From owner-freebsd-stable Sun Sep 20 01:54:28 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA12231 for freebsd-stable-outgoing; Sun, 20 Sep 1998 01:54:28 -0700 (PDT) (envelope-from owner-freebsd-stable@FreeBSD.ORG) Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id BAA12215 for ; Sun, 20 Sep 1998 01:54:22 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id JAA29811; Sun, 20 Sep 1998 09:04:29 +0200 From: Luigi Rizzo Message-Id: <199809200704.JAA29811@labinfo.iet.unipi.it> Subject: NATD/IPFW brokennes reports... To: stable@FreeBSD.ORG Date: Sun, 20 Sep 1998 09:04:28 +0200 (MET DST) Cc: spam@distance.net, mike@sentex.net X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG There have been some reports on natd/ipfw/fxp not working anymore on -stable after the dummynet commit: > > Something is defiantly broke with the latest source regarding NATD and > >IPFW, I took my old source from Aug 18, 98 and rebuilt my system. NATD / > >IPFW work fine. I did not have a chance to try any other cards, I just > >have the Intel 10/100 Etherexpress NIC, I doubt there is a problem with > >fxp driver though because everything else works fine. If someone has the ... > I think I am seeing the same problem... A machine I was putting together > did not come up after I rebuilt it with a new kernel... I did a fresh I have been trying to reproduce the problem myself, but i think i am not seeing problems (i don't have access to an "fxp" card though). Let me say first that this is the first time i used divert myself, so i might have done something unusual in the configuration. In any case, this is what i have and it seems to work fine: The configuration i used is the following [ prova ]---------[ rizzo ]-| rest of the net. Significant machine config info is the following. prova: ed2 is 10.0.0.236/8 default route to 10.0.0.26 (Note 1) rizzo: de0 is 10.0.0.26/8 ed3 is 131.114.9.26 net.inet.ip.forwarding=1 net.link.ether.inet.proxyall=0 default route to interface ed3 ipfw add divert natd all from any to any via ed3 natd -v -n ed3 /etc/services contains natd 6678/divert /etc/protocols contains divert 254 DIVERT Note 1: it seems to be critical thay you set the default route to the natd box address (i.e. route add default 10.0.0.26) and NOT to the interface (i.e route add default -interface ed2) In the second case (seen using tcpdump on "prova") the first thing that goes out is an arp request for the dest. address, and that one remains unanswered (maybe setting proxy arp on the natd box can fix things) because ARP are not IP packets and are not diverted... with this setting there appear to be no problems (and as a matter of fact i am working through this natd machine at the moment). So... i don't know what to say: the above pretty much confines the problem (if any) to the if_fxp driver, or to the ARP handling (i did have a small change to that as well but it goes in only if you have "option BRIDGE" in your kernel config), or to some difference in configuration between what i use and what other people has... I suggest people interested in tracking the problem to check with tcpdump on the unregistered segment what really goes onto the wire. Also, if possible, try the same config with an "fxp" and another (e.g. "ed" or "de") card to help identifying if the problem is card-related. thanks luigi -----------------------------+-------------------------------------- Luigi Rizzo | Dip. di Ingegneria dell'Informazione email: luigi@iet.unipi.it | Universita' di Pisa tel: +39-50-568533 | via Diotisalvi 2, 56126 PISA (Italy) fax: +39-50-568522 | http://www.iet.unipi.it/~luigi/ _____________________________|______________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message