Why?


Search This Blog

Friday, September 18, 2015

Centos 7 forward traffic across two interfaces

Centos 7 forward traffic across two interfaces

Client1
    Windows 10 PC 192.168.1.5
Centos 7 Router
    enp1s0 is WAN facing 192.168.10.0/24 using IP 192.168.10.15
    enp2s0 is LAN facing 192.168.1.0/24 using IP 192.168.1.15
Client2
    Centos 7 NAS 192.168.10.100
   
 [PC]                      [  Centos 7 Router  ]                  [NAS]
client1 -> switch -> enp2s0 -> enp1s0 -> switch -> client2

From my Centos 7 Router i can ping both client1 and client2. I am unable to ping client2 from client1, or client1 from client2.

On my Centos 7 router I did the following:

# yum -y install traceroute.x86_64 net-tools.x86_64 iptables-services.x86_64 iptables-utils.x86_64

# ip route show
default via 192.168.10.1 dev enp1s0  proto static  metric 100
192.168.1.0/24 dev enp2s0  proto kernel  scope link  src 192.168.1.15  metric 100
192.168.10.0/24 dev enp1s0  proto kernel  scope link  src 192.168.10.15  metric 100



# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.10.1    0.0.0.0         UG    100    0        0 enp1s0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp2s0
192.168.10.0    0.0.0.0         255.255.255.0   U     100    0        0 enp1s0

# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.10.1    0.0.0.0         UG        0 0          0 enp1s0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 enp2s0
192.168.10.0    0.0.0.0         255.255.255.0   U         0 0          0 enp1s0



Turn in IP forwarding
# echo 1 > /proc/sys/net/ipv4/ip_forward

Make IP forwarding perminent
# vi /etc/sysctl.conf
net.ipv4.ip_forward = 1

On client2 Centos 7 NAS set route on my 192.168.10.100 interface for 192.168.1.0/24 traffic using the 192.168.10.15 interface of the Centos 7 router
# ip route add 192.168.1.0/24 via 192.168.10.15 dev br0

On client1 windows 10 machine run as elevated
(Win key; type cmd; press Ctrl+Shift+Enter; and then hit Alt+C to confirm the elevation prompt.)
on client1 Windows 10 PC set route on my 192.168.1.5 interface for 192.168.10.0/24 traffic using the 192.168.1.15 interface of the Centos 7 router
C:\> route add 192.168.10.0 MASK 255.255.255.0 192.168.1.15
The route add change will only stick across reboots if you add it with the -p flag, as in the following:
C:\> route -p add 192.168.10.0 MASK 255.255.255.0 192.168.1.15


I can now reach each client machine from the other


Friday, September 11, 2015

pfSense 2.2.4 Install Problems

pfSense 2.2.4 Install Problems

When installing from Live CD I ran across the following problems
One of my PC’s gave me a “Root mount waiting for: GRAID” message. It would later fail when trying to write the install to the hard disk. To get by this I followed the pfSense site for: (BTW it did not have a fake raid card. It was the onboard SATA ports not in RAID mode)

"Fake" RAID cards with a GRAID error

Certain "fake" RAID cards, driver/software-based RAID adapters that are not true hardware RAID, may fail to mount properly with the following error: 

Root mount waiting for: GRAID
mountroot>


Another symptom can be that "Intel RAID" messages are shown during the boot sequence, and typing ? at the mountroot prompt it only shows the drive itself and no partitions: 


Mounting from ufs:/dev/ada0s1a failed with error 19
mountroot> ?
[...]
ada0


•    Escape to a loader prompt during bootup and run: 


set kern.geom.raid.enable="0"
boot


•    After a successful install/boot, add that settings permanently to /boot/loader.conf.local: 


kern.geom.raid.enable="0"



END

On another PC I would get a mountroot error message while booting off the live CD on a USB attached CD rom.

Booting from USB

•    If the boot stops with a mountroot error while booting off the live CD, usually with USB CD/DVD drives, escape to the loader prompt and run the following: 

 set kern.cam.boot_delay="10000"
 boot


•    On 2.0 this is on the boot menu - option #3 to boot from USB devices.
At which point the boot will continue normally and a normal installation will be possible.
If running permanently from a medium that requires this delay, edit /boot/loader.conf.local and insert the following line: 


kern.cam.boot_delay="10000"


•    If booting fails from a USB 3.0 port and the above does not help, try a USB 2.0 port with the same delay settings.


END