Re: Dumb networking question...
I agree that two of these devices aren't entirely necessary unless we want to use VPNs to access each site where they will eventually be installed. I was thinking that it would be easy to stage them to check out how the VPN tunnel would work and make any adjustments. The WAN side of the gateways should just be talking on a network right? So that means that theoretically, I should just be able to assign them to the same network segment address and they should see each other and communications should work as if they were really hooked up to a DSL or Cable-modem. Last night I bypassed my LinkSys firewall/router and tried both 3Com boxes and they both worked correctly using the DHCP assigned IP addresses (Comcast/Attbi/Mediaone). So at that level they both appear to be working correctly. The nice thing about these gateways is that they have built-in PPTP/IPsec tunnel servers. That way I don't need to expose any systems on the LAN for purposes of establishing a tunnel connection. I guess if these two boxes were directly hooked together they would need a cross-over cable between them but today I thought I'd use a cross-over cable tied directly to a PC to see if that will work using just one gateway box. -Alex - Original Message - From: "Derek Martin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 31, 2003 11:21 PM Subject: Re: Dumb networking question... -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Mar 31, 2003 at 07:40:15PM -0500, Hewitt Tech wrote: > My question is "Do I have the gateway addresses set correctly. The only > thing connecting the two hubs is the CAT5 cable. My assumption is that > setting the first device's gateway address to the device 2's static WAN > address and vice-versa should allow the two hubs to communicate properly. I'd have to say that this is almost certainly wrong. As far as I can see, you've created a routing loop. But I can't begin to make suggestions as to how to fix it, since I don't know what the rest of the network looks like. That you need two of these devices seems dubious, but without understanding what you're trying to accomplish, it's hard to say where to go from here. - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+iRPdHEnASN++rQIRAjeUAKCKcDkP3kS4TRYmZYnVpdG3/R8+6gCbBsI3 zmp39tumoHO+ylVAVsSIVDU= =cQGM -END PGP SIGNATURE- ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Dumb networking question...
An update - when I hook a PC directly to the gateway and use a cross-over cable, the VPN connection from the PC client works correctly and I can access the systems inside the LAN behind the gateway (ping, browse etc.). So I guess the two gateways hooked directly together requires the use of a cross-over cable. -Alex - Original Message - From: "Hewitt Tech" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 01, 2003 7:36 AM Subject: Re: Dumb networking question... I agree that two of these devices aren't entirely necessary unless we want to use VPNs to access each site where they will eventually be installed. I was thinking that it would be easy to stage them to check out how the VPN tunnel would work and make any adjustments. The WAN side of the gateways should just be talking on a network right? So that means that theoretically, I should just be able to assign them to the same network segment address and they should see each other and communications should work as if they were really hooked up to a DSL or Cable-modem. Last night I bypassed my LinkSys firewall/router and tried both 3Com boxes and they both worked correctly using the DHCP assigned IP addresses (Comcast/Attbi/Mediaone). So at that level they both appear to be working correctly. The nice thing about these gateways is that they have built-in PPTP/IPsec tunnel servers. That way I don't need to expose any systems on the LAN for purposes of establishing a tunnel connection. I guess if these two boxes were directly hooked together they would need a cross-over cable between them but today I thought I'd use a cross-over cable tied directly to a PC to see if that will work using just one gateway box. -Alex - Original Message - From: "Derek Martin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 31, 2003 11:21 PM Subject: Re: Dumb networking question... -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Mar 31, 2003 at 07:40:15PM -0500, Hewitt Tech wrote: > My question is "Do I have the gateway addresses set correctly. The only > thing connecting the two hubs is the CAT5 cable. My assumption is that > setting the first device's gateway address to the device 2's static WAN > address and vice-versa should allow the two hubs to communicate properly. I'd have to say that this is almost certainly wrong. As far as I can see, you've created a routing loop. But I can't begin to make suggestions as to how to fix it, since I don't know what the rest of the network looks like. That you need two of these devices seems dubious, but without understanding what you're trying to accomplish, it's hard to say where to go from here. - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+iRPdHEnASN++rQIRAjeUAKCKcDkP3kS4TRYmZYnVpdG3/R8+6gCbBsI3 zmp39tumoHO+ylVAVsSIVDU= =cQGM -END PGP SIGNATURE- ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Dumb networking question...
> An update - when I hook a PC directly to the gateway and use a > cross-over cable, the VPN connection from the PC client works correctly > and I can access the systems inside the LAN behind the gateway (ping, > browse etc.). So I guess the two gateways hooked directly together > requires the use of a cross-over cable. Maybe, but a better way of putting it is "when plugging like into like, a crossover is needed". It's the same for serial communications vis-a-vis null modem cables. So, if you're going from a switch/router/hub to another switch/router/hub (and not using an uplink port), you'll need to use a crossover, and the same holds true if you're going from a PC to a PC. $.02, -Ken > -Alex > > - Original Message - > From: "Hewitt Tech" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, April 01, 2003 7:36 AM > Subject: Re: Dumb networking question... > > > I agree that two of these devices aren't entirely necessary unless we > want to use VPNs to access each site where they will eventually be > installed. I was thinking that it would be easy to stage them to check > out how the VPN tunnel would work and make any adjustments. The WAN side > of the gateways should just be talking on a network right? So that means > that theoretically, I should just be able to assign them to the same > network segment address and they should see each other and > communications should work as if they were really hooked up to a DSL or > Cable-modem. Last night I bypassed my LinkSys firewall/router and tried > both 3Com boxes and they both worked correctly using the DHCP assigned > IP addresses (Comcast/Attbi/Mediaone). So at that level they both appear > to be working correctly. The nice thing about these gateways is that > they have built-in PPTP/IPsec tunnel servers. That way I don't need to > expose any systems on the LAN for purposes of establishing a tunnel > connection. I guess if these two boxes were directly hooked together > they would need a cross-over cable between them but today I thought I'd > use a cross-over cable tied directly to a PC to see if that will work > using just one gateway box. > > -Alex > > ----- Original Message - > From: "Derek Martin" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, March 31, 2003 11:21 PM > Subject: Re: Dumb networking question... > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Mon, Mar 31, 2003 at 07:40:15PM -0500, Hewitt Tech wrote: >> My question is "Do I have the gateway addresses set correctly. The >> only thing connecting the two hubs is the CAT5 cable. My assumption is >> that setting the first device's gateway address to the device 2's >> static WAN address and vice-versa should allow the two hubs to >> communicate properly. > > I'd have to say that this is almost certainly wrong. As far as I can > see, you've created a routing loop. But I can't begin to make > suggestions as to how to fix it, since I don't know what the rest of the > network looks like. That you need two of these devices seems > dubious, but without understanding what you're trying to accomplish, > it's hard to say where to go from here. > > - -- > Derek D. Martin > http://www.pizzashack.org/ > GPG Key ID: 0xDFBEAD02 > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE+iRPdHEnASN++rQIRAjeUAKCKcDkP3kS4TRYmZYnVpdG3/R8+6gCbBsI3 > zmp39tumoHO+ylVAVsSIVDU= > =cQGM > -END PGP SIGNATURE- > ___ > gnhlug-discuss mailing list > [EMAIL PROTECTED] > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss > > ___ > gnhlug-discuss mailing list > [EMAIL PROTECTED] > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss > > ___ > gnhlug-discuss mailing list > [EMAIL PROTECTED] > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Dumb networking question...
On Mon, 31 Mar 2003, Hewitt Tech wrote: > My question is "Do I have the gateway addresses set correctly. The only > thing connecting the two hubs is the CAT5 cable. My assumption is that > setting the first device's gateway address to the device 2's static WAN > address and vice-versa should allow the two hubs to communicate properly. You're absolutely correct. Known hosts on the local network will route correctly (and traffic passed to it from the other "network" will route correctly). It shouldn't create a routing loop unless you try to get to an address that's not known on either network.. in which case, the TTL of the packet will eventually expire. For testing, this is fine.. You will need to specify the other box as the default route on the opposing box, as you've described. You may want to instead specify static routes, rather than default routes.. .but it's not a huge deal. Ben -- Without rice, even the cleverest housewife cannot cook. ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Dumb networking question...
The 3Com documentation is pretty reasonable in describing how the tunnel server assigns addresses to the incoming VPN connections. They take pains to make sure that you don't overlap the VPN tunnel addresses and the DHCP addresses that are served to the local systems. At the client end, packets are directed to the tunnel server end automatically once the tunnel is established. So for example, if I had a local 192.168.1.100 and a remote 192.168.1.100, the tunnel client makes sure the traffic is sent to the distant (tunnel server) connection. -Alex P.S. One thing the 3Com box doesn't seem to support is showing you the addresses it has assigned to incoming VPN clients. I can easily see them from the client side but not as easily figure them out on the gateway side. The 3Com box does let you see that there are VPN tunnels running and who is logged in but doesn't give their IP addresses. - Original Message - From: "Ben Boulanger" <[EMAIL PROTECTED]> To: "Hewitt Tech" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, April 01, 2003 9:20 AM Subject: Re: Dumb networking question... On Mon, 31 Mar 2003, Hewitt Tech wrote: > My question is "Do I have the gateway addresses set correctly. The only > thing connecting the two hubs is the CAT5 cable. My assumption is that > setting the first device's gateway address to the device 2's static WAN > address and vice-versa should allow the two hubs to communicate properly. You're absolutely correct. Known hosts on the local network will route correctly (and traffic passed to it from the other "network" will route correctly). It shouldn't create a routing loop unless you try to get to an address that's not known on either network.. in which case, the TTL of the packet will eventually expire. For testing, this is fine.. You will need to specify the other box as the default route on the opposing box, as you've described. You may want to instead specify static routes, rather than default routes.. .but it's not a huge deal. Ben -- Without rice, even the cleverest housewife cannot cook. ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Dumb networking question...
On Tue, 1 Apr 2003, Derek Martin wrote: > This is not entirely true. Many switches have ports that auto-sense > whether they should be crossed over or straight through... Never heard of this - got any models I can look up?? Cool technology rules. -- Great souls have wills; feeble ones have only wishes. ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Dumb networking question...
On Tue, 1 Apr 2003 20:25:50 -0500 (EST) Ben Boulanger <[EMAIL PROTECTED]> wrote: > On Tue, 1 Apr 2003, Derek Martin wrote: > > This is not entirely true. Many switches have ports that auto-sense > > whether they should be crossed over or straight through... > > Never heard of this - got any models I can look up?? Cool technology > rules. My old Linksys switch does not auto sense, but has port 1 set up with a normal/uplink switch. The linksys routers that I have have port 1 set up with two jacks, one is normal, the other being uplink. I do have a crossover cable, but I use that for installfests. -- Jerry Feldman <[EMAIL PROTECTED]> Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9 pgp0.pgp Description: PGP signature
Re: Dumb networking question...
This is true for the 3Com device as well. It autosenses all ports including the WAN port and the LAN ports... This would explain why my VPN tunnel connected no matter whether I had a straight through or a crossover cable. -alex - Original Message - From: "Derek Martin" <[EMAIL PROTECTED]> To: "GNHLUG mailing list" <[EMAIL PROTECTED]> Sent: Tuesday, April 01, 2003 9:41 PM Subject: Re: Dumb networking question... -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Apr 01, 2003 at 09:36:40PM -0500, Derek Martin wrote: > > > This is not entirely true. Many switches have ports that auto-sense > > > whether they should be crossed over or straight through... > > > > Never heard of this - got any models I can look up?? Cool technology > > rules. > > The Netgear FS105 does this, on its uplink port (even though it As it happens, it does this on ALL ports, not just the uplink port. - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+ik3SHEnASN++rQIRAoZWAJsHoWm4+rv+CHDy0Rq+LWX8JPgStgCgqYAQ oAdUqTmP9JHrZMxoikpeUQ8= =mGTc -END PGP SIGNATURE- ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Dumb networking question...
In a message dated: Tue, 01 Apr 2003 20:25:50 EST Ben Boulanger said: >On Tue, 1 Apr 2003, Derek Martin wrote: >> This is not entirely true. Many switches have ports that auto-sense >> whether they should be crossed over or straight through... > >Never heard of this - got any models I can look up?? Cool technology >rules. I believe the newer Bay/Nortel Networks switches do this as well, but I'm not positive. -- Seeya, Paul -- Key fingerprint = 1660 FECC 5D21 D286 F853 E808 BB07 9239 53F1 28EE It may look like I'm just sitting here doing nothing, but I'm really actively waiting for all my problems to go away. If you're not having fun, you're not doing it right! ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Dumb networking question...
On Tue, Apr 01, 2003 at 08:25:50PM -0500, Ben Boulanger <[EMAIL PROTECTED]> wrote: > On Tue, 1 Apr 2003, Derek Martin wrote: > > This is not entirely true. Many switches have ports that auto-sense > > whether they should be crossed over or straight through... > > Never heard of this - got any models I can look up?? Cool technology > rules. HP Procurve switch that I have recently gotten familar with do this. They call this feature "Auto-MDIX". Sample switches with Auto-MDIX: http://www.hp.com/rnd/products/switches/switch2708-2724/summary.htm http://www.hp.com/rnd/products/switches/switch2524-2512/summary.htm -- Bob Bell <[EMAIL PROTECTED]> - "When you say 'I wrote a program that crashed Windows', people just stare at you blankly and say 'Hey, I got those with the system, *for free*'." -- Linus Torvalds, creator of the Linux operating system ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Dumb networking question...
