From owner-freebsd-questions@FreeBSD.ORG Fri Jun 15 23:21:27 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CB37316A400 for ; Fri, 15 Jun 2007 23:21:27 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.178]) by mx1.freebsd.org (Postfix) with ESMTP id A367A13C469 for ; Fri, 15 Jun 2007 23:21:27 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: by wa-out-1112.google.com with SMTP id j37so1358955waf for ; Fri, 15 Jun 2007 16:21:27 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=C6nn5SQHbGL0iKlZTy8UCzCISWPVnW7h0nU7utkJ4vIZrWvTbjp2O4Gm3K10w583EehdC7WGlysRzLxZGuZWk/og4woa1LCDLAmqX8KZlaakKmqwpF2QDYyH3/IOWkoOmlWK829QFYocEK1VnPy0DfbpnenFprnXAstPWKZuwWw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ZFnO8JOT8mCI0tiujak1S0W1CDOZJ9Kkn9qH91Z6GXAdvxIQXsZBYMbNQ0W6qfPT4hsFjY7ArBhFTIa5j9xPrwEgb9hgWtL+KqF7Kr8sRq570CL7ygZNXMnOmAAJEwRFvzapPSuquXMXIYEGRwNb4uBdToPugrrqklbDEt2YR9c= Received: by 10.115.74.1 with SMTP id b1mr3523919wal.1181949687476; Fri, 15 Jun 2007 16:21:27 -0700 (PDT) Received: by 10.114.173.11 with HTTP; Fri, 15 Jun 2007 16:21:27 -0700 (PDT) Message-ID: Date: Fri, 15 Jun 2007 16:21:27 -0700 From: "Kurt Buff" To: "Chuck Swiger" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20070615215116.A63508@wojtek.tensor.gdynia.pl> <4672F1F0.4090707@joeholden.co.uk> Cc: FreeBSD Subject: Re: OK - I'm fairly clueless on this... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jun 2007 23:21:28 -0000 On 6/15/07, Chuck Swiger wrote: > On Jun 15, 2007, at 1:14 PM, Kurt Buff wrote: > >> >> traceroute to www.freebsd.org (69.147.83.33), 64 hops max, 40 byte > >> >> packets > >> >> 1 www.freebsd.org (69.147.83.33) 1.050 ms 0.970 ms 2.110 ms > >> > > >> > very short times suggest that the router (possibly NAT machine as > >> > 192.168 suggest) is doing strange things... > >> Do you have a bogus rdr/fwd in your config anywhere? > >> -- > >> Joe Holden > >> T: (UK) 02071009593 (AU) 282442321 > >> E: joe@joeholden.co.uk > > > > Uh, don't know what those are, and I built this machine myself, from > > scratch, so I doubt it. > > > > All it's got on it is postfix (for mailing daily reports) and squid. > > It's pointed to our new T1, out a Watchguard firewall - we're going to > > use the old T1 for mail and traffic to our branch offices. > > It would not be astonishing if your Watchguard firewall was blocking > or modifying the traceroute traffic and ICMP time exceeded packets > which result, unless someone has explicitly configured it to pass > traceroutes. > > However, the problem you've shown can also happen when something > things it should proxy-arp for all IPs, in other words, it will claim > that anything outside of the subnet it is actually on is really a > local IP and should go to that particular MAC address. > > Doing an "arp -a" and looking for dups should indicate whether this > sort of thing is happening... > > -- > -Chuck Problem solved, but this was indeed quite interesting. I've got several FreeBSD boxes scattered at various points through our network. After checking them, the ones that I had trouble with are those that are in the same subnet as our two firewalls. Doing a traceroute from the others worked just fine. However, 'arp -a' on the affected FreeBSD boxes (those in the subnet with the Watchguards) didn't reveal anything interesting. So, the Watchguards were doing *something*. OTOH, running tracert (the Windows version of traceroute) from a box on that same subnet worked just fine - that is, I get a full list of hops, etc. This is where the light started to shine.. I tried 'traceroute -P udp' and 'traceroute -P tcp', with no difference - that is, the machines in the same subnet got a single line back. However, if I specified 'tracert -I' (capital i - which means use ICMP) I get the output I expect from a traceroute command. As mentioned above, however, arp -a reveals no duplicates. Windows uses ICMP for its traceroutes, FreeBSD doesn't, by default, though it can. So, I took a look at my traceroute filter on the firewall, and found, finally, that it wasn't allowed from the subnet where my problem children were. I adjusted the filter on the firewall, and all is now happy. Thanks for your help, Chuck - it made the difference I needed to figure this out. Kurt