From owner-freebsd-questions@FreeBSD.ORG Thu Jul 31 17:27:33 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B40B37B401 for ; Thu, 31 Jul 2003 17:27:33 -0700 (PDT) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 65F4D43FAF for ; Thu, 31 Jul 2003 17:27:32 -0700 (PDT) (envelope-from freebsd-questions-local@be-well.no-ip.com) Received: from be-well.ilk.org (be-well.no-ip.com[66.30.200.37]) by comcast.net (rwcrmhc13) with ESMTP id <2003080100273101500mh4a0e>; Fri, 1 Aug 2003 00:27:31 +0000 Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [66.30.200.37] (may be forged)) by be-well.ilk.org (8.12.9/8.12.9) with ESMTP id h710RTM1043323; Thu, 31 Jul 2003 20:27:30 -0400 (EDT) (envelope-from freebsd-questions-local@be-well.no-ip.com) Received: (from lowell@localhost) by be-well.ilk.org (8.12.9/8.12.6/Submit) id h710RTZf043320; Thu, 31 Jul 2003 20:27:29 -0400 (EDT) X-Authentication-Warning: be-well.ilk.org: lowell set sender to freebsd-questions-local@be-well.ilk.org using -f Sender: lowell@be-well.no-ip.com To: "Company 2210" References: From: Lowell Gilbert Date: 31 Jul 2003 20:27:29 -0400 In-Reply-To: Message-ID: <44zniu1atq.fsf@be-well.ilk.org> Lines: 108 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-questions@freebsd.org Subject: Re: ARP Problem - Please Help X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 00:27:33 -0000 "Company 2210" writes: > My problem is this (and it's driving me nuts as I can't see the > solution). I have two freebsd boxes acting as routers, the layout is like > this: > > > Clients (12.20.78.0/25) <----->(eth0) ROUTER A (eth1)<=======> (eth1) ROUTER > B (eth0) <----> (12.20.65.69) Upstream ISP & Internet > > Router A Configuration: > > eth0: 12.20.78.1 Subnet 255.255.255.128 > eth1: 10.0.0.1 Subnet 255.255.255.0 > > Router B Configuration: > > eth0: 12.20.65.70 Subnet 255.255.255.252 > eth1: 10.0.0.2 Subnet 255.255.255.0 > > > The private IP's denote an IPSEC VPN connection (Wireless) between ROUTER A > & B, all the client PC's are on public IP's. Now, the VPN works perfectly, > encrypting the packets over the wireless link, however ROUTER A's eth0 > interface does not appear in the arp -a lookup: > > ? (10.0.0.1) at 00:05:5d:a6:15:78 on eth1 permanent [ethernet] > ? (10.0.0.2) at 00:c0:dd:ea:ac:5c on eth1 [ethernet] > ? (12.20.78.0) at ff:ff:ff:ff:ff:ff on eth0 permanent [ethernet] > ? (12.20.78.2) at 00:0c:cd:53:d9:f3 on eth0 [ethernet] > ? (12.20.78.42) at 00:9a:17:90:d3:b4 on eth0 [ethernet] > ? (12.20.78.52) at 00:2b:18:2e:22:21 on eth0 [ethernet] > ? (12.20.78.127) at ff:ff:ff:ff:ff:ff on eth0 permanent [ethernet] Those look like entries for all the local nets... > If I try and force the entry, I receive the following error: > > routera# arp -s 12.20.78.1 00:0c:5d:e6:16:75 > set: can only proxy for 12.20.78.1 Router B shouldn't need that, because it isn't on that link, and Router A shouldn't need it because it *is* 12.20.78.1. What are you trying to do? > The big problem this is causing is that clients cannot ping the gateway, and > it responds to no requests (i.e I can't ssh into it), but it still forwards > packets perfectly. Basically it's like 12.20.78.1 was invisible. The other > strange thing is, that if I ssh into ROUTER B and ping 12.20.78.1 I receive > replies: What host and gateway addresses are you referring to in the first sentence, and why are you surprised by the second? > routerb# ping 12.20.78.1 > PING 12.20.78.1 (12.20.78.1): 56 data bytes > 64 bytes from 12.20.78.1: icmp_seq=0 ttl=64 time=3.577 ms > 64 bytes from 12.20.78.1: icmp_seq=1 ttl=64 time=3.724 ms > 64 bytes from 12.20.78.1: icmp_seq=2 ttl=64 time=3.817 ms > ^C > --- 12.20.78.1 ping statistics --- > 3 packets transmitted, 3 packets received, 0% packet loss > round-trip min/avg/max/stddev = 3.577/3.706/3.817/0.099 ms > > > The output of ROUTER B's arp table is displayed below: > > ? (10.0.0.1) at 00:05:5d:a6:15:78 on eth1 [ethernet] > ? (10.0.0.2) at 00:c0:dd:ea:ac:5c on eth1 permanent [ethernet] > ? (12.20.65.69) at 00:d0:03:ba:bb:fc on eth0 [ethernet] > > > I am completely at a loss as to how to get around this problem. Any help or > advice would be really great as I've spend the past 3 days, and the floor is > littered with tufts of hair ;) Just incase this is any help, this is the > output from setkey -DP (For encrypting the packets across the 10.0.0.x link) > on each router: > > ROUTER A: > > 0.0.0.0/0[any] 12.20.78.0/25[any] any > in ipsec > esp/tunnel/10.0.0.2-10.0.0.1/require > spid=2 seq=1 pid=778 > refcnt=1 > 12.20.78.0/25[any] 0.0.0.0/0[any] any > out ipsec > esp/tunnel/10.0.0.1-10.0.0.2/require > spid=1 seq=0 pid=778 > refcnt=1 > > ROUTER B: > > 12.20.78.0/25[any] 0.0.0.0/0[any] any > in ipsec > esp/tunnel/10.0.0.1-10.0.0.2/require > spid=8 seq=1 pid=24377 > refcnt=1 > 0.0.0.0/0[any] 12.20.78.0/25[any] any > out ipsec > esp/tunnel/10.0.0.2-10.0.0.1/require > spid=7 seq=0 pid=24377 > refcnt=1 I don't really get the "eth0" nomenclature, anyway; I've seen it on Linux, where the device type is abstracted behind a common name, but I don't know what it means in a FreeBSD setup...