|
|
|
|
| Author |
|
|
Registered
Join Date: Dec 2002
Location: www.fakelife.com
Posts: 1,672
|
Solaris/UNIX/networking experts, help me figure this out...
I just copied and pasted this, since I cross posted in the Solaris forums @ sun.com
---- Hi guys, I've got a Solaris 10 (on x86) networking issue I just can't resolve. I setup a Linksys WRT54GS as an Ethernet Bridge. I turned DHCP on the Bridge off, since address are handed out from the other router. Bridge configuration: IP: 192.168.1.254 Netmask: 255.255.255.0 Gateway: 192.168.1.1 <--this is the wireless router DNS: 74.128.17.114 SPI firewall is turned off on the Bridge. I have a Windows XP client plugged into the Bridge receiving settings via DHCP. It works perfectly. However, the Solaris 10 machine plugged into the Bridge, doesn't work. I first tried it via DHCP, and it seemed to have picked up the correct settings, but I couldn't connect to the Internet or any remote hosts. In fact, I couldn't even ping the DNS server listed above! I figured I'd give it a shot with static settings, so I re-configured with the following settings: IP: 192.168.1.104 Netmask: 255.255.255.0 Gateway: 192.168.1.1 DNS: 74.128.17.114 hostname: unknown These are the same settings that Windows XP reported (obviously the IP didn't end in 104). I still cannot access the Internet, or any remote hosts, or ping my DNS servers. I can, however, access the Bridge and wifi router both over the web and via telnet/ssh. I'm really pretty confused here, it should just work. Is there some obscure setting somewhere I don't know of, or some special way it has to be setup for use behind a Bridge? Thanks in advance, ~Slow
__________________
I turn away with fear and horror from this lamentable sore of continuous functions without derivatives. --Charles Hermite Fakelife.com Nothing to do with archery anymore. Porsche/BMW/Ferrari/Honda videos |
||
10-26-2008, 02:22 AM
|
|
|
Gon fix it with me hammer
|
does the router make a high pitch squeeking sound?
my linksys did, and it meant it was broken... it did that from the start and i returned it to sender, and got me a d-link instead
__________________
Stijn Vandamme EX911STARGA73EX92477EX94484EX944S8890MPHPINBALLMACHINEAKAEX987C2007 BIMDIESELBMW116D2019 |
||
|
10-26-2008, 03:33 AM
|
|
|
Yea, but it's a dry heat
Join Date: Jan 2006
Posts: 754
|
What does your /etc/nsswitch.conf file look like?
|
||
|
10-26-2008, 04:35 AM
|
|
|
Registered
Join Date: Dec 2002
Location: www.fakelife.com
Posts: 1,672
|
Stijn, nope...it seems to work perfectly...with the XP computer connected...
Mr.Wizard, here you go Code:
# cat /etc/nsswitch.conf # # Copyright 2006 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # ident "@(#)nsswitch.files 1.14 06/05/03 SMI" # # /etc/nsswitch.files: # # An example file that could be copied over to /etc/nsswitch.conf; it # does not use any naming service. # # "hosts:" and "services:" in this file are used only if the # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports. passwd: files group: files hosts: files ipnodes: files networks: files protocols: files rpc: files ethers: files netmasks: files bootparams: files publickey: files # At present there isn't a 'files' backend for netgroup; the system will # figure it out pretty quickly, and won't use netgroups at all. netgroup: files automount: files aliases: files services: files printers: user files auth_attr: files prof_attr: files project: files tnrhtp: files tnrhdb: files # Code:
# route -p show persistent: route add default 192.168.1.1 1 # Code:
# netstat -nr Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ---------- --------- 192.168.1.0 192.168.1.104 U 1 7 gani0 192.168.1.0 192.168.1.1 UG 1 0 224.0.0.0 192.168.1.104 U 1 0 gani0 127.0.0.1 127.0.0.1 UH 2 39 lo0 # Code:
# cat /etc/defaultrouter 192.168.1.1 #
__________________
I turn away with fear and horror from this lamentable sore of continuous functions without derivatives. --Charles Hermite Fakelife.com Nothing to do with archery anymore. Porsche/BMW/Ferrari/Honda videos Last edited by SlowToady; 10-26-2008 at 07:19 AM.. |
||
|
10-26-2008, 07:13 AM
|
|
|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 55,932
|
Well, if you can ping the local router, but not anything past the router, normally, I'd say that the default gateway isn't configured.
Can you do a traceroute to 4.2.2.2 and provide the results? If connectivity to local devices is working, then it's just ARP working. To get past your default gateway, the Solaris host needs a default gateway, you already have that. The next thing that needs to happen is that the default gateway will probably be translating (NAT) the 192.168.1.104 address to whatever it's outside address is (assigned by the ISP). If the .104 address isn't translated, then nothing past your router will know where to send the packet to get it back to the Solaris box. Actually, chances are the ISP will block the traffic before it goes anywhere. If the XP box is working fine then it would seem that the NAT is working ok. Show us the results of the trace route. I did once see an issue a long time ago where a specific type of traffic was failing from a UNIX box. The guy swore that it was the router blocking the traffic, but at some point we realized that the TTL of the packets for that traffic had been set to 1 which kept all of the traffic local. Seems highly unlikely to be the problem in this case. Try setting the address to something different 192.168.1.10 or .200 or .74, whatever.
