Site Navigation

Date:      Thu, 30 Mar 2000 08:43:50 -0500
From:      Alan Clegg <abc@firehouse.net>
To:        cjclark@home.com
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: natd with three interfaces.
Message-ID:  <20000330084350.F3459@laptop.firehouse.net>
In-Reply-To: <20000330004610.D17852@cc942873-a.ewndsr1.nj.home.com>; from cjc@cc942873-a.ewndsr1.nj.home.com on Thu, Mar 30, 2000 at 12:46:10AM -0500
References:  <20000329224805.C3459@laptop.firehouse.net> <20000330004610.D17852@cc942873-a.ewndsr1.nj.home.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--5CUMAwwhRxlRszMD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Out of the ether, Crist J. Clark spewed forth the following bitstream:
> On Wed, Mar 29, 2000 at 10:48:05PM -0500, Alan Clegg wrote:
> > I have a machine with three interfaces, wireless (wi0) internal (fxp0) =
and
> > external (dc0).
> >=20
> > Now, I have natd running as such:
> > 	/sbin/natd -n dc0
> > with:
> > 	/sbin/ipfw -f flush
> > 	/sbin/ipfw add divert natd all from any to any via dc0
> > 	/sbin/ipfw add pass all from any to any

> > Forwarding is turned on, and everything is OK as long as machines are g=
oing
> > out from wireless or internal to the outside world.  My problem occurs =
when
> > I try to go from inside to wireless or vice-versa. =20

> What kinds of "problems" are these? I think we need some more info.

Urk.  I guess that would help...

Well, the problem was asymetrical routing on the WIRED side.  There were
actually *TWO* machines acting in the "RTR" role below, one of which was
acting JUST FINE, and the other that was being stubborn.  I was, of-course,
looking at the one that was JUST FINE and all of the problems went away
when I fixed the default route on the WIRED machines.  See text below
that I typed while trying to figure it out....

Here is what I had typed so-far (but since I fixed it, nevermind).=20

  ------------------SNIP--------------------------SNIP ------------------

Here's what's happening:


	+-------+
	+ world +
	+-------+
	    |
	+-------+	+------+
        |  RTR  |-+-+-+-| WRLS |
	+-------+	+------+
	    |
	+-------+
        | WIRED |
	+-------+


 world =3D=3D internet via ISDN

 RTR is a system with:

	dc0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	inet 219.43.207.59 netmask 0xfffffff0 broadcast 219.43.207.63

	 (pointing to world)

	fxp0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	inet 10.0.0.52 netmask 0xffffff00 broadcast 10.0.0.255

	(pointing to wired)

	wi0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	inet 10.100.100.10 netmask 0xffffff00 broadcast 10.100.100.255

	(pointing to WRLS)

WIRED is a lan, including a machine with:

	ed0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	inet 10.0.0.192 netmask 0xffffff00 broadcast 10.0.0.255

WRLS is a wireless LAN, including a machine with:

	wi0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	inet 10.100.100.192 netmask 0xffffff00 broadcast 10.100.100.192

A ping from WRLS to WIRED generates icmp echo packets that travel (and
are visible with tcpdump) on WRLS->RTR->WIRED

{WIRED 3} tcpdump -n -i ed0 icmp
tcpdump: listening on ed0
08:25:18.648561 10.100.100.192 > 10.0.0.192: icmp: echo request
08:25:18.648703 10.0.0.192 > 10.100.100.192: icmp: echo reply
08:25:18.649294 10.0.0.192 > 10.100.100.192: icmp: echo reply

Note the DOUBLING of the icmp echo replies. <!?>

At the same time, a tcpdump on the WRLS side sees:

WRLS 39} tcpdump -i wi0 -n icmp
tcpdump: listening on wi0
08:26:40.674098 10.100.100.192 > 10.0.0.192: icmp: echo request
08:26:41.797599 10.100.100.192 > 10.0.0.192: icmp: echo request
08:26:42.927648 10.100.100.192 > 10.0.0.192: icmp: echo request

Note, no replies.

RTR sees:

RTR 102} tcpdump -n -i wi0 icmp
tcpdump: listening on wi0
08:27:43.951529 10.100.100.192 > 10.0.0.192: icmp: echo request
08:27:44.947051 10.100.100.192 > 10.0.0.192: icmp: echo request
08:27:46.077075 10.100.100.192 > 10.0.0.192: icmp: echo request

RTR 103} tcpdump -n -i fxp0 icmp
tcpdump: listening on fxp0
08:28:25.648322 10.100.100.192 > 10.0.0.192: icmp: echo request
08:28:25.648780 10.0.0.192 > 10.100.100.192: icmp: echo reply
08:28:25.649239 10.0.0.192 > 10.100.100.192: icmp: echo reply
08:28:26.788361 10.100.100.192 > 10.0.0.192: icmp: echo request
08:28:26.788832 10.0.0.192 > 10.100.100.192: icmp: echo reply
08:28:26.789342 10.0.0.192 > 10.100.100.192: icmp: echo reply

Looking at the echo replies shows that one is being generated by
<at this point, while using ethereal to see where the two echo replies
were coming from, the lightbulb lit>

AlanC

--5CUMAwwhRxlRszMD
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: 7IBR2i0yJVlYekICAHQkHHaN5mWqEmBw

iQA/AwUBOONaFfcyv/gweBpYEQLgHACgxZTRlgZBdyqzBA3B+osm+mTxB1IAoJ7z
GDyJlp/hXwndLWSmCjV+xuLk
=5+1p
-----END PGP SIGNATURE-----

--5CUMAwwhRxlRszMD--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000330084350.F3459>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact