1

I'm trying to access a SuperMicro IPMI card that is behind an OpenBSD bridged firewall.

A couple pieces of information:

  • The OpenBSD firewall itself has a SuperMicro IPMI that I can access across the internet.
  • The IPMI I'm trying to reach can be reached from behind the firewall.

  • My gateway does arp request the IPMI and it does appear to respond (this is from the external interface of the firewall)

    16:57:45.548892 arp who-has ipminame tell gwname

    16:57:45.549500 arp reply ipminame is-at ipmimac

But when I make a request to the IPMI IP from outside the firewall the external interface of the firewall shows no traffic with the IPMI ip as its destination.

Any idea what might be causing this problem? Is there something about IPMI traffic that my gateway wouldn't like (the gateway is provided by my colocation provider so I can't easily debug it).

thelsdj
  • 830
  • 1
  • 12
  • 25

1 Answers1

1

Is the ipmi interface you are trying to access piggybacked on the existing physical network interface or does it have a separate interface? If it's piggybacked I wonder if there is something about the one ethernet interface responding to two different mac addresses that is causing problems for the gateway. That's the one idea that springs immediately to mind for me.

Phil Hollenback
  • 14,947
  • 4
  • 35
  • 52
  • This is a good idea. This lead me to discover that one of the servers I was having problems with had the same MAC address for both IPMI and normal ethernet device (which was having different problems). That doesn't solve the main problem but gives me something to look at. – thelsdj Jan 18 '11 at 04:01
  • After thinking about it the problem with this theory is that the gateway has no knowledge of what physical interface the two MAC addresses are on does it? There are at least 2 switches and a firewall between the gateway and the physical interface so I can't think of why the gateway wouldn't at least send the data toward the interface. Or am I overlooking some information the gateway might have which would confuse it? – thelsdj Jan 18 '11 at 04:17
  • You are correct - if the gateway is not on the same physical network as the device having problems, there's no reason the gateway would have any knowledge of mac addresses. – Phil Hollenback Jan 18 '11 at 04:38