f



Solaris & General Networking - Multi-homed Home Network

I'm first trying to figure out, after failed attempts, if what I'm
hoping to achieve is even possible or should simply be avoided.

PROBLEM:  Unable to get a wired IPV4 LAN to route through multi-homed
Solaris server through to internet.  All other connectivity works
great.

SETUP:  "Typical"* home LAN setup.  (* IMHO)

Hardware, is only four devices:
   1) Gigabit Netgear "router"
   2) Netgear Wireless Access Point
   3) Solaris server running Solaris Express Developer Edition 2/07
   4) MacBook Pro (hereafter "MBP")

Network schematic:  Internet (WAN) to Netgear "router", AccessPoint
into router, Solaris wired to router on e1000g0, MBP wireless to AP,
AND, MBP wired direct gigabit jumbo-frame to Solaris server (bge0) via
cross-over cable.  Both networks work great independently.

 IP Table - best viewed w/ fixed-width font:
                                                        GOAL:
 ====================================================   =========
 Internet          DHCP to Netgear "router"
 Netgear "router"  192.168.1.1     (1500 MTU network)   <-------|
 Access Point      192.168.1.2     (1500 MTU network)           |
 Solaris e1000g0   192.168.1.3     (1500 MTU network)           |
 MBP (wireless)    192.168.1.10    (1500 MTU network)           |
 ----------------------------------------------------           |
 Solaris bge0      10.0.0.1        (9000 MTU network)       |---^
 MBP (wired)       10.0.0.2        (9000 MTU network)   0---^
 ====================================================

GOAL:  Enable access to internet from MBP 10.0.0.2 interface through
faster wired networked Solaris server.

Granted, I know the jumbo MTU is too big for typical internet traffic,
but I'm hoping that it'll be resegmented by Solaris when changing
adapters and work just fine.



Current Solaris Net Config (unnecessary info omitted):
======================================================
# uname -a
SunOS XXXXXX 5.11 snv_55b i86pc i386 i86pc
# ifconfig -a
e1000g0:
flags=201100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4,CoS> mtu
1500 index 3
        inet 192.168.1.3 netmask ffffff00 broadcast 192.168.1.255
        ether 0:e:c:cf:f5:da
bge0: flags=201100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4,CoS>
mtu 9000 index 2
        inet 10.0.0.1 netmask ff000000 broadcast 10.255.255.255
        ether 0:a:e4:2f:60:5f

# netstat -nr

Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use
Interface
-------------------- -------------------- ----- ----- ----------
---------
default              192.168.1.1          UG        1       1088
10.0.0.0             10.0.0.1             U         1       1347 bge0
192.168.1.0          192.168.1.3          U         1        157
e1000g0
224.0.0.0            192.168.1.3          U         1          0
e1000g0
127.0.0.1            127.0.0.1            UH        1          0 lo0
-------------------- -------------------- ----- ----- ----------
---------
Oddly, I don't know why the 224.0.0.0 route is listed and I was unable
to remove thus:
     # route delete 224.0.0.0 192.168.1.3
     delete net 224.0.0.0: gateway 192.168.1.3: not in table

Any help, tips, or leads in helping resolve the routing issue would be
much appreciated.  Thanks.

Wes Williams

0
zemplar (11)
4/30/2007 1:52:43 PM
comp.unix.solaris 26025 articles. 2 followers. Post Follow

10 Replies
1239 Views

Similar Articles

[PageSpeed] 34

On 2007-04-30, KJ <zemplar@gmail.com> wrote:
> I'm first trying to figure out, after failed attempts, if what I'm
> hoping to achieve is even possible or should simply be avoided.

Oh, it's most certainly possible. It's how my home stuff is set up.
More or less.

> Oddly, I don't know why the 224.0.0.0 route is listed and I was unable
> to remove thus:
>      # route delete 224.0.0.0 192.168.1.3
>      delete net 224.0.0.0: gateway 192.168.1.3: not in table

It's a multicast network. I just leave it in place.

> Any help, tips, or leads in helping resolve the routing issue would be
> much appreciated.  Thanks.

You haven't actually asked a question. What's the problem?

