Am Dienstag den, 12. November 2002, um 22:18, schrieb <markp@panix.com>:

> | Am Dienstag den, 12. November 2002, um 07:59, schrieb 
> <markp@panix.com>:
> |
> | > | Missing defaultroute on cerebus. See: rc.conf(5)
> | >
> | > hmm, that didn't address the problem - ssh, telnet, etc. from either
> | > host to the other still just hangs. (sorry, I should have been more
> | > specific than "can't connect" in the original mail)
> |
> | This is probably a stupid proposal. Did you enable the services you 
> want
> | to use in /etc/inetd.conf? In NetBSD you have to explicitly un-comment
> | telnet, ftp, etc in /etc/inetd.conf and then restart inetd to make 
> them
> | work. I think the default in a FreeBSD installation (with "moderate"
> | security option chosen) is to activate basic services such as telnet 
> and
> | ftp by default.
>
> yes, I enabled telnet, ftp, and a handful of others, for testing
> purposes. I'll probably just disable them again once the network's up
> (all I expect to use are ssh and vnc), but I wanted some inetd services
> available so I could verify that it's a network problem and not just an
> ssh problem.
>
> everything I'm trying over the network works as expected over the
> loopback interface, so I'm fairly confident saying that it's not that.
> :)
>
> | > one new piece of information, though: with the defaultroute set, I 
> can
> | > now successfully ping, 'route get' and traceroute to outside hosts 
> from
> | > cerebus (there's a longish pause in the hop between alidoro and my 
> ISP's
> | > gateway), but any tcp connection from cerebus to the outside 'net 
> also
> | > hangs. is that useful?
> |
> | I think that is expected behavior. Without the default route your
> | machine knows only how to reach directly connected hosts (from ip
> | address and mask in ifconfig). With the default route (or a routing
> | protocol deamon such as GateD or Zebra) your machine learns how to 
> reach
> | networks that are not directly connected.
>
> but not make connections to them. is it useful to know that all
> connections from cerebus to the outside world hang, not just connections
> from cerebus to alidoro (and from alidoro to cerebus)?
>
> of course, I can get from alidoro out fine, but in that case connections
> are going directly over the ppp interface without involving the
> ethernet.


Are you are using public Internet addresses on all of your boxes? Or 
does alidoro perform NAT between a private IP address space and the 
Internet? If so, then NAT could be the problem source?

In any case, alidoro seems to be working as a router. Did you enable IP 
forwarding on alidoro (you can set it with sysctl -w 
net.inet.ip.forwarding=1)? Well, you should be fine because you could 
ping the Internet from cerebus.