Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) P50 routing on LAN side
At 02:26 PM 1/7/98 -0500, Todd A. Scalzott wrote:
>
>What's happening is that I can see the ARP request make it all the way
>through from a shell account on a different provider to the P50 and then
>on through to the firewall. What the firewall manufacturer tells me is
>that I need to have the P50 configured with a static route pointing to the
>external interface of my firewall as a router for the class C. But the
>P50 already establishes a /24 route to the ie0 interface:
What is the IP address of the P50? And the external i/f of the firewall?
>ascend% iproute show
>
>Destination Gateway IF Flg Pref Met Use Age
>0.0.0.0/0 205.177.45.89 wan9 SGP 100 1 1539 642
>127.0.0.1/32 - lo0 CP 0 0 0 7203241
>127.0.0.2/32 - rj0 CP 0 0 0 7203241
>127.0.0.3/32 - bh0 CP 0 0 0 7203241
>172.17.1.0/24 - ie0 C 0 0 94 2669
>172.17.1.2/32 - lo0 C 0 0 0 2669
>205.177.45.0/24 205.177.45.89 wan9 rGT 100 1 0 509
>205.177.45.0/24 205.177.45.89 wan9 *SG 120 7 0 643
>205.177.45.89/32 205.177.45.89 wan9 rT 100 1 17 509
>205.177.45.89/32 205.177.45.89 wan9 *SP 120 7 2 984
>207.176.66.0/24 - ie0 C 0 0 8773 2670
>207.176.66.2/32 - lo0 CP 0 0 124 2670
>255.255.255.255/32 - ie0 CP 0 0 0 643
>
>
>So something like "iproute add 207.176.66.0/24 207.176.66.40 1" won't
>work--the existing route will always take precedence.
Maybe experimenting with the second interface address may help?
>Any suggestions here or insight as to what I am missing? Thanks In
>Advance.
Is this access the only route into the network that you have the firewall
protecting? (Doubt it, but I have to ask). If it was, then you could have
used the Ascend firewall software on the P50?
Kevin
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
Follow-Ups:
References: