[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference noted::seal

Title:	SEAL

Moderator:	GALVIA::SMITH

Created:	Mon Mar 21 1994
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	1989
Total number of notes:	8209

1962.0. "Configuring OSPF in Firewall 2.0 on DUnix 4.0a" by HGOSPS::FEYNMANLO () Mon May 19 1997 05:57

    Hi,
    
    A customer is running Firewall 2.0 on Digital
    Unix 4.0a. His Internal network in now running OSPF
    so he is trying to configure gated to running
    OSPF on his Internal network.
    
    The default of Firewall routing is using RIP with
    gated. It seems that the GUI network configuration 
    does not have the options of configuring OSPF.
    
    So the customer tried to edit the gated.conf to
    configure OSPF and he was failed.
    
    The followings are what he tried in gated.conf and the
    resulting gated.log. The most noticeable thing in gated.log
    is 
    
    May 12 07:58:20 task_get_proto: getprotobyname("ospf") failed, using
    proto 89
    May 12 07:58:20 task_set_option: task OSPF socket 10 option TOS(17)
    value 192: Permission denied
    
    Does the Firewall 2.0 kit supports OSPF with gated? If
    yes, I think we have done somethings wrong configuring
    it? We propably  missed somethings but we can't find the
    appropriate procedure from the admin manual anyway.
    
    Any suggestions or hints?
    
    -feynman
    
    
    
    
    gated.conf
    -----------
    
    traceoptions "/var/adm/syslog/gated.log" replace normal;
    options noresolv;
    
    interfaces {
            options strictinterfaces scaninterval 60;
            interface all passive;
            interface lo blackhole;
            define 202.40.209.219 broadcast 202.40.209.223 netmask
    255.255.255.240;  /* Internal Interface */
            define 202.40.210.219 broadcast 202.40.210.223 netmask
    255.255.255.240;
    };
    
    routerid 202.40.209.219;
    
    rip no {
    };
    
    ospf yes  {
             backbone  {
                authtype none;
                interface 202.40.209.219 cost 1 {
                   priority 10;
                   hellointerval 10;
                   routerdeadinterval 40;
                   retransmitinterval 5;
                };
             };
    };
    
    bgp no;
    
    
    icmp {
    };
    
    
    snmp off;
    
    static {
            default gateway 202.40.210.220 interface 202.40.210.219
    preference 0 retain;
            202.40.209.0 mask 255.255.255.240 gateway 202.40.209.210
    interface 202.40.202.219 preference 254;
            202.40.209.16 mask 255.255.255.240 gateway 202.40.209.210
    interface 202.40.202.219 preference 254;
            202.40.209.32 mask 255.255.255.240 gateway 202.40.209.210
    interface 202.40.202.219 preference 254;
            202.40.209.48 mask 255.255.255.240 gateway 202.40.209.210
    interface 202.40.202.219 preference 254;
            202.40.209.64 mask 255.255.255.240 gateway 202.40.209.210
    interface 202.40.202.219 preference 254;
            202.40.209.80 mask 255.255.255.240 gateway 202.40.209.210
    interface 202.40.202.219 preference 254;
            202.40.209.96 mask 255.255.255.240 gateway 202.40.209.210
    interface 202.40.202.219 preference 254;
            202.40.209.112 mask 255.255.255.240 gateway 202.40.209.210
    interface 202.40.202.219 preference 254;
            202.40.209.128 mask 255.255.255.240 gateway 202.40.209.210
    interface 202.40.202.219 preference 254;
            202.40.209.144 mask 255.255.255.240 gateway 202.40.209.210
    interface 202.40.202.219 preference 254;
            
    };
    
