From owner-freebsd-questions@FreeBSD.ORG Wed Dec 22 13:39:49 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5FAE416A4CE for ; Wed, 22 Dec 2004 13:39:49 +0000 (GMT) Received: from ptb-relay01.plus.net (ptb-relay01.plus.net [212.159.14.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id F032C43D5C for ; Wed, 22 Dec 2004 13:39:48 +0000 (GMT) (envelope-from ian@codepad.net) Received: from [80.229.159.44] (helo=[192.168.0.4]) by ptb-relay01.plus.net with esmtp (Exim) id 1Ch6iR-0001rU-I0; Wed, 22 Dec 2004 13:39:47 +0000 From: Xian To: freebsd-questions@freebsd.org Date: Wed, 22 Dec 2004 13:39:46 +0000 User-Agent: KMail/1.7 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200412221339.46891.ian@codepad.net> cc: paul@theharbour.eclipse.co.uk Subject: strange routing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Dec 2004 13:39:49 -0000 I have a friend who has set up a FreeBSD box (called Atlantis) as a router between his LAN and the Internet. It connects to the Internet and can make and receive connections ok (eg I can ssh in from outside, and he can ssh out), but other computers on the network can't connect out through it. The strange thing is that when the default route on Atlantis is set to the old router he has and this is used to connect to the Internet, other computers on the network can connect out to the Internet. Trace route confirms the connection is going via Atlantis then the old router. The IP address of Atlantis is 192.168.0.71 and the IP address of the old router is 192.168.101 Here are some bits a pices that might be usefull: NOT VIA OLD ROUTER: [ian@atlantis:~] %netstat -r -f inet Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 212.104.130.202 UGS 0 456 tun0 localhost localhost UH 0 11 lo0 192.168.0 link#1 UC 0 0 sis0 192.168.0.1 00:0c:6e:fa:17:cd UHLW 0 845 sis0 1024 192.168.0.2 00:01:03:86:8d:3e UHLW 0 28 sis0 1000 212.104.130.202 82.152.149.159 UH 1 8 tun0 [ian@atlantis:~] %ifconfig sis0: flags=8843 mtu 1500 options=8 inet 192.168.0.71 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::2d0:9ff:fe85:c328%sis0 prefixlen 64 scopeid 0x1 ether 00:d0:09:85:c3:28 media: Ethernet autoselect (100baseTX ) status: active plip0: flags=108810 mtu 1500 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 tun0: flags=8051 mtu 1500 inet 82.152.149.159 --> 212.104.130.202 netmask 0xffffffff Opened by PID 413 [ian@atlantis:~] %sysctl net.inet.ip.forwarding net.inet.ip.forwarding: 1 [ian@atlantis:~] %uname -a FreeBSD atlantis.pegasus 5.3-RELEASE-p2 FreeBSD 5.3-RELEASE-p2 #2: Tue Dec 21 22:22:43 GMT 2004 root@atlantis.pegasus:/usr/obj/usr/src/sys/MYKERNEL i386 VIA OLD ROUTER: [ian@atlantis:~] %netstat -r -f inet Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.0.101 UGS 0 436 sis0 localhost localhost UH 0 7 lo0 192.168.0 link#1 UC 0 0 sis0 192.168.0.1 00:0c:6e:fa:17:cd UHLW 0 434 sis0 947 192.168.0.2 00:01:03:86:8d:3e UHLW 0 3 sis0 903 192.168.0.101 00:e0:18:76:f7:7f UHLW 1 0 sis0 984 [ian@atlantis:~] %ifconfig sis0: flags=8843 mtu 1500 options=8 inet 192.168.0.71 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::2d0:9ff:fe85:c328%sis0 prefixlen 64 scopeid 0x1 ether 00:d0:09:85:c3:28 media: Ethernet autoselect (100baseTX ) status: active plip0: flags=108810 mtu 1500 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 [ian@atlantis:~] %sysctl net.inet.ip.forwarding net.inet.ip.forwarding: 1 A TRACEROUT FROM ANTHER MACHINE (when using old router): C:\Documents and Settings\Paul>tracert www.bbc.co.uk Tracing route to www.bbc.net.uk [212.58.224.121] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 192.168.0.71 2 9 ms 1 ms 1 ms 192.168.0.101 3 16 ms 15 ms 15 ms 212.104.130.202 4 16 ms 18 ms 15 ms 81.5.191.113 5 16 ms 16 ms 17 ms ge1-1-core4.th.eclipse.net.uk [81.5.191.2] 6 17 ms 16 ms 15 ms 212.58.238.209 7 17 ms 15 ms 16 ms 212.58.238.153 8 19 ms 19 ms 18 ms www21.thdo.bbc.co.uk [212.58.224.121] Trace complete. A TRACEROUT FROM ANTHER MACHINE (not old router): C:\Documents and Settings\Paul>tracert www.bbc.co.uk Unable to resolve target system name www.bbc.co.uk. C:\Documents and Settings\Paul>tracert 212.58.224.121 Tracing route to 212.58.224.121 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 192.168.0.71 2 * * * Request timed out. 3 * * * Request timed out. 4 * * * Request timed out. 5 * * * Request timed out. 6 * * * Request timed out. etc..... Please CC to me as I am not subscribed t this list. Thanks in advance for any ideas/help/kicks in the right direction. -- /Xian "Arguing with an engineer is like wrestling with a pig in mud. After a while, you realise the pig is enjoying it." Unknown Author