-- 
Ignorance more frequently begets confidence than does knowledge: it is those
who know little, not those who know much, who so positively assert that this
            or that problem will never be solved by science.
            [email me at huge {at} huge (dot) org <dot> uk]
0
Huge
4/30/2007 2:15:10 PM
On Apr 30, 10:15 am, Huge <H...@nowhere.much.invalid> wrote:
> On 2007-04-30, KJ <zemp...@gmail.com> wrote:
>
> > I'm first trying to figure out, after failed attempts, if what I'm
> > hoping to achieve is even possible or should simply be avoided.
>
> Oh, it's most certainly possible. It's how my home stuff is set up.
> More or less.
>
> > Oddly, I don't know why the 224.0.0.0 route is listed and I was unable
> > to remove thus:
> >      # route delete 224.0.0.0 192.168.1.3
> >      delete net 224.0.0.0: gateway 192.168.1.3: not in table
>
> It's a multicast network. I just leave it in place.
>
> > Any help, tips, or leads in helping resolve the routing issue would be
> > much appreciated.  Thanks.
>
> You haven't actually asked a question. What's the problem?
>
The question is implied from the "GOAL" that routing from the MBP
through the Solaris box isn't routing to the internet properly and I'd
like it to.

0
KJ
4/30/2007 2:47:03 PM
KJ <zemplar@gmail.com> wrote:
> The question is implied from the "GOAL" that routing from the MBP
> through the Solaris box isn't routing to the internet properly and I'd
> like it to.

Does the Solaris box allow routing?  Does /etc/notrouter exist? If so,
delete it.  If it's Sol 10 have a look at the man page for routeadm.

-- 
Geoff Lane, Airstrip One

Today's Excuse:  We only support a 1200 bps connection.
0
news
4/30/2007 4:13:11 PM
On Apr 30, 2:52 pm, KJ <zemp...@gmail.com> wrote:


> GOAL:  Enable access to internet from MBP 10.0.0.2 interface through
> faster wired networked Solaris server.

What's the default route on the Mac?

Is forwarding enabled on the Sun (routadm will tell you).

0
Tim
4/30/2007 4:15:03 PM
On Apr 30, 12:13 pm, <n...@buffy.sighup.org.uk> wrote:
> KJ <zemp...@gmail.com> wrote:
> > The question is implied from the "GOAL" that routing from the MBP
> > through the Solaris box isn't routing to the internet properly and I'd
> > like it to.
>
> Does the Solaris box allow routing?  Does /etc/notrouter exist? If so,
> delete it.  If it's Sol 10 have a look at the man page for routeadm.
>
> --
> Geoff Lane, Airstrip One
>
> Today's Excuse:  We only support a 1200 bps connection.

I've enabled forwarding with routeadm some time ago and routing is
still disabled.  I've created a /etc/defaultrouter but no /etc/
notrouter exists; as is correct from my understanding.


0
KJ
4/30/2007 4:24:31 PM
On Apr 30, 12:15 pm, Tim Bradshaw <tfb+goo...@tfeb.org> wrote:
> On Apr 30, 2:52 pm, KJ <zemp...@gmail.com> wrote:
>
> > GOAL:  Enable access to internet from MBP 10.0.0.2 interface through
> > faster wired networked Solaris server.
>
> What's the default route on the Mac?
>
> Is forwarding enabled on the Sun (routadm will tell you).

I'll have to check later tonight the command-line output on the Mac
for the routes.

In the mean time, I do recall that if the wireless adapter precedes
the wired NIC in the MBP's system preferences it properly routes over
the wireless 192.168.1.3 AP, but when the wired NIC precedes the
wireless in the MBP it fails to find the correct route through the
Solaris 10.0.0.1 bge0 interface to the 192.168.1.0 network.

0
KJ
4/30/2007 4:31:57 PM
On Apr 30, 9:31 am, KJ <zemp...@gmail.com> wrote:
> > > GOAL:  Enable access to internet from MBP 10.0.0.2 interface through
> > > faster wired networked Solaris server.
>
> In the mean time, I do recall that if the wireless adapter precedes
> the wired NIC in the MBP's system preferences it properly routes over
> the wireless 192.168.1.3 AP, but when the wired NIC precedes the
> wireless in the MBP it fails to find the correct route through the
> Solaris 10.0.0.1 bge0 interface to the 192.168.1.0 network.

Do you have IPFilter on the Solaris system set up to perform the
required Network Address Translation (NAT), since 10.0.0.1 is on
a private network (RFC 1918)?

(For that matter, a good set of actual filtering rules is
highly recommended as well.)



