[nos-bbs] jnos 2 IP routing help request
Jim Smith
lanshark at charter.net
Tue Apr 3 18:03:52 EDT 2012
Joey,
Here is what I do:
This is another way to get what you want. First, some info about my linux
install. Slackware 10, single Ethernet interface called Eth0
-- You must have IP Forwarding turned on.
/proc/sys/net/ipv4/ip_forward = 1
-- I set my Ethernet to the following IP address
eth0 Link encap:Ethernet HWaddr 00:0F:B5:06:3C:6B
inet addr:192.168.1.91 Bcast:192.168.1.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
-- The tun0 interface is created and setup by JNOS in the autoexec.nos file
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.1.93 P-t-P:192.168.1.92
Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
>From my autoexec.nos
#
# Create a network interface. This allows us to talk to the linux # box on
which JNOS is running - and in turn - to the internet.
#
##### tun0 attach & ifconfig #####
attach tun tun0 1500 0
ifconfig tun0 ipaddress 192.168.1.92
ifconfig tun0 netmask 255.255.255.0
ifconfig tun0 mtu 1500
#
# Give it a chance to come up
#
pause 2
#
# JNOS creates the TUN device, so JNOS needs to do some post configuration,
# by shelling out to the linux command line and running 'ifconfig' command.
#
shell ifconfig tun0 192.168.1.93 pointopoint 192.168.1.92 mtu 1500 up #
Create the ARP entry needed shell arp -s 192.168.1.92 00:0F:B5:06:3C:6B pub
##### tun0 attach & ifconfig #####
route add default tun0
>From another set of routes sourced from another file in autoexec.nos
route add default tun0
route add 192.168.1/24 eth0
===============Done===============
===== START NOTES =======
Note what we have done in the autoexec.nos file.
1 We do the attach command which creates our tun0 interface.
2 We give tun0 an IP address, netmask, and MTU
3 We shell out to create the point-to-point tunnel to the world+Linux.
Please note the IP addresses used! The .91 address is the Linux Eth0, the
.92 is the JNOS interface, and the .93 address *is never used* but is
necessary for the building of a P-t-P link. All of these addresses are in
the same subnet.
4 THIS IS KEY! We shell out again and create an ARP entry for the .92
address *using the MAC address for the Linux Eth0 interface*. What we are
doing here is causing the Eth0 interface to answer for any ARP requests for
the .92 IP address.
5 We add a default route to JNOS that says to go out the tunnel.
6 I do the default route again to tun0. I don't know if this is really
necessary, in putting together this email I discovered that it is done
twice.
7 I add a specific network route to the subnet the Linus eth0 interface is
on.
===== END NOTES ======
Here is my route table from Linux
jhs at jnos:/$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask
Flags MSS Window irtt Iface
192.168.1.92 0.0.0.0 255.255.255.255 UH 0
0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0
0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U
0 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG
0 0 0 eth0
jhs at jnos:/$
Note that there is a route entry for the .92 IP address. This is what routes
the traffic for .92 up the tunnel. This is created by the first shell out
(Note 3). Since this route is P-t-P, the Genmask is 255.255.255.255. This
route is more specific than any other, so traffic for .92 will always head
to the tunnel. Since there is nothing in the tunnel except the other end, no
need for any more routing/forwarding to be done.
I have done this in Ubuntu and Slackware, not tested in Fedora. Things to
watch out for are differences in command parameters used by the different
Linux distros (especially for the ARP command). Also, some distros need
ip_forwarding turned on, others are already turned on. The ARP thing works,
sometimes a distro will require you to set something somewhere so it will
work, but it will work.
It has been noted that you should be root when you start JNOS. I have a file
that is run during boot that starts JNOS on an unused tty. If JNOS dies, it
respawns it automatically. In this manner, JNOS always get started as root.
My 44 net traffic all travels over an encap route. My home router is set so
the DMZ Host is the .92 address. When an encapped packet hits the router it
gets passed in to the .92 interface, which due to the ARP command is grabbed
by the .91 interface and passed up the tunnel to JNOS where it is
unencapsulated and acted upon by JNOS.
Cheers!
Jim N8AVX
-----Original Message-----
From: nos-bbs-bounces at tapr.org [mailto:nos-bbs-bounces at tapr.org] On Behalf
Of Joey STANFORD
Sent: Tuesday, April 03, 2012 4:02 PM
To: nos-bbs at tapr.org
Subject: [nos-bbs] jnos 2 IP routing help request
Hi Gang,
I have a brand new JNOS 2.0j node running on a 64-bit Ubuntu Linux
machine. I used the installer to get it set up correctly. JNOS runs
and I can ping across the tunnel to the computer. I can ping across the
tunnel to JNOS. I can telnet across the tunnel on the host
machine to JNOS. Excellent, no issues there.
Here's where I'm looking for help....
1) JNOS can't ping past the host machine. I can't get to the internet or any
other machines on the intranet. The default route in JNOS is setup so I
would assume this means that I need some sort of "ip route add" command on
the host. ipv4.forwarding is set to true.
2) Other machines on the intranet can't ping JNOS. I suspect I need some
sort of "arp" command.
3) I need a sanity check the ip items in my autoexec.nos file please because
I played around with them a bit (they work as above but may not be the most
appropriate).
Host computer: 10.10.10.90 mask 255.255.255.0 JSOS IP: 10.10.1.1 mask
255.255.255.0 ifconfig tun0 10.10.10.90 pointopoint 10.10.1.1 mtu 1500 up
My IP fu is weak. I'm hoping we have some sys admins out there with much
greater fu than mine.
Thanks,
Joey
NV0N
_______________________________________________
nos-bbs mailing list
nos-bbs at tapr.org
https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
More information about the nos-bbs
mailing list