One other piece of the puzzle fell into place. Although I had VPN connections going from one gateway to the other, I couldn't ping addresses for machines behind the other gateway. Further perusal of the 3 Com documents (not included with the device but on their web site) showed that the LANs needed to be in different sub-nets. So the person who said there might be a routing problem was correct. Simply setting the two LANs to 192.168.1.* and 192.168.2.* respectively fixed the problem. -Alex - Original Message - From: "Bob Bell" <[EMAIL PROTECTED]> To: "Ben Boulanger" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, April 02, 2003 10:21 AM Subject: Re: Dumb networking question... On Tue, Apr 01, 2003 at 08:25:50PM -0500, Ben Boulanger <[EMAIL PROTECTED]> wrote: > On Tue, 1 Apr 2003, Derek Martin wrote: > > This is not entirely true. Many switches have ports that auto-sense > > whether they should be crossed over or straight through... > > Never heard of this - got any models I can look up?? Cool technology > rules. HP Procurve switch that I have recently gotten familar with do this. They call this feature "Auto-MDIX". Sample switches with Auto-MDIX: http://www.hp.com/rnd/products/switches/switch2708-2724/summary.htm http://www.hp.com/rnd/products/switches/switch2524-2512/summary.htm -- Bob Bell <[EMAIL PROTECTED]> - "When you say 'I wrote a program that crashed Windows', people just stare at you blankly and say 'Hey, I got those with the system, *for free*'." -- Linus Torvalds, creator of the Linux operating system ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Dumb networking question...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ben Boulanger <[EMAIL PROTECTED]> writes: > On Tue, 1 Apr 2003, Derek Martin wrote: > > This is not entirely true. Many switches have ports that auto-sense > > whether they should be crossed over or straight through... > > Never heard of this - got any models I can look up?? Cool technology > rules. I've got a D-Link DSS-24 10/100 Fast Ethernet rackmount switch that auto-senses. I just plugged an arbitrary port into a port on my cablemodem, and it worked out of the box. $112.36 at mwave.com. - -- John Abreau / Executive Director, Boston Linux & Unix Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Exmh version 2.6 02/09/2003 iQCVAwUBPotWiFV9A5rVx7XZAQIvAgQAyo8QvgIm3pym6ZDzpVvPR0CbNetawVFr gfGmZ54fyMdgqZiq3Ps0+fPBhGx6IEJi4+kyd3qne64pA5Jbdwx21TT/RR3TynCj 6j8664eQJN0bW49Ox2ihRH09JMCKfHX7QpeweFyelJtZCvZy2hbALtj2p7/uXB1n OCkdZSZyRIY= =xO9S -END PGP SIGNATURE- ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Dumb networking question...
Alex (Hewitt Tech) wrote: > So the person who said there > might be a routing problem was correct. Simply setting the two LANs to > 192.168.1.* and 192.168.2.* respectively fixed the problem. I think that may have been me, but it was in a message that didn't go to the list. [I don't consider myself a networking expert, it often takes me lots of trial-and-error to solve these kinds of problems -- but if someone wanted me to solve their problems I'm available!] -- Forwarded Message: - From:[EMAIL PROTECTED] To: "Hewitt Tech" <[EMAIL PROTECTED]> Subject: Re: Dumb networking question... Date:Tue, 01 Apr 2003 13:55:48 + I may be misunderstanding, too, what you're trying to accomplish. What I saw that made me think there might be a problem was that, given the address assignments and subnet masks involved, there was no way for a host to determine, from the IP address alone, whether it must direct a packet to the gateway or send it directly on the LAN. This decision takes place at the routing level and once it's made, the lower level doesn't have the capability to change it -- and it's only the lower level (using ARP, etc) that knows which MAC addresses are local. It I were doing this, I'd set up distinct subnets for the two sides of the bridge/tunnel. ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Dumb networking question...
Thanks Jim. With 20/20 hindsight I think this problem should have been easier but... -Alex - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 02, 2003 5:22 PM Subject: Re: Dumb networking question... Alex (Hewitt Tech) wrote: > So the person who said there > might be a routing problem was correct. Simply setting the two LANs to > 192.168.1.* and 192.168.2.* respectively fixed the problem. I think that may have been me, but it was in a message that didn't go to the list. [I don't consider myself a networking expert, it often takes me lots of trial-and-error to solve these kinds of problems -- but if someone wanted me to solve their problems I'm available!] -- Forwarded Message: - From:[EMAIL PROTECTED] To: "Hewitt Tech" <[EMAIL PROTECTED]> Subject: Re: Dumb networking question... Date:Tue, 01 Apr 2003 13:55:48 + I may be misunderstanding, too, what you're trying to accomplish. What I saw that made me think there might be a problem was that, given the address assignments and subnet masks involved, there was no way for a host to determine, from the IP address alone, whether it must direct a packet to the gateway or send it directly on the LAN. This decision takes place at the routing level and once it's made, the lower level doesn't have the capability to change it -- and it's only the lower level (using ARP, etc) that knows which MAC addresses are local. It I were doing this, I'd set up distinct subnets for the two sides of the bridge/tunnel. ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss