Re: Static routing question

2014-11-14 Thread Jon Radel 
On 11/10/14, 2:46 PM, Peter Hessler wrote:
 As I said before.

 _This_ _Is_ _Not_ _Possible_.

 Period.


Wellif you're doing bridging on the Linux setup you're trying to
replace, but don't realize it, forget to mention that the Cisco actually
*does* have an address in the /29 the Free/OpenBSD box lives on twice,
and then have a conceptual breakdown between layer 2 and layer 3, you
might end up where the OP is.  At least that's the conclusion I've
tentatively come to given the parallel conversation on
freebsd-questions.  :-)

I think he's trying to do a bump-on-the-wire firewall.

Here's OP's network diagram from freebsd-questions, with one correction
based on a later clarification:



  +---+
  | Cisco |
  +-+-+
|if: 189.92.72.9/29
|
|em0: 189.92.72.10/255.255.255.248
  +-+---+
  | FreeBSD |
  +-+---+
|em1: 189.92.72.11/255.255.255.248

|
|
  +-+--+
  | Switch |+-+
  ++|  MAIL   |
|---+-+
 bnx0: 189.72.92.12/255.255.255.248


Looks like a stereotypical bump-on-the-wire bridging firewall to me.

Dante:  see http://www.openbsd.org/faq/faq6.html#Bridge   And in OpenBSD
I'd address only one of the interfaces (or none of them if you wish to
increase security by forcing all management to be done from the
console).  And it's not routing.  So don't try to use routes.


--Jon Radel
j...@radel.com

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: Static routing question

2014-11-10 Thread Dante F. B. Colò 
Hi

This is a part of the output containing the static routes related to 
*bnx0* , *bnx1 *, i was trying to make a static route for the  
189.92.72.11 pointing to *bnx1* but without success, is it possible ? 
below the routes is the output of ifconfig these interfaces, i'm gonna 
try a bridge also. Thank all of you for the responses.

Regards
Dante F. B. Colò


default189.92.72.9UGS 5746 674637542 - 8 bnx0
189.92.72.8/29 link#5 UC 30 - 4 bnx0
189.92.72.9f4:0f:1b:20:4b:20  UHLc   10 - 4 bnx0
189.92.72.10   00:10:18:9d:31:84  UHLc   0   42 - 4 lo0
189.92.72.11   link#5 UHLc   01 - 4 bnx0
204.31.112/24  link#2 C  00 - 4 bge1
204.31.112.24/29   link#2 C  10 - 4 bge1
204.31.112.26  00:25:64:3c:de:76  UHLc   0   34 - 4 lo0
224/4  127.0.0.1  URS00 33200 8 lo0


bnx1: flags=28843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NOINET6 mtu 1500
 lladdr 00:10:18:9d:31:86
 priority: 0
 media: Ethernet autoselect (1000baseT full-duplex)
 status: active
 inet 189.92.72.11 netmask 0xfff8 broadcast 189.92.72.15

bnx0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1400
 lladdr 00:10:18:9d:31:84
 priority: 0
 groups: egress
 media: Ethernet autoselect (1000baseT full-duplex)
 status: active
 inet6 fe80::210:18ff:fe9d:3184%bnx0 prefixlen 64 scopeid 0x5
 inet 189.92.72.10 netmask 0xfff8 broadcast 189.92.72.15



On 11/7/14 4:18 AM, rjc wrote:
 On Thu, Nov 06, 2014 at 04:12:20PM EST, Dante F. B. Colò wrote:

 Hello everyone
 Hi Dante,

 I'm trying to setup some static routes on a openbsd 4.9 box for some
 public addresses , the machine has two ethernet cards *bnx0 ***and *bnx1
 ***, *bnx0* is attached to a Cisco internet router and *bnx1*** is
 connected to a switch, both interfaces  have  public addresses of the
 same range , *bnx1 *appears has absolutely no communication  ,  i took a
 look at the static routes and there is a route for the subnet that it
 goes to *bnx0* , i'm trying to add a static route for the ip address
 pointing to the***bnx1 *without pass gateway using *-iface* parameter
 but always returns Network unreachble, someone can help me or give
 some tips to fix this ? for many here this is probably a nooby question,
 we also have some firewall Linux boxes that i'm gonna migrate to openbsd
 but first i have to solve this.
 First and foremost, if you ask any questions regarding networking, you
 should include the content of:

 /etc/hostname.bnx{0,1}
 /etc/mygate # if it exists and you're not using DHCP

 Please also include the output of:

 router show

 and any commands exactly as you enter them.

