Jerry Bell [EMAIL PROTECTED] wrote on 04/04/2005 05:11:22 PM:
The first thing I would check is that it's the BSD box that you are
actually pinging. I'd try unplugging it and trying the ping again from
the IIS box. Barring that, I would double and triple check the network
mask on the BSD box. Also, make sure you don't have some screwy
firewall
rules on the BSD server that prevent outbound pings.
Next, look at the output of 'netstat -rn'
Results of netstat -rn:
destination gateway flags refsuse netif
default157.237.165.1 ugs 0 122 fxp0
127.0.0.1 127.0.0.1 uh 0 6 lo0
157.237.165/29 link#1 uc 0 0 fxp0
157.237.165.1 00:02:b3:a4:c2uhlm1 0 fxp0
You should see entries for the default gateway as well as your local
network. If all looks good there, check your arp table with arp -a.
Results of arp -a:
?(157.237.165.1) at 00:02:b3:bd:c2 on fxp0 [ethernet]
?(157.237.165.2) at 00:0d:61:70:df on fxp0 [ethernet]
?(157.237.165.4) at 00:eo:18:c2:12 on fxp0 [ethernet]
If you don't see anything there, it's probably a layer 1 or 2 problem
(cabling/vlan).
There are 3 boxes on the dmz -
157.237.165.2 is the IIS box. It gets no ping reply from the BSD box and
the firewall. It does get a reply from the win2003 box. It has full
internet access. It is a current, working, 'live' web server for
authorized users only.
157.237.165.4 is a WIN2003 box and it gets ping responses from the IIS box
and the BSD box, no response from the firewall, and no internet access.
157.237.165.5 is the BSD box, gets a ping response from the IIS box only,
no response from the win2003 box, or firewall, and no internet access.
(157.237.165.1 is the firewall dmz nic itself, the gateway for all 3
boxes)
I'm guessing that there is a rule on the firewall that has closed the
internet connection for these two additional boxes. The IIS was the first
to be set up a year of so ago. There must also be a rule on the firewall
that drops all incoming ping requests.
Questions from the above:
Why does BSD box get reply from the IIS box, yet the IIS box get no reply
from the BSD box?
Why does the IIS box get reply from the Win2003 box, yet not from the BSD
box?
All 3 boxes have the same network setup, except for this: There is no
'domain' for the 3 boxes. The IIS box is on its own workgroup DMZ, the
win2003 box is its own domain 'test.local'. The BSD box has 'domain
simrad.com' as the first line of resolv.conf. What are the implications of
this?
I will be sending a message to the firewall administrator in Norway (I am
in the US) with the info above, maybe he can find something on the
firewall to change to make everything work.
I hope.
Regards,
Chip
There are many many possibilities for what could be wrong, but it's hard
for us to say. Let us know what you find on those tests.
Jerry
http://www.syslog.org
here in our office we have a firewall running Firewall-1 (it is
administered remotely from another office in another country). It is
set
up with a dmz so I can host a web server (which is running IIS), but
it
works. I am now adding another web server, running Apache/FreeBSD.
Problem
is the FBSD box does not ping anything. The IIS box can ping the FBSD
box
and get a response from it. I have used the same network settings on
the
FBSD box that are on the IIS box, changing only the ipaddress. I don't
understand why the FBSD box only responds with network not found when
trying to ping anything. Now the IIS box is not a member of any
network,
it is it's own workgroup called DMZ. Is the problem that the FBSD box
needs to be a member of the workgroup DMZ? And if so, how do I get it
there?
Regards,
Chip
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]