From owner-freebsd-stable Wed Feb 13 2:20:51 2002 Delivered-To: freebsd-stable@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id 049BB37B404 for ; Wed, 13 Feb 2002 02:20:48 -0800 (PST) Received: from max ([12.254.136.195]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020213102047.RNSB2951.rwcrmhc53.attbi.com@max> for ; Wed, 13 Feb 2002 10:20:47 +0000 Message-ID: <0bfc01c1b478$6349a310$0900a8c0@max> From: "John Nielsen" To: Subject: strange ip alias behavior on -stable Date: Wed, 13 Feb 2002 03:22:49 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [some of this may be redundant if my earlier message actually made it to the list, but I never saw it...] I recently set up (and still administer) a firewall running FreeBSD 4.5-RELEASE. The machine has a Tyan Tiger motherboard with 2 onboard intel (fxp) nics, an onboard promise 100 raid controller, and dual CPU slots. There is only one CPU in the machine. The firewall has aliases for several IP addresses on the external interface, and redirects specific address:port combinations from the outside to several machines on an internal network. I had this all set up (using ipfw and natd) a few days ago, and it was working fine. When I noticed the commit of some bugfixes and improvements to the ata raid code, I decided to try tracking stable on this machine. I cvsup'ed the source, did a buildworld, buildkernel, installkernel, installworld, and ran mergemaster. The whole process went very smoothly. Everything appeared to be working fine, only now the aliases weren't accessible from outside the local (external) network. That is, a machine plugged into the same hub as the external interface of this firewall could get a ping reply from all of the alias addresses, and natd worked as expected. However, a remote machine could only get ping replies from the primary (non-alias) IP address, and natd wouldn't pass packets on any of the alias addresses (likely because they never made it to natd at all). I tried updating the source again a few days later to see if it was a fluke of some sort, but the no-alias behavior persisted. In fact, I tried everything I could think of (including cvsup-ing from the RELENG_4_5 branch and recompiling), but to no avail. The only thing that worked was a reinstall (from scratch) of 4.5-RELEASE. So now I'm wondering why this weird behavior would occur in the first place. Is it a bug in -stable? Is the router at my co-lo quirky? (I believe it's a cisco.) Has anyone else experienced this behavior on any version of FreeBSD? In a word, WHY? (This has only been mildly frustrating for me. Really. :) ) Now that it's behaving again (running 4.5-R), this server has gone back into production. So I don't think I'll be reproducing the error any time soon even for testing or generating a bug report. If it is a FreeBSD bug, though, then I'd certainly love to see it tracked down. In any case, I'd appreciate whatever feedback and ideas the list can offer. Thanks, John Nielsen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message