RE: (ASCEND) P50 routing on LAN side

To: "'ascend-users@bungi.com'" <ascend-users@bungi.com>
Subject: RE: (ASCEND) P50 routing on LAN side
From: Steve LaDuke <steve_laduke@tuttle.com>
Date: Wed, 7 Jan 1998 15:18:10 -0800
Cc: "Todd A. Scalzott" <todd@kastle.com>
Sender: owner-ascend-users@max.bungi.com

Todd,

What kind of firewall are you using?  Does it do NAT?

My firewall, BorderWare, does Network Address Translation.  So my mail
goes to the firewall's address, and the firewall proxies it to another
host, internally.

If it doesn't do NAT and instead acts as a filtering router, then you
may need to setup some subnetting.

Steve  LaDuke

> -----Original Message-----
> From:	Todd A. Scalzott [SMTP:todd@kastle.com]
> Sent:	Wednesday, January 07, 1998 11:26 AM
> To:	'ascend-users@bungi.com'
> Subject:	(ASCEND) P50 routing on LAN side
> 
> 
> I've had my P50 up and running for what seems like years now (and may
> very 
> well be so).  The connection has always been from a LAN numbered
> within 
> our provider's supplied Class C through a Centrex connection.
> 
> All was well.
> 
> I then installed a firewall and for that purpose moved the P50 to a
> direct 
> connection with the firewall's external interface via a crossover
> cable.
> 
> Again, all was well.
> 
> Now, however, I'm trying to configure some external plugs through the 
> firewall to an SMTP host on the internal side.  The firewall is all
> set to 
> go, but the routes don't seem to quite be there on the P50.
> 
> A ping attempt to all IPs in our class C fails, except that of the 
> firewall.  Normally desired behavior, except for the case of the SMTP 
> server.
> 
> What's happening is that I can see the ARP request make it all the way
> 
> through from a shell account on a different provider to the P50 and
> then 
> on through to the firewall.  What the firewall manufacturer tells me
> is 
> that I need to have the P50 configured with a static route pointing to
> the 
> external interface of my firewall as a router for the class C.    But
> the 
> P50 already establishes a /24 route to the ie0 interface:
> 
> ascend% iproute show
> 
> Destination        Gateway         IF       Flg   Pref Met     Use
> Age
> 0.0.0.0/0          205.177.45.89   wan9     SGP    100   1    1539
> 642
> 127.0.0.1/32       -               lo0      CP       0   0       0
> 7203241
> 127.0.0.2/32       -               rj0      CP       0   0       0
> 7203241
> 127.0.0.3/32       -               bh0      CP       0   0       0
> 7203241
> 172.17.1.0/24      -               ie0      C        0   0      94
> 2669
> 172.17.1.2/32      -               lo0      C        0   0       0
> 2669
> 205.177.45.0/24    205.177.45.89   wan9     rGT    100   1       0
> 509
> 205.177.45.0/24    205.177.45.89   wan9     *SG    120   7       0
> 643
> 205.177.45.89/32   205.177.45.89   wan9     rT     100   1      17
> 509
> 205.177.45.89/32   205.177.45.89   wan9     *SP    120   7       2
> 984
> 207.176.66.0/24    -               ie0      C        0   0    8773
> 2670
> 207.176.66.2/32    -               lo0      CP       0   0     124
> 2670
> 255.255.255.255/32 -               ie0      CP       0   0       0
> 643
> 
> 
> So something like "iproute add 207.176.66.0/24 207.176.66.40 1" won't 
> work--the existing route will always take precedence.
> 
> Any suggestions here or insight as to what I am missing?  Thanks In 
> Advance.
> 
> 
> Todd A. Scalzott, Kastle Systems, LLC.          Team OS/2
> todd@kastle.com, postmaster@kastle.com
> 
> 
> 
> ++ Ascend Users Mailing List ++
> To unsubscribe:	send unsubscribe to
> ascend-users-request@bungi.com
> To get FAQ'd:	<http://www.nealis.net/ascend/faq>
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: Re: (ASCEND) Ascend P50
Next by Date: (ASCEND) P50 reset to defaults?
Prev by thread: Re: (ASCEND) P50 routing on LAN side
Next by thread: Re: (ASCEND) P50 routing on LAN side
Index(es):
- Main
- Thread