I'm not sure what your nistnet commands are expected to do as you haven't specified any parameters. In any case, you have configured a pair of specific end points. That is all that nistnet will tamper with. It looks like you need rountes in 150 and 170 and ipforwarding set on 150, 160, and 170. If your network connectivity doesn't work w/o nistnet active, it won't work with nistnet.
Looking closer, your first two nistnet commands won't do anything worth while since they reference local interfaces. From your description and picture, I don't understand whre 140 and 180 fit. Nor what the interface IPS are on 150 and 170. The 10.* addresses are at best confusing me as to their purpose. Traffic packets flow through 160 and have a src/dest address pair. Those addresses are what nistnet cares about. If your communication software in 150/170 is doing VPN/NAT they my guess would be that addresses logically closest to 160 would apply. if your software isn't doing address translation, then you need two rules: *.18.3 *.17.3 *.17.3 *.18.3 where '*' is 192.168 and these two rules cover both directions. You also need other parameters on these commands (drd, bw, etc.) for nistnet to be useful. The value of very explicit rules is that nistnet will accumulate stats at that level. You should be able to just use cnistnet -a 0.0.0.0 0.0.0.0 to mean all traffic through your nistnet box. cnistnet -a *.18.3 0.0.0.0 cnistnet -a 0.0.0.0 *.18.3 will apply to all trafic from/to 18.3 which goes through the nistnet box. Dave Morris On Tue, 5 Feb 2008, Karl A. Nyberg wrote: > I have the following network configuration, where host150 and host170 > are my test boxes for communciations software I'm working on. I bring > up my software and can ping through from host140 to 192.168.17.1 on > host 160 and from host180 to 192.168.18.1 on host160 (and vice versa - > both showing that the software I'm working on is routing through OK). > I bring up NIST Net with the following configuration on host160: > > # cnistnet -a 192.168.17.1 192.168.18.1 > # cnistnet -a 192.168.18.1 192.168.17.1 > > I start up xnistnet and turn on the emulator, which shows the source > and destinations listed as enabled above (after adding hostnames to > /etc/hosts for the ip addresses). > > I can ping the far side of host160 (i.e., 192.168.18.1 from host140, > or 192.168.17.1 from host180 and vice versa), which would seem to > indicate that NIST Net is passing traffic between the two sides, but > it doesn't seem to go any further. Do I need to add all the specific > addresses and connections? Something like: > > # cnistnet -a 192.168.17.1 192.168.18.3 > # cnistnet -a 192.168.18.1 192.168.17.3 > # cnistnet -a 192.168.18.3 192.168.17.3 > # cnistnet -a 192.168.17.3 192.168.18.3 > > And / or more? My messing with these didn't come up with any obvious > solution. > > Or by network? > > My network and netstat -rn on host160 are: > > [EMAIL PROTECTED]:~/nistnet/nistnet-3.0a# netstat -rn > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window irtt Iface > 192.168.18.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 192.168.17.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 > 10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3 > 0.0.0.0 10.10.10.1 0.0.0.0 UG 0 0 0 eth3 > > > host140 eth0 -- 10.10.10.140 > eth1 -+ -- 192.168.17.3 > | > . > | > eth1 -+ > host150 eth2 -- 10.10.10.150 > eth0 -+ > | > . > | > eth2 -+ -- 192.168.17.1 > host160 eth3 -- 10.10.10.160 > eth0 -+ -- 192.168.18.1 > | > . > | > eth0 -+ > host170 eth2 -- 10.10.10.170 > eth1 -+ > | > . > | > eth1 -+ -- 192.168.18.3 > host180 eth0 -- 10.10.10.180 > > > If you read this far, thanks! > > -- Karl -- > > Karl A. Nyberg > http://karl.nyberg.net > 703-406-4161 > _______________________________________________ nistnet mailing list nistnet@antd.nist.gov http://www-x.antd.nist.gov/mailman/listinfo/nistnet
