Date: Mon, 19 Sep 2016 18:15:17 +0200 From: Marko Turk <markoml@markoturk.info> To: freebsd-questions@freebsd.org Subject: Re: When `drill` works but `nc` doesn't Message-ID: <20160919161516.GA2242@vps.markoturk.info> In-Reply-To: <20160919091712.cxgkc4mcvekdo2gl@box-hlm-03.niklaas.eu> References: <20160917134155.GA77669@box-hlm-03.niklaas.eu> <20160917192342.GA2305@vps.markoturk.info> <20160918113409.q7frsljfr2hcbj6g@box-hlm-03.niklaas.eu> <20160918202959.GA2279@vps.markoturk.info> <20160919091712.cxgkc4mcvekdo2gl@box-hlm-03.niklaas.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
--sm4nu43k4a2Rpi4c
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi,
On Mon, Sep 19, 2016 at 11:17:12AM +0200, Niklaas Baudet von Gersdorff wrot=
e:
> Hi,
>=20
> Marko Turk [2016-09-18 22:29 +0200] :
>=20
> > can you also add something like 'dst host 10.3.4.1' because (if I'm not
> > mistaken) you only capture packets originating from 10.3.4.1 and not the
> > replys.
>=20
> You're right, I filtered out the replies. I attached a new
> tcpdump resulting from
>=20
> 1 $ sudo tcpdump -nettti lo0 \
> 2 host 10.3.4.1 or host 10.77.4.1 or \
> 3 host fd16:dcc0:f4cc:3::4:1 or host fd16:dcc0:f4cc:77::4:1 or \
> 4 host 10.3.5.3 or host 10.77.5.3 or \
> 5 host fd16:dcc0:f4cc:3::5:3 or host fd16:dcc0:f4cc:77::5:3 and=
\
> 6 not host 10.77.2.1 and not host 10.3.2.1 and not port 8080 > \
> 7 /tmp/tcpdump-nc2
>=20
> Lines 2-5 match anything from the hosts in question (www1 and
> mysql2); line 6 removes packets created by my proxy's health
> checks and my varnish-nginx set-up.
>=20
> The packets you can see in "tcpdump-nc2" are (again) created by
> the following command:
>=20
> $ sudo jexec www1 nc -z mysql2.box-hlm-03.klaas 3306
>=20
> > > Investigating the dump I came across the following line:
> > >=20
> > > 00:00:00.000265 AF IPv4 (2), length 60: 10.3.4.1 > 10.3.3.1: ICMP 1=
0.3.4.1 udp port 17918 unreachable, length 36
> > > [cut]
> >=20
> > It seems you're getting the reply from the wrong IP (10.3.3.1). Can you
> > post you unbound config, specifically 'interface:' section?
>=20
> As you suspected correctly, the tcpdump reveals the following:
>=20
> 1 00:00:00.000000 AF IPv4 (2), length 73: 10.3.4.1.47995 > 10.77.3.1.5=
3: 13167+ A? mysql2.box-hlm-03.klaas. (41)
> 2 00:00:00.000164 AF IPv4 (2), length 226: 10.3.3.1.53 > 10.3.4.1.4799=
5: 13167 1/2/4 A 10.3.5.3 (194)
> 3 00:00:00.000062 AF IPv4 (2), length 60: 10.3.4.1 > 10.3.3.1: ICMP 10=
=2E3.4.1 udp port 47995 unreachable, length 36
> 4 00:00:01.031999 AF IPv6 (28), length 93: fd16:dcc0:f4cc:77::4:1.6081=
0 > fd16:dcc0:f4cc:77::3:1.53: 13167+ A? mysql2.box-hlm-03.klaas. (41)
> 5 00:00:00.000233 AF IPv6 (28), length 246: fd16:dcc0:f4cc:77::3:1.53 =
> fd16:dcc0:f4cc:77::4:1.60810: 13167 1/2/4 A 10.3.5.3 (194)
>=20
> Lines 1-2 show that www1 consults IP 10.77.3.1 (b/c
> /etc/resolv.conf says so) but unbound (listening on both
> 10.{3,77}.3.1) replies on 10.3.3.1. (Not bad that you found that
> out with half of the output missing, by the way!)
>=20
> I also attached my unbound.conf. These should be the lines of the
> most interest:
>=20
> interface: 0.0.0.0
> interface: ::0
>=20
> access-control: 10.0.0.0/8 allow
> access-control: fd16:dcc0:f4cc::/48 allow
>=20
> I checked unbound.conf(5) and stumbled upon the following:
>=20
> interface-automatic: <yes or no>
> Detect source interface on UDP queries and copy them to
> replies. This feature is experimental, and needs support in
> your OS for particular socket options. Default value is no.
>=20
> Do I need that? Do you know why it works on IPv6 but doesn't on
> IPv4?
>=20
I'm not an unbound expert but here's my thinking.
I don't think you need interface-automatic, try first with this: instead
of 'interface: 0.0.0.0', try adding two explicit lines for each IPv4
address, like this:
interface: 10.3.3.1
interface: 10.77.3.1
Try this and see if it helps.
-Marko
--sm4nu43k4a2Rpi4c
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJX4A8TAAoJEHg6bF2mqM2ITkAP/RQZe88a7LPrXIAIIhCJ6RPp
VEfG0jum2a0rCRpl2Gb6PpVoJuH/UMKDvXWnAaWO9iaheyIN1zDH42BUsnoyqAFT
Oi7XBT72AVRT4P29pXRTZQk63REgGpOUnLY6BYnYBylmxKSG7CRTLiGmC05TYADZ
HyhePswxVN6zSN0X0dUxXfR/lA27zYQhoBYtElPUP3j3QVJfU4xQowMdTc9WBhfs
Uyi97KUOTBg5HjnyEikQzq7zqOWoU8C4NGOgC64jIWLnDFHzuOjGr/4puhphX0FQ
Q7e4AGEKrCt1vBrygSXIcUPGd5a8f+MXdWsQsB7qX8+gNcRcSpVegzvgoudL1JOT
mus1w+D+c4pRuDbpger84Cad+oMc6BN/qJDRJ0ewXauKTISInR4BnkGSHP9kAeoQ
F8IQVybA2cGBrNNCsiqTElpYBCA9XIk0BKh2Ca3laosPa2MgoAGWkLvb6gZ1/h9z
zChwxhIl2HVfcyVmbOfqoYO6Y0xLk4s2KeALa7I2KF91ZgwvtKjhGJg7mfOSrh9A
yx3OH8IfXhC9X/RQ75TJ7+fp8xGO6bXzk2YoH5fBmaofBy3x0GxMNab+8+JFf5Lq
HyVeTl5W2ePuSmq2kVoAV7MsogHu+Ns2iHXnhQX7ZCsKvP6/2l/wR+jM6WMcXIfL
J5oNlmrXZv0YnvRwZW64
=4smf
-----END PGP SIGNATURE-----
--sm4nu43k4a2Rpi4c--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160919161516.GA2242>