATing?



Any suggestions?


As always,
- use tcpdump on Bering to see the packet flow. If you see outgoing packets, but no incoming, then look at routing/firewalling uplink of your installation. 

- look at the shorewall logs

- decide if incoming packets have an originator which can be replied to.

cheers
Erich




-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Reply via email to