 That would be a good place to start - BTW, this information should have
 been included in the first email.

 Regards,

 rjc

 P.S. 4.9? Isn't it time to upgrade? ;^)

Re: Static routing question

2014-11-10 Thread Peter Hessler 
As I said before.

_This_ _Is_ _Not_ _Possible_.

Period.

On 2014 Nov 10 (Mon) at 17:30:50 -0200 (-0200), Dante F. B. Col? wrote:
:Hi
:
:This is a part of the output containing the static routes related to 
:*bnx0* , *bnx1 *, i was trying to make a static route for the  
:189.92.72.11 pointing to *bnx1* but without success, is it possible ? 

No.  You CANNOT do that.


:bnx1: flags=28843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NOINET6 mtu 1500
: lladdr 00:10:18:9d:31:86
: priority: 0
: media: Ethernet autoselect (1000baseT full-duplex)
: status: active
: inet 189.92.72.11 netmask 0xfff8 broadcast 189.92.72.15
:
:bnx0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1400
: lladdr 00:10:18:9d:31:84
: priority: 0
: groups: egress
: media: Ethernet autoselect (1000baseT full-duplex)
: status: active
: inet6 fe80::210:18ff:fe9d:3184%bnx0 prefixlen 64 scopeid 0x5
: inet 189.92.72.10 netmask 0xfff8 broadcast 189.92.72.15
:



-- 
You have acquired a scroll entitled 'irk gleknow mizk'(n).--More--

This is an IBM Manual scroll.--More--

You are permanently confused.
-- Dave Decot

Re: Static routing question

2014-11-07 Thread lists 
On Thu, Nov 06, 2014 at 07:12:20PM -0200, Dante F. B. Col?? wrote:
 I'm trying to setup some static routes on a openbsd 4.9 box for some 
 public addresses

This usually gets mentioned, so I'll go ahead and bring this to your
attention.

OpenBSD 4.9 is long unsupported.  There have been many releases since
then, so I'd highly suggest a fresh install of 5.6 if you are able.

Re: Static routing question

2014-11-07 Thread Peter Hessler 
That is not supported.  You MUST NOT have IPs in the same range on
different interfaces.

You can assign some /32s (or /128 if you are using IPv6) to a lo1 on the
system, but that may not be what you want.



On 2014 Nov 06 (Thu) at 19:12:20 -0200 (-0200), Dante F. B. Col?? wrote:
:Hello everyone
:
:I'm trying to setup some static routes on a openbsd 4.9 box for some 
:public addresses , the machine has two ethernet cards *bnx0 ***and *bnx1 
:***, *bnx0* is attached to a Cisco internet router and *bnx1*** is 
:connected to a switch, both interfaces  have  public addresses of the 
:same range , *bnx1 *appears has absolutely no communication  ,  i took a 
:look at the static routes and there is a route for the subnet that it 
:goes to *bnx0* , i'm trying to add a static route for the ip address 
:pointing to the***bnx1 *without pass gateway using *-iface* parameter 
:but always returns Network unreachble, someone can help me or give 
:some tips to fix this ? for many here this is probably a nooby question, 
:we also have some firewall Linux boxes that i'm gonna migrate to openbsd 
:but first i have to solve this.
:
:Best Regards
:Dante F. B. Col??
:

-- 
Those who educate children well are more to be honored than parents,
for these only gave life, those the art of living well.
-- Aristotle

Re: Static routing question

2014-11-07 Thread Stuart Henderson 
On 2014-11-07, li...@ggp2.com li...@ggp2.com wrote:
 On Thu, Nov 06, 2014 at 07:12:20PM -0200, Dante F. B. Col?? wrote:
 I'm trying to setup some static routes on a openbsd 4.9 box for some 
 public addresses

 This usually gets mentioned, so I'll go ahead and bring this to your
 attention.

