From owner-freebsd-questions@FreeBSD.ORG Fri Jun 15 20:53:09 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6E53916A46D for ; Fri, 15 Jun 2007 20:53:09 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from mail-out4.apple.com (mail-out4.apple.com [17.254.13.23]) by mx1.freebsd.org (Postfix) with ESMTP id 569A013C458 for ; Fri, 15 Jun 2007 20:53:09 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from relay6.apple.com (relay6.apple.com [17.128.113.36]) by mail-out4.apple.com (Postfix) with ESMTP id 4AD36921B37; Fri, 15 Jun 2007 13:53:09 -0700 (PDT) Received: from relay6.apple.com (unknown [127.0.0.1]) by relay6.apple.com (Symantec Mail Security) with ESMTP id 371FE100BE; Fri, 15 Jun 2007 13:53:09 -0700 (PDT) X-AuditID: 11807124-a019cbb000005458-fd-4672fc356bf9 Received: from [17.214.13.96] (cswiger1.apple.com [17.214.13.96]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by relay6.apple.com (Apple SCV relay) with ESMTP id 1F2ED10079; Fri, 15 Jun 2007 13:53:09 -0700 (PDT) In-Reply-To: References: <20070615215116.A63508@wojtek.tensor.gdynia.pl> <4672F1F0.4090707@joeholden.co.uk> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Chuck Swiger Date: Fri, 15 Jun 2007 13:53:08 -0700 To: Kurt Buff X-Mailer: Apple Mail (2.752.2) X-Brightmail-Tracker: AAAAAA== Cc: FreeBSD Subject: Re: OK - I'm fairly clueless on this... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jun 2007 20:53:09 -0000 On Jun 15, 2007, at 1:14 PM, Kurt Buff wrote: >> >> traceroute to www.freebsd.org (69.147.83.33), 64 hops max, 40 byte >> >> packets >> >> 1 www.freebsd.org (69.147.83.33) 1.050 ms 0.970 ms 2.110 ms >> > >> > very short times suggest that the router (possibly NAT machine as >> > 192.168 suggest) is doing strange things... >> Do you have a bogus rdr/fwd in your config anywhere? >> -- >> Joe Holden >> T: (UK) 02071009593 (AU) 282442321 >> E: joe@joeholden.co.uk > > Uh, don't know what those are, and I built this machine myself, from > scratch, so I doubt it. > > All it's got on it is postfix (for mailing daily reports) and squid. > It's pointed to our new T1, out a Watchguard firewall - we're going to > use the old T1 for mail and traffic to our branch offices. It would not be astonishing if your Watchguard firewall was blocking or modifying the traceroute traffic and ICMP time exceeded packets which result, unless someone has explicitly configured it to pass traceroutes. However, the problem you've shown can also happen when something things it should proxy-arp for all IPs, in other words, it will claim that anything outside of the subnet it is actually on is really a local IP and should go to that particular MAC address. Doing an "arp -a" and looking for dups should indicate whether this sort of thing is happening... -- -Chuck