1834178 Members
2397 Online
110064 Solutions
New Discussion

Networking Question

 
SOLVED
Go to solution
Amiel Tutolo
Frequent Advisor

Networking Question

I have an rp5470 running 11i that I am having a small networking issue with. The machine has 2 nic's. One is the internal card on 10.205.205 network, the other is a 1000-SX on 192.168.0 network. The 192 is for internal use. The 10 network is for remote users via VPN connection. The problem I am having is that the 10 card stops responding to remote users. Some can access while others can't and then some others can't and some others can. Other times it doesn't respond at all. Both cards respond fine from machines on the internal network. Here is the netconf file:

HOSTNAME="server1"
OPERATING_SYSTEM=HP-UX
LOOPBACK_ADDRESS=127.0.0.1

INTERFACE_NAME[0]=lan0
IP_ADDRESS[0]=10.205.205.10
SUBNET_MASK[0]=255.255.255.0
BROADCAST_ADDRESS[0]=10.205.205.255
INTERFACE_STATE[0]=up
DHCP_ENABLE[0]=0

ROUTE_DESTINATION[0]="net 10.205.205.0"
ROUTE_MASK[0]=""
ROUTE_GATEWAY[0]=10.205.205.1
ROUTE_COUNT[0]=1
ROUTE_ARGS[0]=""

GATED=0
GATED_ARGS=""

RDPD=0

RARP=0

IP_ADDRESS[1]=192.168.1.175
SUBNET_MASK[1]=255.255.248.0
INTERFACE_NAME[1]=lan2
BROADCAST_ADDRESS[1]=192.168.7.255
INTERFACE_STATE[1]=up

ROUTE_DESTINATION[1]=default
ROUTE_GATEWAY[1]=192.168.7.254
ROUTE_COUNT[1]=1

Output from the netstat -rn is attached.

Any help would be greatly appreciated.
Live, love and laugh
6 REPLIES 6
Jeff Schussele
Honored Contributor
Solution

Re: Networking Question

Hi Amiel,

You should be routing to the 10.205.205 subnet *through* the local NIC - 10.205.205.10 with a hopcount of 0.

Are you getting outbound traffic out that 10.205.205.10 NIC? And how does the routing table look - netstat -rn ?

Also - it's my preference - but I always set the default route up first with index [0] & all static routes up after.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Amiel Tutolo
Frequent Advisor

Re: Networking Question

Jeff,
The netstat -rn is attached. Thanks for the help so far.
Live, love and laugh
Amiel Tutolo
Frequent Advisor

Re: Networking Question

Jeff,
I am getting outbound traffic. I ran a traceroute -i through the 10 card and it worked fine.
Live, love and laugh
Jeff Schussele
Honored Contributor

Re: Networking Question

Hi (again) Amiel,

Look at a netstat -in output & see if you actually get any traffic out that NIC.
You really need to reset that 10. subnet route up as indicated earlier.

You can either do route delete & route add (remember to change the netconf file) OR change the netconf file & do net stop & net start (Remember to do from console or you won't get the chance to do the net start)

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Sanjay_6
Honored Contributor

Re: Networking Question

Hi Amiel,

Is it possible that the user who are coming from the 10 netowk have ip addresses different from 10.205.205.0 subnet. If so their outbound traffic would get diverted through the default route.

Hope this helps.

Regds
Ron Kinner
Honored Contributor

Re: Networking Question

Note that the last 3 entries on your netstat -rn are missing a valid pmtu so you have something wrong.

10.205.205.0 10.205.205.1 UG 0 lan0 0
127.0.0.0 127.0.0.1 U 0 lo0 0
default 192.168.7.254 UG 0 lan2 0

My guess is that you need to remove the

ROUTE_DESTINATION[0]="net 10.205.205.0"
ROUTE_MASK[0]=""
ROUTE_GATEWAY[0]=10.205.205.1
ROUTE_COUNT[0]=1
ROUTE_ARGS[0]=""


I suspect it is confusing the routing table by inserting a bogus second route. It is not necessary nor desireable to explicitly put in a route for the local network. This is taken care of automatically by the configuration process.

If packets from the VPN concentrator (which I assume is at 10.205.205.1) are not coming in with source IPs of 10.205.205.x then return traffic to them will be sent out the default route. In order for it to work you would need to add a route pointing to the VPN concentrator for the new subnet and not for the existing local network. If they are coming in with source IPs of 10.205.205.x, then an ARP with their IP should return the MAC of the concentrator. I suppose it works like my RAS and has a block of IPs and it assigns one to each client. Make sure that the block that it assigns from is included in the 10.205.205.x subnet and that no one else squats on one of the IP addresses in the subnet block. That what was happening to my RAS. Squatters would ping an address and not get a reply so they would assume the address was unused and assign it to a new host then when the RAS assigned it it didn't work. I finally connected the RAS to the router with a crossover cable and eliminated the possibility of squatters. (Disconnect the VPN concentrator from the network and ping every address in the block and see if anybody responds. They shouldn't but you might be surprised.)

Ron