Yes, it usually does, and often by people who just pick up on that
one point..

 OpenBSD 4.9 is long unsupported.  There have been many releases since
 then, so I'd highly suggest a fresh install of 5.6 if you are able.

It is absolutely correct that 4.9 is long unsupported, but running
5.6 or -current is going to make no difference to the problem
that Dante described. phessler has it right; I have one thing to add
though, this might be a situation where a bridge(4) can help.

Re: Static routing question

2014-11-07 Thread Theo de Raadt 
On 2014-11-07, li...@ggp2.com li...@ggp2.com wrote:
 On Thu, Nov 06, 2014 at 07:12:20PM -0200, Dante F. B. Col?? wrote:
 I'm trying to setup some static routes on a openbsd 4.9 box for some 
 public addresses

 This usually gets mentioned, so I'll go ahead and bring this to your
 attention.

Yes, it usually does, and often by people who just pick up on that
one point..

 OpenBSD 4.9 is long unsupported.  There have been many releases since
 then, so I'd highly suggest a fresh install of 5.6 if you are able.

It is absolutely correct that 4.9 is long unsupported, but running
5.6 or -current is going to make no difference to the problem
that Dante described. phessler has it right; I have one thing to add
though, this might be a situation where a bridge(4) can help.

When someone submits a bug report regarding an old release, we can go
around and around in circles finding out if it is still valid.  Or we
can shotcut the problem, since there aren't enough people to verify things.

Since I value my sanity, I saw that report, and I ignored it.

Static routing question

2014-11-06 Thread Dante F. B. Colò 
Hello everyone

I'm trying to setup some static routes on a openbsd 4.9 box for some 
public addresses , the machine has two ethernet cards *bnx0 ***and *bnx1 
***, *bnx0* is attached to a Cisco internet router and *bnx1*** is 
connected to a switch, both interfaces  have  public addresses of the 
same range , *bnx1 *appears has absolutely no communication  ,  i took a 
look at the static routes and there is a route for the subnet that it 
goes to *bnx0* , i'm trying to add a static route for the ip address 
pointing to the***bnx1 *without pass gateway using *-iface* parameter 
but always returns Network unreachble, someone can help me or give 
some tips to fix this ? for many here this is probably a nooby question, 
we also have some firewall Linux boxes that i'm gonna migrate to openbsd 
but first i have to solve this.

Best Regards
Dante F. B. Colò

Re: Static routing question

2014-11-06 Thread rjc 
On Thu, Nov 06, 2014 at 04:12:20PM EST, Dante F. B. Colò wrote:

 Hello everyone

Hi Dante,

 I'm trying to setup some static routes on a openbsd 4.9 box for some 
 public addresses , the machine has two ethernet cards *bnx0 ***and *bnx1 
 ***, *bnx0* is attached to a Cisco internet router and *bnx1*** is 
 connected to a switch, both interfaces  have  public addresses of the 
 same range , *bnx1 *appears has absolutely no communication  ,  i took a 
 look at the static routes and there is a route for the subnet that it 
 goes to *bnx0* , i'm trying to add a static route for the ip address 
 pointing to the***bnx1 *without pass gateway using *-iface* parameter 
 but always returns Network unreachble, someone can help me or give 
 some tips to fix this ? for many here this is probably a nooby question, 
 we also have some firewall Linux boxes that i'm gonna migrate to openbsd 
 but first i have to solve this.

First and foremost, if you ask any questions regarding networking, you
should include the content of:

/etc/hostname.bnx{0,1}
/etc/mygate # if it exists and you're not using DHCP

Please also include the output of:

router show

and any commands exactly as you enter them.

That would be a good place to start - BTW, this information should have
been included in the first email.

Regards,

rjc

P.S. 4.9? Isn't it time to upgrade? ;^)