I'm running 4.4 stable with 2 3c509c nics which i've manually configured to use the rj45 (cat 5?) connection, i've csvuped and went thru buildworld, etc. with no errors and i've been trying to get my network set up for over a week now and i've not been successful. I have a 56k frame and a rh box connected to a cisco router that's up and i'm trying to get my fbsd box hooked via the d-link switch to it too but it won't ping the router, 'send to: no route to host', i can ping 127.0.0.1 with no problems.
here's what i have set so far, maybe someone can help??
in etc/rc.conf i've added...
hostname="ns2.xxxxx.com"
ipfilter_enable="YES"
ipfilter_program="/sbin/ipf -Fa -f"
ipfilter_rules="/etc/ipf.rules" (i took out all rules trying to get this working)
ipfilter_flags=""
ifconfig_ep0="inet xxx.xxx.xxx.67" netmask="255.255.255.240"
defaultrouter="xxx.xxx.xxx.65"
ifconfig_ep1="inet xxx.xxx.xxx.68" netmask="255.255.255.240"
defaultrouter="xxx.xxx.xxx.65"
in the kernel i've added...
device ep0 at isa? port 0x210 irq 11
device ep1 at isa? port 0x300 irq 10
device ep0 isn't in /dev and i've tried to add it with
/dev/MAKEDEV ep0
but it says device not present
dmesg has...
ep0: <3com 3c509-combo etherlink III at port 0x210-0x21f irq 11 on isa0
ep0: <ethernet address 00:60:97:e1:6b:e0
ep1: <3com 3c509-combo etherlink III at port 0x300-0x30f irq 10 on isa0
ep1: <ethernet address 00:60:97:e1:6b:e0
What am I doing wrong??? or What am I missing?
Needless to say, I'm new at this! I was able to setup ppp with no problem
but this ethernet/nic thing has me stumped! Thanks for any help!!!
Terry
>> i've csvuped and went thru buildworld, etc
>> send to: no route to host'
My first question is, can you ping your gateway before buildworld?
>> ipfilter_program="/sbin/ipf -Fa -f"
You can remove this line. Why? Because you'd put a line to /etc/rc.conf only if it is different from the default found in /etc/defaults/rc.conf.
>> defaultrouter="xxx.xxx.xxx.65"
Don't define this twice.
>> device ep0 isn't in /dev
Whatever device name (ex. ep0) has nothing to do with the name of the device in /dev. After buildworld, you just need to copy the new MAKEDEV from /usr/src/etc/MAKEDEV to /dev/MAKEDEV. Then cd to /dev and run ./MAKEDEV all
>> default xxx.xxx.xxx.65 UGSc 0 0 ep0 (this was added with 'route add default xxx.xxx.xxx.65' (my router ip#))
You don't need to do this manually. That's what defaultrouter="xxx.xxx.xxx.65" in /etc/rc.conf is for.
>> xxx.xxx.xxx.67 ns2.xxxxx.com ns2
Do not put public IP in /etc/hosts. Put only non-routable IPs.
>> but this ethernet/nic thing has me stumped
1) Ask your sysadmin or whoever, make sure the IP, Netmask (important) and gateway are correct.
2) Check your cable
>> i took out all rules trying to get this working
3) If you enabled both ipf and ipfw, remove ipfw and recompile your kernel.
So what's in your /etc/ipf.rules right now? Have you added IPFILTER_DEFAULT_BLOCK to your kernel config file?
Hello freebsd, thanks for replying.
>My first question is, can you ping your gateway before buildworld?
I tried on 3rd, 4th and 5th install :-) but it wouldn't so i went ahead on 6, 7, 8 (now on 9th) install and added sources and ports after the install, setup ppp and added cvsup-16.1e.tgz did a pkg_add, cvsuped, installed ipfilter, and these were the steps i did after that... (i took alot of notes!)
# cd /usr/obj
# chflags –R noschg *
# rm –rf *
# cd /usr/src
# make buildworld /and wait!
# make kernel KERNCONF=GENERIC
# make installworld
# cp –Rp /etc /etc.old
# /usr/sbin/mergemaster
# cd /dev
# /bin/sh MAKEDEV all
# cd /usr/src/release/sysinstall
# make clean
# make all install
rebooted fine, i then copied GENERIC to GENERIC1 and configured in ep0 and ep1, edited rc.conf and did
#make buildkernel KERNCONF=GENERIC1
#make installkernel KERNCONF=GENERIC1
and rebooted
>> ipfilter_program="/sbin/ipf -Fa -f"
>> defaultrouter="xxx.xxx.xxx.65"
>Do not put public IP in /etc/hosts. Put only non-routable IPs.
i removed them
>1) Ask your sysadmin or whoever, make sure the IP, Netmask (important) and gateway are correct.
yes they are, right off of the printout they gave me, my rh box is using the same info just a different ip# xxx.xxx.xxx.66
>2) Check your cable
i tried 3, in fact i disconnected the rh box and tried it's cable it still didn't work? so i tried changing the ip# on 1 nic over to the rh ip# and couldn't get it to ping the gateway either but now i think i screwed something up because this morning the box had this line on it...
