Thanks to Sudhir Rao <sudhir_at_ns1.data-line.com>
Who replied:
The Altavista Firewall uses gated not routed. hence the configuration file
is gated.conf, its under the directory /etc/. Static routes need to be
added under ther the static tag.
Sudhir
---------------------------------------------
I entered the following line in the gated.conf file and it appears to have
resolved the problem.
Under the section labelled "static"
192.168.200.0 mask 255.255.255.0 gateway 10.99.1.200 retain;
I did a "gdc restart" and my route has held for several hours now.
Thanks Sudhir.
My original post was:
----------------------------------------------------------------------------
------------
Hello all,
I'd like to add a permanant static route on my firewall ( altavista FW97 DU
4.0b) that points to an Altavista tunnel server (NT 4.0). I would like to
keep the firewall as my default gateway for all my internal clients and
have it issue icmp redirects to any client that must reach the tunnel
network. The tunnel network may come and go as tunnel clients connect and
disconnect, but the route on the firewall must remain.
I've added the following to /etc/routes on the firewall:
-net 192.168.200.0 10.99.1.200 -lock -expire 0 -lock -hopcount 1
(where 192.168.200.0 is the tunnel network and 10.99.1.200 is the address
of the tunnel server)
I see the route being added as the firewall boots and the firewall
configuration report indicates the static route is being added properly.
netstat reports the route added and I can reach the tunnel network from the
firewall. However, icmp redirects are not always sent to the clients and
the route on the firewall eventually goes away.
While this route exists on the firewall, if I try to ping an ip address on
the tunnel network from one any my unix clients ( DU 4.0b and DU 4.0b), it
returns the ping and I see an entry in the netstat -rn printout indicating
that a route to the tunnel network has been added ( a D appears by the
route entry). However, the route is quickly dropped from the firewall and
after the route entry on the client expires or is deleted, no new icmp
redirects are issued by the firewall.
I have looked through the man pages on /etc/routes and on route.
Information is very slim on the -expire switch. Can someone enlighten me on
this command.
Is there another way to add a permanant static route to a network that may
not always be there?
TIA
Received on Fri May 01 1998 - 21:23:57 NZST