0 Replies Latest reply: Jun 12, 2009 9:16 AM by 807573 RSS

    Routing Packets between interfaces

    807573
      I have two zones, the firt my zone have the ipaddress 172.24.0.1/23 and 190.144.55.107/29 whit network 172.24.0..0 and 190.144.55.104 this zone is conected a Routet with internet conection with ip 190.144.55.105/29.i can do ping y traceroute to whatever internet address
      the routing table by the proxy zone is

      Routing Table: IPv4
      Destination Gateway Flags Ref Use Interface
      -------------------- -------------------- ----- ----- ---------- ---------------------------------------------------
      default 190.144.55.105 UG 1 890
      172.24.0.0 172.24.0.1 U 1 30 vnet2
      190.144.55.104 190.144.55.107 U 1 38 vnet1
      224.0.0.0 190.144.55.107 U 1 0 vnet1
      127.0.0.1 127.0.0.1 UH 3 116 lo0

      i have activated the ip-forwarding and routing services
      Configuración Actual Actual
      Opción Configuración Estado del sistema
      ---------------------------------------------------------------
      Encaminamiento de IPv4 enabled enabled
      Reenvío de IPv4 enabled enabled

      Servicios de enrutamiento "route:default ripng:default"

      Daemons de enrutamiento:
      STATE FMRI
      online svc:/network/routing/route:default

      the ipfilters is configured to pass all packets:
      cat /etc/ipf/ipf.conf .
      pass in all
      pass out all

      In the cvs Zone have the ip address 172.24.0.3 and this is the routing table
      Routing Table: IPv4
      Destination Gateway Flags Ref Use Interface
      -------------------- -------------------- ----- ----- ---------- ---------
      default 172.24.0.1 UG 1 2188
      172.24.0.0 172.24.0.3 U 1 2570 vnet0:4
      224.0.0.0 172.24.0.3 U 1 0 vnet0:4
      127.0.0.1 127.0.0.1 UH 4 110 lo0:3

           
      as you can see I use different interfaces in each zone, in cvs's zone vnet0 y and the proxy's zone vnet1 y vnet2


      My problem is. i can do ping since cvs zone to ip 190.144.55.107 and login with ssh through the default gateway
      but if want to do ping to router(190.144.55.105) or if i want traceroute to google o whatever address i cannot do. by example
      in the cvs's zone:
      -bash-3.00# traceroute www.google.com
      traceroute: Warning: www.google.com has multiple addresses; using 209.85.133.99
      traceroute to www.google.com (209.85.133.99), 30 hops max, 40 byte packets
      1 proxy (172.24.0.1) 1.611 ms 0.963 ms 0.853 ms
      2 * * *
      3 * * *

      in the proxy zone if i do this
      -bash-3.00# traceroute www.google.com
      traceroute: Warning: www.google.com has multiple addresses; using 74.125.65.147
      traceroute: Warning: Multiple interfaces found; using 190.144.55.107 @ vnet1
      traceroute to www.google.com (74.125.65.147), 30 hops max, 40 byte packets
      1 local.gateway (190.144.55.105) 0.861 ms 0.757 ms 0.661 ms
      2 10.175.23.254 (10.175.23.254) 0.894 ms 7.283 ms 9.102 ms
      3 200.26.157.5 (200.26.157.5) 1.541 ms 1.408 ms 1.373 ms
      4 bbint-bogota-ortezal-1-g2-1-0.uninet.net.mx (201.125.239.126) 1.445 ms 1.491 ms 1.376 ms
      5 bbint-miami-americas-3-pos9-0.uninet.net.mx (201.125.224.222) 43.512 ms 43.554 ms 43.609 ms
      6 74.125.49.245 (74.125.49.245) 43.548 ms 160.618 ms 43.631 ms
      7 72.14.236.178 (72.14.236.178) 43.536 ms 43.670 ms 43.674 ms
      8 209.85.254.252 (209.85.254.252) 58.551 ms 56.805 ms 57.012 ms
      9 72.14.239.131 (72.14.239.131) 83.880 ms 57.814 ms 57.593 ms
      10 209.85.253.214 (209.85.253.214) 62.891 ms 58.590 ms 57.665 ms
      11 gx-in-f147.google.com (74.125.65.147) 59.671 ms 57.849 ms 59.426 ms

      i probe use snoop to see what was happening:
      snoop 172.24.0.3 (ip of cvs zone) and did ping to 190.144.55.105 since cvs zone

      -bash-3.00# snoop 172.24.0.3
      Using device /dev/vnet1 (promiscuous mode)
      172.24.0.3 -> local.gateway UDP D=33437 S=42956 LEN=20
      172.24.0.3 -> local.gateway UDP D=33438 S=42956 LEN=20
      172.24.0.3 -> local.gateway UDP D=33439 S=42956 LEN=20


      other view

      -bash-3.00# snoop -v 172.24.0.3
      Using device /dev/vnet1 (promiscuous mode)
      ETHER: ----- Ether Header -----
      ETHER:
      ETHER: Packet 1 arrived at 9:07:31.90892
      ETHER: Packet size = 54 bytes
      ETHER: Destination = 0:d:da:6:22:cd,
      ETHER: Source = 0:14:4f:fa:5f:20,
      ETHER: Ethertype = 0800 (IP)
      ETHER:
      IP: ----- IP Header -----
      IP:
      IP: Version = 4
      IP: Header length = 20 bytes
      IP: Type of service = 0x00
      IP: xxx. .... = 0 (precedence)
      IP: ...0 .... = normal delay
      IP: .... 0... = normal throughput
      IP: .... .0.. = normal reliability
      IP: .... ..0. = not ECN capable transport
      IP: .... ...0 = no ECN congestion experienced
      IP: Total length = 40 bytes
      IP: Identification = 22220
      IP: Flags = 0x4
      IP: .1.. .... = do not fragment
      IP: ..0. .... = last fragment
      IP: Fragment offset = 0 bytes
      IP: Time to live = 1 seconds/hops
      IP: Protocol = 17 (UDP)
      IP: Header checksum = 80e4
      IP: Source address = 172.24.0.3, 172.24.0.3
      IP: Destination address = 190.144.55.105, local.gateway
      IP: No options
      IP:
      UDP: ----- UDP Header -----
      UDP:
      UDP: Source port = 42959
      UDP: Destination port = 33437
      UDP: Length = 20
      UDP: Checksum = 5D64
      UDP:

      ETHER: ----- Ether Header -----
      ETHER:
      ETHER: Packet 2 arrived at 9:07:37.88318
      ETHER: Packet size = 98 bytes
      ETHER: Destination = 0:d:da:6:22:cd,
      ETHER: Source = 0:14:4f:fa:5f:20,
      ETHER: Ethertype = 0800 (IP)
      ETHER:
      IP: ----- IP Header -----
      IP:
      IP: Version = 4
      IP: Header length = 20 bytes
      IP: Type of service = 0x00
      IP: xxx. .... = 0 (precedence)
      IP: ...0 .... = normal delay
      IP: .... 0... = normal throughput
      IP: .... .0.. = normal reliability
      IP: .... ..0. = not ECN capable transport
      IP: .... ...0 = no ECN congestion experienced
      IP: Total length = 84 bytes
      IP: Identification = 22221
      IP: Flags = 0x0
      IP: .0.. .... = may fragment
      IP: ..0. .... = last fragment
      IP: Fragment offset = 0 bytes
      IP: Time to live = 254 seconds/hops
      IP: Protocol = 1 (ICMP)
      IP: Header checksum = c3c6
      IP: Source address = 172.24.0.3, 172.24.0.3
      IP: Destination address = 190.144.55.105, local.gateway
      IP: No options


      what must to do to recieved response of the router o can traceroute a whatever internet address since the cvs zone:

      PD: since my browser in the cvs zone with this configuration and configuring in the option preference(firefox) that my proxy is 172.24.0.1 i have intenet conection