__________________
Steve '08 Boxster RS60 Spyder #0099/1960 - never named a car before, but this is Charlotte. '88 targa  SOLD 2004 - gone but not forgotten
|
||
|
10-26-2008, 08:17 AM
|
|
|
Slackerous Maximus
Join Date: Apr 2005
Location: Columbus, OH
Posts: 18,164
|
Router setup for MAC filtering?
__________________
2022 Royal Enfield Interceptor. 2012 Harley Davidson Road King 2014 Triumph Bonneville T100. 2014 Cayman S, PDK. Mercedes E350 family truckster. |
||
|
10-26-2008, 08:29 AM
|
|
|
|
Registered
Join Date: Dec 2002
Location: www.fakelife.com
Posts: 1,672
|
Code:
# traceroute 4.2.2.2 traceroute to 4.2.2.2 (4.2.2.2), 30 hops max, 40 byte packets 1 192.168.1.1 (192.168.1.1) 1.893 ms 1.406 ms 1.796 ms 2 74.131.88.1 (74.131.88.1) 11.640 ms 13.882 ms 25.176 ms 3 74.131.0.153 (74.131.0.153) 14.495 ms 10.560 ms 20.950 ms 4 74.128.9.245 (74.128.9.245) 121.274 ms 198.776 ms 204.078 ms 5 144.223.14.229 (144.223.14.229) 24.058 ms 19.913 ms 19.673 ms 6 144.232.26.69 (144.232.26.69) 34.250 ms 34.685 ms 20.308 ms 7 144.232.20.3 (144.232.20.3) 21.138 ms 23.312 ms 24.244 ms 8 144.232.8.114 (144.232.8.114) 24.525 ms 23.554 ms 21.473 ms 9 4.68.101.66 (4.68.101.66) 19.647 ms 4.68.101.98 (4.68.101.98) 21.247 ms 4.68.101.162 (4.68.101.162) 20.894 ms 10 4.2.2.2 (4.2.2.2) 23.881 ms 18.878 ms 30.957 ms # Also, check this out...192.168.1.100 == XP client Code:
# traceroute 192.168.1.100 traceroute to 192.168.1.100 (192.168.1.100), 30 hops max, 40 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 *^C#
__________________
I turn away with fear and horror from this lamentable sore of continuous functions without derivatives. --Charles Hermite Fakelife.com Nothing to do with archery anymore. Porsche/BMW/Ferrari/Honda videos |
||
|
10-26-2008, 08:37 AM
|
|
|
Registered
Join Date: Dec 2002
Location: www.fakelife.com
Posts: 1,672
|
Just double checked that...nope
Quote:
__________________
I turn away with fear and horror from this lamentable sore of continuous functions without derivatives. --Charles Hermite Fakelife.com Nothing to do with archery anymore. Porsche/BMW/Ferrari/Honda videos |
||
|
10-26-2008, 08:39 AM
|
|
|
Registered
Join Date: Dec 2002
Location: www.fakelife.com
Posts: 1,672
|
Ok..and somehow I just connected via telnet to port 139 of my XP client. Yet I still can't ping it? WTF? Or traceroute to it???
__________________
I turn away with fear and horror from this lamentable sore of continuous functions without derivatives. --Charles Hermite Fakelife.com Nothing to do with archery anymore. Porsche/BMW/Ferrari/Honda videos |
||
|
10-26-2008, 08:54 AM
|
|
|
Registered
|
How come your gateway route is not tied to an interface?
Code:
# netstat -nr Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ---------- --------- 192.168.1.0 192.168.1.104 U 1 7 gani0 192.168.1.0 192.168.1.1 UG 1 0 224.0.0.0 192.168.1.104 U 1 0 gani0 127.0.0.1 127.0.0.1 UH 2 39 lo0 #
__________________
Make sure to check out my balls in the Pelican Parts Catalog! 917 inspired shift knobs. '84 Targa - Arena Red - AX #104 '07 Toyota Camry Hybrid - Yes, I'm that guy... '01 Toyota Corolla - Urban Camouflage - SOLD |
||
|
10-26-2008, 08:57 AM
|
|
|
Registered
Join Date: Dec 2002
Location: www.fakelife.com
Posts: 1,672
|
In Solaris you don't need to explicitly define the interface. I re-did the route with
Code:
#route change 192.168.1.0 192.168.1.1 -ifp gani0
__________________
I turn away with fear and horror from this lamentable sore of continuous functions without derivatives. --Charles Hermite Fakelife.com Nothing to do with archery anymore. Porsche/BMW/Ferrari/Honda videos |
||
|
10-26-2008, 09:06 AM
|
|
|
Slackerous Maximus
Join Date: Apr 2005
Location: Columbus, OH
Posts: 18,164
|
Is there some kind of ICMP filtering 'feature' on either of the devices? Oh course thats does not explain the disparity between the XP box and Solaris box......nevermind.