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    
    gated.log
    ------------
    ay 12 07:58:18 trace_on: Tracing to "/var/adm/syslog/gated.log" started
    May 12 07:58:18
    May 12 07:58:18 Tracing flags enabled: normal
    May 12 07:58:18
    May 12 07:58:20 inet_init: *WARNING* IP forwarding disabled!
    May 12 07:58:20 inet_routerid_notify: Router ID: 202.40.209.219
    May 12 07:58:20
    May 12 07:58:20
    May 12 07:58:20 krt_rtread: Initial routes read from kernel (radix tree
    via kme
    May 12 07:58:20 if_ifachange:   202.40.209.219
    May 12 07:58:20 if_ifachange:           index: 1  name: fta0  state:
    <Up Broadc
    May 12 07:58:20 if_ifachange:           change: <>  metric: 0  route:
    not installed
    May 12 07:58:20 if_ifachange:           preference: 0  down: 120 
    refcount: 4  
    May 12 07:58:20 if_ifachange:           broadaddr: 202.40.209.223
    May 12 07:58:20 if_ifachange:           subnet: 202.40.209.208 
    subnetmask: 255
    May 12 07:58:20
    May 12 07:58:20 if_rtup: ADD route for interface fta0
    202.40.209.219/255.255.25
    May 12 07:58:20 if_ifachange:   202.40.210.219
    May 12 07:58:20 if_ifachange:           index: 2  name: tu0  state: <Up
    Broadca
    May 12 07:58:20 if_ifachange:           change: <>  metric: 0  route:
    not insta
    May 12 07:58:20 if_ifachange:           preference: 0  down: 120 
    refcount: 3  
    May 12 07:58:20 if_ifachange:           broadaddr: 202.40.210.223
    May 12 07:58:20 if_ifachange:           subnet: 202.40.210.208 
    subnetmask: 255
    May 12 07:58:20
    May 12 07:58:20 if_rtup: ADD route for interface tu0
    202.40.210.219/255.255.255
    May 12 07:58:20 if_ifachange:   127.0.0.1
    May 12 07:58:20 if_ifachange:           index: 4  name: lo0  state: <Up
    Loopbac
    May 12 07:58:20 if_ifachange:           change: <>  metric: 0  route:
    not insta
    May 12 07:58:20 if_ifachange:           preference: 0  down: 120 
    refcount: 2  
    May 12 07:58:20 if_ifachange:           subnetmask: 255.255.255.255
    May 12 07:58:20
    May 12 07:58:20 if_rtup: ADD route for interface lo0
    127.0.0.1/255.255.255.255
    May 12 07:58:20 task_get_proto: getprotobyname("ospf") failed, using
    proto 89
    May 12 07:58:20 task_set_option: task OSPF socket 10 option TOS(17)
    value 192: Permission denied
    May 12 07:58:20
    May 12 07:58:20 ***Routes are being installed in kernel
    May 12 07:58:20
    May 12 07:58:20
    May 12 07:58:20 Commence routing updates
    May 12 07:58:20 
    May 12 07:58:20 inet_routerid_notify: Router ID: 202.40.209.219
    May 12 07:58:20
    May 12 07:58:20 if_ifachange:   202.40.209.219
    May 12 07:58:20 if_ifachange:           index: 1  name: fta0  state:
    <Up Broadc
    May 12 07:58:20 if_ifachange:           change: <>  metric: 0  route:
    installed
    May 12 07:58:20 if_ifachange:           preference: 0  down: 120 
    refcount: 5  
    May 12 07:58:20 if_ifachange:           broadaddr: 202.40.209.223
    May 12 07:58:20 if_ifachange:           subnet: 202.40.209.208 
    subnetmask: 255
    May 12 07:58:20
    May 12 07:58:20 ospf_interface_init: initializing interface
    202.40.209.219  are
    May 12 07:58:21 if_ifachange:   202.40.210.219
    May 12 07:58:21 if_ifachange:           index: 2  name: tu0  state: <Up
    Broadca
    May 12 07:58:21 if_ifachange:           change: <>  metric: 0  route:
    installed
    May 12 07:58:21 if_ifachange:           preference: 0  down: 120 
    refcount: 5  
    May 12 07:58:21 if_ifachange:           broadaddr: 202.40.210.223
    May 12 07:58:21 if_ifachange:           subnet: 202.40.210.208 
    subnetmask: 255.255.255.240
                               
    :
    :

T.R	Title	User	Personal Name	Date	Lines
1962.1	export statement missing	EEMELI::HJONSSON	Ebbe Jonsson	`Mon May 19 1997 07:13`	19
	I've struggled with a similar problem, and solved it by adding an explicit exports statement: export proto ospfase type 1 metric 80 { proto static { <network> mask <netmask>; <network> mask <netmask; . . . }; and listing each of the defined static networks in that statement. OSPF now seems to work OK, despite the fact that I'm still seeing that 'permission denied' error. Rgs, [email protected]
1962.2	What about routing.template?	HGOSPS::FEYNMANLO		`Wed May 21 1997 07:06`	24
	From the heading comments of gated.conf. It mentions that ABSTRACT: Configuration file for gated routing on the firewall. If you need to add custom routing information, do so in the file /usr/dtfs/config/routing.template, not in /etc/gated.conf. Does it mean that we should do everythings in routing.template, not gated.conf? As I can't find any special information(other than using the primitive GUI) from the manual in configuring gated running on Firewall, we really don't know what should do and how to do it. Where can we obtain further information and examples in configuring routing on Firewall? Rgds, -feynman
1962.3	yes modify /usr/dtfs/config/routing.template	BACHUS::ROELANDTS	Wa d'es ma da ve ne stuut	`Thu May 22 1997 03:25`	13
	Yes you should modify the /usr/dtfs/config/routing.template, because if you modify the file /etc/gated.conf out the GUI next time you use the GUI again your hand made modifications will be lost, each time a new /etc/gated.conf is generated it is based on the contents of the template file. Rgds, Guy
1962.4	Can I configure OSPF using the GUI	NNTPD::"[email protected]"	Feynman Lo	`Thu May 22 1997 05:05`	11
	Thanks for the kindly replies. I've just checked with the Web site of AV technical support. One of the topic mentions that we should be able to configure OSPF by using the AV Firewall's GUI. Is it true? And where can I get it? The manual doesn't mention how to select the IGP protocol. -feynman [Posted by WWW Notes gateway]
1962.5	correction: Firewall 3.0 (97)	NNTPD::"[email protected]"	Feynman Lo	`Mon May 26 1997 22:54`	4
	I made the mistake long ago. It is Firewall 3.0 (97) for Digital Unix. [Posted by WWW Notes gateway]