0
Glenn
4/30/2007 8:21:11 PM
On Apr 30, 4:21 pm, Glenn <eponymousal...@yahoo.com> wrote:
> On Apr 30, 9:31 am, KJ <zemp...@gmail.com> wrote:
>
> > > > GOAL:  Enable access to internet from MBP 10.0.0.2 interface through
> > > > faster wired networked Solaris server.
>
> > In the mean time, I do recall that if the wireless adapter precedes
> > the wired NIC in the MBP's system preferences it properly routes over
> > the wireless 192.168.1.3 AP, but when the wired NIC precedes the
> > wireless in the MBP it fails to find the correct route through the
> > Solaris 10.0.0.1 bge0 interface to the 192.168.1.0 network.
>
> Do you have IPFilter on the Solaris system set up to perform the
> required Network Address Translation (NAT), since 10.0.0.1 is on
> a private network (RFC 1918)?
>
> (For that matter, a good set of actual filtering rules is
> highly recommended as well.)

No, I don't have IPFilter setup as I use the Netgear as my firewall.
Besides, I've had one hell of a time trying to setup IPFilter working
on Solaris without killing my NFS (NFSv3) shares in the process.

Doesn't enabling "forwarding" via routeadm already allow NAT?

0
KJ
4/30/2007 8:30:17 PM
KJ <zemplar@gmail.com> wrote:
>> Do you have IPFilter on the Solaris system set up to perform the
>> required Network Address Translation (NAT), since 10.0.0.1 is on
>> a private network (RFC 1918)?
>>
>> (For that matter, a good set of actual filtering rules is
>> highly recommended as well.)

> No, I don't have IPFilter setup as I use the Netgear as my firewall.
> Besides, I've had one hell of a time trying to setup IPFilter working
> on Solaris without killing my NFS (NFSv3) shares in the process.

> Doesn't enabling "forwarding" via routeadm already allow NAT?

It depends on how you mean.  It doesn't break NAT, but it doesn't create
it magically, either.

Think more about the back channel.  I read your diagram as wanting the
wireless router to do NAT for 192.168.xxx, but the MBP as having a 10.x
address.  How does the wireless router know that the 10.x network is
available by sending to the Sun?

Is it possible that the Sun is forwarding the oubound packets from the
MBP to the gateway, but that no packets from it will ever return?

-- 
Darren Dunham                                           ddunham@taos.com
Senior Technical Consultant         TAOS            http://www.taos.com/
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >
0
Darren
4/30/2007 11:24:19 PM
On Apr 30, 7:24 pm, Darren Dunham <ddun...@redwood.taos.com> wrote:
> KJ <zemp...@gmail.com> wrote:
> >> Do you have IPFilter on the Solaris system set up to perform the
> >> required Network Address Translation (NAT), since 10.0.0.1 is on
> >> a private network (RFC 1918)?
>
> >> (For that matter, a good set of actual filtering rules is
> >> highly recommended as well.)
> > No, I don't have IPFilter setup as I use the Netgear as my firewall.
> > Besides, I've had one hell of a time trying to setup IPFilter working
> > on Solaris without killing my NFS (NFSv3) shares in the process.
> > Doesn't enabling "forwarding" via routeadm already allow NAT?
>
> It depends on how you mean.  It doesn't break NAT, but it doesn't create
> it magically, either.
>
> Think more about the back channel.  I read your diagram as wanting the
> wireless router to do NAT for 192.168.xxx, but the MBP as having a 10.x
> address.  How does the wireless router know that the 10.x network is
> available by sending to the Sun?
>
> Is it possible that the Sun is forwarding the oubound packets from the
> MBP to the gateway, but that no packets from it will ever return?
>
> --
> Darren Dunham                                           ddun...@taos.com
> Senior Technical Consultant         TAOS            http://www.taos.com/
> Got some Dr Pepper?                           San Francisco, CA bay area
>          < This line left intentionally blank to confuse you. >

My router is a Netgear FVS124G where I've got another Multi-homed LAN
IP setup as 10.0.0.1, in addition to the default 192.168.1.1 for the
FVS124G itself.

I'm able to ping all IP's on the LAN and resolve DNS properly from the
Netgear router...meaning the hops from to 10.0.0.0 network can at
least get DNS from the 192.168.1.0 network.  I'll just have to figure
out the rest...getting closer.

0
KJ
5/1/2007 2:25:40 AM
Reply: