From owner-freebsd-net@FreeBSD.ORG Sun Jan 23 22:27:02 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 56E2E16A4CE for ; Sun, 23 Jan 2005 22:27:02 +0000 (GMT) Received: from borgtech.ca (borgtech.ca [216.187.106.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15E3943D46 for ; Sun, 23 Jan 2005 22:27:02 +0000 (GMT) (envelope-from asegu@borgtech.ca) Received: from asegulaptop (unknown [161.53.212.129]) by borgtech.ca (Postfix) with ESMTP id A997254A5 for ; Sun, 23 Jan 2005 22:31:30 +0000 (GMT) From: "Andrew Seguin" To: Date: Sun, 23 Jan 2005 23:25:47 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 thread-index: AcUBmnxv1/7yLmEbSNKwVODRtEHJJQ== Message-Id: <20050123223130.A997254A5@borgtech.ca> Subject: Weird situation X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Jan 2005 22:27:02 -0000 Here I am again, experimenting with FreeBSD on the network. My last questions here helped me get a firewall to help our network. Now, I have a test setup in a virtual environment=85 but I have a = problem. (why else would I be writing here then?). At the moment I have no clue = what to even look up on Google or the archives (so all I=92ve been able to do = at the moment is experiment). The problem: traffic is flowing through one way, not back, through a = test environment. The setup: Main connection: Router -> [vlan0][fxp1] firewall (production) [fxp0][vlan1] -> managed switch, cuts off the vlan tag. >From the switch -> secondary switch -> {FreeBSD test firewall -> FreeBSD test server} The two servers between '{' and '}' are running inside virtual PC on a windows 2000 server (the best I could make up for a "lab"). They were = build by having the test firewall de0 linked with the physical nic, and de1 to = a "Microsoft loopback adapter", de0 of the test server as well. Problem: Pings from the test server at the end of the chain to the router don't = come back all the way. Tests to date: I've been using tcpdump -i {interface} "host {test_ip}" at each stage. At the main firewall, tcpdump shows both request and reply, no problem. On the win2k server, ethereal shows both request and reply, no problem. On the test firewall, I see only the outgoing ICMP ping request. At all points, the TTL seems fine (still 255 when captured by the win2k server). So I wondered, is virtual PC not sending the packet along? But the freebsd firewall server can ping the router no problem. What about the communication between the two freebsd servers? Ping works with no problem at all. The test firewall is as open as I can make, it is built with the same = kernel configuration as the production firewall, it is enabled in rc.conf with = type OPEN. I'm not sure I know what to do about this problem at the moment, And therefore ask if anybody knows what I could do about this? Writing allll this down, I had a crazy idea that depresses me... what if Virtual PC is not respecting the PROMISC mode of the virtual network = card and then the test server is not seeing traffic not specifically meant = for it... :( Can anybody confirm or give any suggestions? --=20 No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.7.2 - Release Date: 1/21/2005 =20