On Sun, 2 Jul 2017 20:13:49 +0200 "Hartmann, O." <o.hartmann_at_walstatt.org> wrote: > On Sun, 2 Jul 2017 14:39:34 +0200 > Milan Obuch <freebsd-current_at_dino.sk> wrote: [ snip ] > > > To not use a routing daemon due to the small size of my network, I > > > desided to use static routes, in rc.conf I placed the following > > > variables: > > > > > > static_routes="igb1.2 igb1.10" > > > route_igb1_2="-net 192.168.2.0/24 -interface igb1.2" > > > route_igb1_10="-net 192.168.10.0/24 -interface igb1.10" > > > > > > igb1 is assigned to IP/NET 192.168.0.1/24 > > > Just to be exact, could you show us ifconfig lines from rc.conf as well? It is common to have something like cloned_interfaces="igb1.2 igb1.10" ifconfig_igb1_2="192.168.2.1/24" ifconfig_igb1_10="192.168.10.1/24" and no static routes as you showed, because address assigned to interface means automatically line in route table, however, they should look identical to those shown in your first mail. > > > netstat -Warn gives me (as dummy, since I have no direct access to > > > the box via serial console from the system I write this mail): > > > > > > Internet: > > > Destination Gateway Flags Use Mtu Netif > > > 127.0.0.1 link#3 UH 334564 16384 lo0 > > > 192.168.0.0/24 link#4 U 23452 1500 > > > igb1 192.168.0.1 link#4 UHS 29734 > > > 16384 lo0 192.168.2.0/24 link#5 U > > > 271 1500 igb1.2 192.168.2.1 link#5 UHS 0 > > > 16384 lo0 > > > > I think you did not include network 192.168.10.0/24 on igb1.10... > > I skipped that, it is quite the same according to the settings of the > others and unused for now. So it doesn't matter. But you're right. > This was just for tha sake of completteness, nothing else. [ sysctl stuff snipped - not relevant, I think ] > > > From the routing device itself, it is possible to ssh into a VoIP > > > client attached to the switch to which igb1.2 trunks the net. > > > Pinging is also possible. > > > > > > Attached to igb1 is the 192.168.0.1/24 network with a bunch of > > > hosts. From any host within this network it is possible to ping > > > the 192.168.2.0/24 network and its hosts within, but no SSH, not > > > web (80, 443). > > > > > > > Weird - if icmp (ping) works and tcp (web, ssh) not, something is > > filtering traffic. But with net.inet.ip.forwarding=0, even pinging > > host should not work. Try tcpdump to see what's going on. > > net.inet.ip.forwarding works as expected. See above, I confused the > OID. > [ snip ] > > From network architecture view, there is no difference - vlan is > > network interface just like physical ethernet. Basically everything > > is the same (sometimes there is issue with mtu, but this hardware > > dependent). > > Yes, so I thought, but as you stated, something is filtering and I > have no clue what. > Then I just recommend tcpdump - I would use 'tcpdump -nepi igb1.2 host 192.168.0.x and host 192.168.2.y' and 'tcpdump -nepi igb1 host 192.168.0.x and host 192.168.2.y' in two session and compare outputs when pinging from 192.168.0.x to 192.168.2.y and when trying to ssh from the former to the later. Also there is a question then what these two devices are, what OS are they running, their network configuration... then we can analyse the problem better. Regards, MilanReceived on Sun Jul 02 2017 - 17:12:22 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:12 UTC