# date ns2 /kernel :arp xxx.xxx.xxx.66 is on ep0 but got reply from 00:60:97:e1:65:69 on ep1
>remove ipfw and recompile your kernel.
ipfw isn't there, added IPFILTER_DEFAULT_BLOCK
>So what's in your /etc/ipf.rules right now?
nothing, empty file
i just recompiled kernel and still can't ping gateway, (EDIT - just checked #ping 127.0.0.1 and it comes back 'send to: no route to host') at this point, since i've obviously buggered something up maybe i should go for a fresh install (#10, maybe magic #???) and apply the notes you've added, plus anything else you might suggest???
>> nothing, empty file
Just put:
pass in all
pass out all
>> so i went ahead on 6, 7, 8 (now on 9th) install
Even 100th doesn't matter. It's better to get it right rather than doing a reinstall later on. But why you need to reinstall?
>> just checked #ping 127.0.0.1 and it comes back 'send to: no route to host'
Because you have a default to deny policy for adding IPFILTER_DEFAULT_BLOCK. Just put what I told you to put to /etc/ipf.rules should fix this.
What you should do is to isolate all the steps and ignore buildworld/recompile kernel for now and configure your network. Why waste your time on each reinstall (cvsup/buildworld/recompile kernel) when you just can't get your networking to setup appropriately? This apparently doesn't seem to be a FreeBSD specific issue any longer. Just configure your ep0 or ep1 that connects to your gateway, you can configure the other NIC later as it's a less important issue for now.
YOU'RE GREAT!!! i thought (dumb of me huh?) that the default of ipfilter was pass all, but obviously i was wrong!
>But why you need to reinstall?
i'm rewriting my notes on all of the steps i've taken and will do another install (for the practice and to use my frame connection to d/l the upgrades) to verify that i'm doing things correctly.
Interesting note: i've tried pinging the fbsd box from a dialup connection and it times out but the box is online? Is that from my commenting out inetd.conf or the kernel options IPFILTER_DEFAULT_BLOCK?
I already love the ports collection for installs; qmail, proftpd, daemontools, etc. - one of the reasons for so many installs-testing things out!!! This box will replace qmail and dns (i'm going to try to replace bind with tinydns, grrrr another headache coming i fear!!!) on the rh box.
Well i just shut down the nic interfaces and i'm off to go read up on ipfilter rules...
Thank you VERY MUCH!!!!
Why don't you find out what was the problem with your networking before doing anything further?
>> Is that from my commenting out inetd.conf
No. And inetd is not very secure and I have it completely disabled on all of my BSDs boxes.
>> the kernel options IPFILTER_DEFAULT_BLOCK?
Having a default to deny policy is more secure and much easier to configure your ruleset. As long as you have pass in all and pass out all (no others, just two lines), that makes your policy to have a default to accept, which has nothing to do with ping.
>> for installs; qmail, proftpd, daemontools, etc
djbware are always secure and so great except his publicfile (secure but not useable because it serves just static webpages). If you don't need the bell and whistles of proftpd, just keep your default ftpd and run it under tcpserver and supervise it like you would do with qmail.
>> i'm off to go read up on ipfilter rules
Post your rulesets if you have any question.
i'm back... sorry! i thought i had everything set and written down but when i reinstalled, i could ping my rh box at xxx.xxx.xxx.66 and xxx.xxx.xxx.64 and 127.0.0.1 but not my router at xxx.xxx.xxx.65 got 'Host is down' so i went ahead and used ppp to cvsup (it got 4.5 pre) and went through buildworld and kernel config as before but it still wouldn't ping my router and /var/log/messages had lines for a ep2 & ep3 that said it couldn't set i/o??? so now i am back with fresh install of 4.3-stable from cd and nics configured from install, no errors in /var/log/messages, no cvsup and no firewall trying to get this network problem figured out... results from ping
xxx.xxx.xxx.64 - ok
xxx.xxx.xxx.65 - Host is down
xxx.xxx.xxx.66 - ok (my redhat box, connected at switch)
any external ip# - No route to host
rc.conf is...
hostname="ns2.xxxxx.com"
defaultrouter="xxx.xxx.xxx.65"
ifconfig_ep0="inet xxx.xxx.xxx.67" netmask="255.255.255.240"
ifconfig_ep1="inet xxx.xxx.xxx.68" netmask="255.255.255.240"
(abbreviated from here...)
inetd -NO
kern_secure -"-1"
kernsecure_enable - TES
linux - YES
moused - YES
nfs - NO
sendamil - NO
portmap - NO
sshd - NO
i have to be doing something really wrong or missing something but i can't figure this out??? i'd really like to be confident that i can duplicate a good install!!! but i can't even get my network working???
Thanks again!!!
edit - should i post actual ip#'s ???
Terry
>> should i post actual ip#'s ?
Perhaps you can hide the 1st block. Your configuration syntax appear to be fine. So a simple network topology would be very helpful.
there was some error meesages on the box this morning...
sendmail [801]: gethostbyaddr (xxx.104.118.68) failed: 1
sendmail [818]: gethostbyaddr (xxx.104.118.67) failed: 1
and i have rc.conf set to sendmail="NO" ???
and when i was checking /var/log/messages i noticed this line that i didn't see before...
/kernel: isa_compat: didn't get irq for lnc
Thanks for taking your time with my problem!!!!
Terry
1) Make sure your ep0/ep1 is not connecting to a port that's conflicting with your uplink port. Usually port1 or port5 is shared with uplink.
2) You can ignore that error for now. Once you can reach your router, such error should go away.
>> /kernel: isa_compat: didn't get irq for lnc
>> had lines for a ep2 & ep3 that said it couldn't set i/o
This could be the possible cause. Maybe your NICs have never been configured properly.
Are you sure your motherboard for irq10 and irq11 were not set to legacy ISA? Does your card support pnp?
If I were you I would just grab a low-end PCI card for troubleshooting. Don't you think it's a waste for your switch when your outdated ISA card can't even perform full-duplex mode? Really, your FreeBSD configuration appears to be alright except the io/irq for your 3com cards.
I also would buy another switch for internal. This of course requires your Redhat and FreeBSD to get another NIC and the IP assigns to the NIC should be non-routable like 192.168.0.x.
>> i have rc.conf set to sendmail="NO" ???
This doesn't stop local delivery.
Hardware!!!
Well this has been interesting to say the least, i followed all of the instructions (manual & computer parts stores') on connecting the switch and the rh box was fine but fbsd wouldn't connect. following the switching of cables and further aggravation from my second post i guess i switched things around and forgot to document that part (kicking myself in ***!!!)
When i went to reinstall i reconnected everything to clean up the mess and went back to the "suggested from book" settings on switch (another kick!)
Well to make a long story shorter... Qwest had a main trunk go down here today and the rh box went down (calls from clients - where's my site, email, etc.) Qwest calls right away if it's not their fault (i had a major power outage and they called within 10 minutes) i never heard from them today!!! my isp hadn't heard anything yet so thinking it was my hardware i started switching nics, then pulled switch and went back to crossover cable directly to rh box... still no service!!! i then found out about the outage and after waiting 2 hours, while i put things back together again, my frame came back up, but this time i had the rh box plugged into 2X on the switch, not 1X and fbsd box entirely disconnected, nothing worked! You said that
>1) Make sure your ep0/ep1 is not connecting to a port that's conflicting with your uplink port.
>Usually port1 or port5 is shared with uplink.
so i pulled the switch again and tried it and got a good connection, when i went back to the switch i pulled the router cable from uplink and shoved it in 1X -- it worked!!! so i connected the fbsd box and it works now too!!!
freebsd i can't thank you enough!!! how do you have the patience for helping out folks like me on this forum???
morals of this story...
document everything!!! (another kick!)
hardware likes to conflict!
and now i can get back to setting up this network and getting things protected, then i have to get everything off that blasted rh box (not to slam rh, because it got me off of running m$ because of the reliablity and is a great learning tool!) and running on fbsd on all server boxes... FreeBSD is great!!!
Edited- "Question?" Would you cvsup to 4.5-pre or wait until 4.5-stable came out... i'm worried that upgrades would foul up qmail running virtuals and any other different configurations or programs?
>> Would you cvsup to 4.5-pre or wait until 4.5-stable came out
I would wait. It's not that tracking 4.5-PRERELASE or whatever -ALPHA -BETA make it tougher (I do track -CURRENT on NetBSD and OpenBSD all the time). Unlike Net/Open, for Free, it's just not the right timing to cvsup to 4.5-PRERELASE at this time because Free tends to be a little aggressive on new stuffs from version to version. If you are running 4.4-RELEASE, you will have a high chance of failure on buildworld. Say running 4.4-STABLE, why not just go ahead and wait another 3 weeks or so.
In the meantime, there are alot of things you can do with FreeBSD. Setting up IPF or even IPSec alone could kill some time off.