|
Solaris/UNIX/networking experts, help me figure this out...
I just copied and pasted this, since I cross posted in the Solaris forums @ sun.com
---- Hi guys, I've got a Solaris 10 (on x86) networking issue I just can't resolve. I setup a Linksys WRT54GS as an Ethernet Bridge. I turned DHCP on the Bridge off, since address are handed out from the other router. Bridge configuration: IP: 192.168.1.254 Netmask: 255.255.255.0 Gateway: 192.168.1.1 <--this is the wireless router DNS: 74.128.17.114 SPI firewall is turned off on the Bridge. I have a Windows XP client plugged into the Bridge receiving settings via DHCP. It works perfectly. However, the Solaris 10 machine plugged into the Bridge, doesn't work. I first tried it via DHCP, and it seemed to have picked up the correct settings, but I couldn't connect to the Internet or any remote hosts. In fact, I couldn't even ping the DNS server listed above! I figured I'd give it a shot with static settings, so I re-configured with the following settings: IP: 192.168.1.104 Netmask: 255.255.255.0 Gateway: 192.168.1.1 DNS: 74.128.17.114 hostname: unknown These are the same settings that Windows XP reported (obviously the IP didn't end in 104). I still cannot access the Internet, or any remote hosts, or ping my DNS servers. I can, however, access the Bridge and wifi router both over the web and via telnet/ssh. I'm really pretty confused here, it should just work. Is there some obscure setting somewhere I don't know of, or some special way it has to be setup for use behind a Bridge? Thanks in advance, ~Slow |
does the router make a high pitch squeeking sound?
my linksys did, and it meant it was broken... it did that from the start and i returned it to sender, and got me a d-link instead |
What does your /etc/nsswitch.conf file look like?
|
Stijn, nope...it seems to work perfectly...with the XP computer connected...
Mr.Wizard, here you go Code:
# cat /etc/nsswitch.confCode:
# route -p showCode:
# netstat -nrCode:
# cat /etc/defaultrouter |
Well, if you can ping the local router, but not anything past the router, normally, I'd say that the default gateway isn't configured.
Can you do a traceroute to 4.2.2.2 and provide the results? If connectivity to local devices is working, then it's just ARP working. To get past your default gateway, the Solaris host needs a default gateway, you already have that. The next thing that needs to happen is that the default gateway will probably be translating (NAT) the 192.168.1.104 address to whatever it's outside address is (assigned by the ISP). If the .104 address isn't translated, then nothing past your router will know where to send the packet to get it back to the Solaris box. Actually, chances are the ISP will block the traffic before it goes anywhere. If the XP box is working fine then it would seem that the NAT is working ok. Show us the results of the trace route. I did once see an issue a long time ago where a specific type of traffic was failing from a UNIX box. The guy swore that it was the router blocking the traffic, but at some point we realized that the TTL of the packets for that traffic had been set to 1 which kept all of the traffic local. Seems highly unlikely to be the problem in this case. Try setting the address to something different 192.168.1.10 or .200 or .74, whatever. |
Router setup for MAC filtering?
|
Code:
# traceroute 4.2.2.2Also, check this out...192.168.1.100 == XP client Code:
# traceroute 192.168.1.100 |
Just double checked that...nope:(
Quote:
|
Ok..and somehow I just connected via telnet to port 139 of my XP client. Yet I still can't ping it? WTF? Or traceroute to it???
|
How come your gateway route is not tied to an interface?
Code:
# netstat -nr |
In Solaris you don't need to explicitly define the interface. I re-did the route with
Code:
#route change 192.168.1.0 192.168.1.1 -ifp gani0 |
Is there some kind of ICMP filtering 'feature' on either of the devices? Oh course thats does not explain the disparity between the XP box and Solaris box......nevermind.
|
Quote:
XP has a firewall, that's probably why you can't ping it. Also, it's not uncommon for people to disable ping responses on DNS servers. So pinging may not be the best test. Try defining 4.2.2.3 as a DNS server. I've used that before for testing as well. It sounds like your biggest problem may be DNS. |
Wow...stupid XP firewall. I thought I had it turned off. I can now ping and traceroute to the XP client.
You know, it annoys the hell out of me that people disable ICMP, since the RFC explicitly says not to. I guess I can understand why they do disable it, but it's super annoying and doesn't really add any security. But anyway... Ok so I figured it out as I was writing this reply about how it didn't work...here's how I fixed it. Code:
#touch /etc/resolv.conf |
you sure it's in bridge mode, and not in client mode
client mode is where the wifi thing basically acts as an external wifi client on ethernet... it will only take 1 ethernet client as it's no a true bridge mode... i have a netgear i used for that purpose edit. never mind, just seen the last posts |
Excellent. I hate those "It's really simple, it has to work." Problems that pop up from time to time.
|
Quote:
Without ICMP you can't negotiate things like MTU size properly, for example if a down stream router has a lower MTU size and the packets that are reaching it are larger than that MTU - without ICMP it cannot negotiate with the other routers or the host sending the data to change the packet size or to fragment the packets. You basically break the network at that point. Lame. |
Quote:
|
Quote:
Used to get these bizarre ARP table issues with 3Com switches. They would hold a MAC address for a port, and flushing the arp table did not clear it. You would have to cycle the box to fix it. Yeah, THAT took us a little while to figure out. A server would not communicate when plugged into the port, and we would be staring at the command prompt saying, "Thats just not freaking possible!" |
I've had some REAL headaches over the years with ARP caching issues on Cisco routers causing HUGE networking outages...those can be a bear to find/debug. How come I'm not missing those days :)?
|
I was in the process of replacing my Linux server at home. New one was 80% ready when old server gave up the ghost. I pent 8-10 hrs trying to get the new server to route packets over from one interface to the other. Nothing, I could either get the internal network to respond or the external. Changed NIC cards, swapped cables, rebooted, tapped away at the keyboard - nothing...
Finally shut the server off and went to bed tired and pissed around 4:30 in the morning... Woke up a few hours later, turned the server back on and it worked. Never did figure it out. |
I've been working with Cisco routers and switches since about 1999, and got into their security stuff about 3 years later. Yeah, I've seen lots of weird behavior, like _____ not working, then you turn on a debug to see what's happening and it starts working. Sometimes the debug will turn something on and off like a switch.
Or back in the day when getting NAT to work consistently meant "no ip route-cache" had to be turned on everywhere. |
*Sigh*
This whole post is making me nostalgic for my days in the trenches, cable maker in one hand, quad latte in the other...... *sip of merlot* ....ok, I'm over it. :) |
| All times are GMT -8. The time now is 02:42 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0
Copyright 2025 Pelican Parts, LLC - Posts may be archived for display on the Pelican Parts Website