__________________
2022 Royal Enfield Interceptor. 2012 Harley Davidson Road King 2014 Triumph Bonneville T100. 2014 Cayman S, PDK. Mercedes E350 family truckster. |
||
|
10-26-2008, 09:10 AM
|
|
|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 55,932
|
Quote:
XP has a firewall, that's probably why you can't ping it. Also, it's not uncommon for people to disable ping responses on DNS servers. So pinging may not be the best test. Try defining 4.2.2.3 as a DNS server. I've used that before for testing as well. It sounds like your biggest problem may be DNS.
__________________
Steve '08 Boxster RS60 Spyder #0099/1960 - never named a car before, but this is Charlotte. '88 targa SOLD 2004 - gone but not forgotten
|
||
|
10-26-2008, 10:10 AM
|
|
|
Registered
Join Date: Dec 2002
Location: www.fakelife.com
Posts: 1,672
|
Wow...stupid XP firewall. I thought I had it turned off. I can now ping and traceroute to the XP client.
You know, it annoys the hell out of me that people disable ICMP, since the RFC explicitly says not to. I guess I can understand why they do disable it, but it's super annoying and doesn't really add any security. But anyway... Ok so I figured it out as I was writing this reply about how it didn't work...here's how I fixed it. Code:
#touch /etc/resolv.conf #echo nameserver 4.2.2.3 > /etc/resolv.conf # cp /etc/nsswitch.dns /etc/nsswitch.conf
__________________
I turn away with fear and horror from this lamentable sore of continuous functions without derivatives. --Charles Hermite Fakelife.com Nothing to do with archery anymore. Porsche/BMW/Ferrari/Honda videos |
||
|
10-26-2008, 11:00 AM
|
|
|
Gon fix it with me hammer
|
you sure it's in bridge mode, and not in client mode
client mode is where the wifi thing basically acts as an external wifi client on ethernet... it will only take 1 ethernet client as it's no a true bridge mode... i have a netgear i used for that purpose edit. never mind, just seen the last posts
__________________
Stijn Vandamme EX911STARGA73EX92477EX94484EX944S8890MPHPINBALLMACHINEAKAEX987C2007 BIMDIESELBMW116D2019 |
||
|
10-26-2008, 11:22 AM
|
|
|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 55,932
|
Excellent. I hate those "It's really simple, it has to work." Problems that pop up from time to time.
__________________
Steve '08 Boxster RS60 Spyder #0099/1960 - never named a car before, but this is Charlotte. '88 targa SOLD 2004 - gone but not forgotten
|
||
|
10-26-2008, 12:16 PM
|
|
|
Registered
Join Date: Mar 2002
Location: My House
Posts: 5,345
|
Quote:
Without ICMP you can't negotiate things like MTU size properly, for example if a down stream router has a lower MTU size and the packets that are reaching it are larger than that MTU - without ICMP it cannot negotiate with the other routers or the host sending the data to change the packet size or to fragment the packets. You basically break the network at that point. Lame.
__________________
-The Mikester I heart Boobies |
||
|
10-26-2008, 12:24 PM
|
|
|
?
Join Date: Apr 2002
Posts: 30,443
|
Quote:
 . Seriously, I'd venture that most large company's disable ICMP from passing through their firewalls based upon my experience in corporate america (connecting with lots of other "corporate networks"). I once even had a Security manager adamantly insist upon having DNS disabled on firewalls that connected to our DMZ many years ago...I assured him he would change his mind soon (after beating my head again against the wall), and quit arguing with someone who had no clue...
|
||
|
10-26-2008, 12:56 PM
|
|
|
Slackerous Maximus
Join Date: Apr 2005
Location: Columbus, OH
Posts: 18,164
|
Quote:
Used to get these bizarre ARP table issues with 3Com switches. They would hold a MAC address for a port, and flushing the arp table did not clear it. You would have to cycle the box to fix it. Yeah, THAT took us a little while to figure out. A server would not communicate when plugged into the port, and we would be staring at the command prompt saying, "Thats just not freaking possible!"
__________________
2022 Royal Enfield Interceptor. 2012 Harley Davidson Road King 2014 Triumph Bonneville T100. 2014 Cayman S, PDK. Mercedes E350 family truckster. |
||
|
10-26-2008, 12:57 PM
|
|
|
?
Join Date: Apr 2002
Posts: 30,443
|
I've had some REAL headaches over the years with ARP caching issues on Cisco routers causing HUGE networking outages...those can be a bear to find/debug. How come I'm not missing those days
?
|
||
|
10-26-2008, 01:00 PM
|
|
 |
| Thread Tools | |
| Rate This Thread | |
|
|
BimForce the Third, Esquire
1984 Porsche Targa 3.2L
