Date: Mon, 13 Mar 2000 10:29:37 +0100 From: Thierry.Herbelot@alcatel.fr To: Ryan Thompson <ryan@sasknow.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Funny routing problem... Message-ID: <C12568A1.00342755.00@frmta003.netfr.alcatel.fr>
next in thread | raw e-mail | index | archive | help
Hello,
Your setup seems **way** too complicated :
I have such a network at home and all works fine with unregistered addresses for the
internal machines (and **no** aliases) and natd(8) running on the gateway machine.
For some specific applications, you may want to directly forward connections attempts
from the Internet to a defined machine of your internal network (via the
"redirect_port" feature of natd)
TfH
PS : as an example, here is how I allow X-windows connection on an internal machine :
(in /etc/natd.conf)
redirect_port tcp 10.0.1.103:6000 6001
Ryan Thompson <ryan@sasknow.com> on 11/03/2000 22:17:33
To: freebsd-questions@FreeBSD.ORG
cc: (bcc: Thierry HERBELOT/FR/ALCATEL)
Subject: Re: Funny routing problem...
Ryan Thompson wrote to freebsd-questions@FreeBSD.ORG:
Growl... This will be a LONG message. :-) Since I haven't had any replies
yet, I suppose I'll include some more details. This is an extremely
simple office network. Am I doing something wrong, here?
.--------. .-------------. .------------------.
<<----| Uplink |---| 3.4 Gateway |---| Internal machine |
`--------' `-------------' `------------------'
1xx.1xx.xx.1 1xx.1xx.xx.10 3.2-RELEASE
10.0.0.2 3.4-STABLE
4.0-CURRENT
PicoBSD
Also tried NT, 98
1xx.1xx.xx.{6,7,8,9,11,12,13}
10.0.0.1
Problem: "Internal machine" can't talk to "Uplink" (or any hosts beyond),
but the 3.4-STABLE gateway and the Internal machine can communicate fine
on all ports with both public (1xx.1xx.xx.0/24) and private (10.0.0.0/8)
network addresses. And, the 3.4-STABLE gateway can reach all hosts on
outside networks, including other hosts on 1xx.1xx.xx.0/24.
I no longer believe the configuration of the internal machine is at fault,
as I have tried many "known-good" configurations in several operating
systems on the other end, and they're all relatively simple: configure a
single network interface on 10.0.0.2 and 1xx.1xx.xx.10/32, default router
at 10.0.0.1 (3.4 gateway).
No packets are being dropped by ANY interface of mine during my tests...
I'm just not receiving responses from any hosts on any ports beyond the
3.4 gateway.
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 1xx.1xx.2xx.1 UGSc 64 70 ep0
10 link#1 UC 0 0 pn0
10.0.0.2 0:xx:xx:xx:xx:9e UHLW 1 0 pn0 537
127.0.0.1 127.0.0.1 UH 5 1231 lo0
1xx.1xx.xx.1 8:xx:xx:xx:xx:44 UHLW 61 20 ep0 1042
1xx.1xx.xx.6 0:xx:xx:xx:xx:8c UHLW 0 1505 lo0 =>
1xx.1xx.xx.6/32 link#2 UC 0 0 ep0
1xx.1xx.xx.7/32 link#2 UC 0 0 ep0
1xx.1xx.xx.8 0:xx:xx:xx:xx:8c UHLW 1 85 lo0 =>
1xx.1xx.xx.8/32 link#2 UC 0 0 ep0
1xx.1xx.xx.9/32 link#2 UC 0 0 ep0
1xx.1xx.xx.10 10.0.0.2 UGHS 0 8 pn0
1xx.1xx.xx.11 0:xx:xx:xx:xx:8c UHLW 0 10 lo0 =>
1xx.1xx.xx.11/32 link#2 UC 0 0 ep0
1xx.1xx.xx.12/32 link#2 UC 0 0 ep0
1xx.1xx.xx.13/32 link#2 UC 0 0 ep0
# ifconfig -a
pn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 0xff000000 broadcast 10.255.255.255
ether 00:xx:xx:xx:xx:b2
media: 100baseTX <full-duplex>
supported media: autoselect 100baseTX <full-duplex> 100baseTX <half-duplex> 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP 10baseT/UTP <half-duplex>
ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 1xx.1xx.xx.8 netmask 0xffffffff broadcast 1xx.1xx.xx.8
inet 1xx.1xx.xx.9 netmask 0xffffffff broadcast 1xx.1xx.xx.9
inet 1xx.1xx.xx.11 netmask 0xffffffff broadcast 1xx.1xx.xx.11
inet 1xx.1xx.xx.12 netmask 0xffffffff broadcast 1xx.1xx.xx.12
inet 1xx.1xx.xx.13 netmask 0xffffffff broadcast 1xx.1xx.xx.13
inet 1xx.1xx.xx.6 netmask 0xffffffff broadcast 1xx.1xx.xx.6
inet 1xx.1xx.xx.7 netmask 0xffffffff broadcast 1xx.1xx.xx.7
ether 00:xx:xx:xx:xx:8c
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
# ping -c 1 1xx.1xx.xx.1
PING 1xx.1xx.xx.1 (1xx.1xx.xx.1): 56 data bytes
64 bytes from 1xx.1xx.xx.1: icmp_seq=0 ttl=19 time=323.474 ms
--- 1xx.1xx.xx.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 323.474/323.474/323.474/0.000 ms
# exit
Yes, my uplink gateway appears to be very slow at the moment.. That's
about 3x the average round-trip time. A better network is in the works :-)
Some sysctl settings:
net.inet.ip.forwarding: 1
net.inet.ip.redirect: 1
net.inet.ip.ttl: 64
net.inet.ip.rtexpire: 3600
net.inet.ip.rtminexpire: 10
net.inet.ip.rtmaxcache: 128
net.inet.ip.sourceroute: 0
net.inet.ip.intr_queue_maxlen: 50
net.inet.ip.intr_queue_drops: 0
net.inet.ip.accept_sourceroute: 0
net.inet.ip.fastforwarding: 0
net.inet.ip.subnets_are_local: 0
net.inet.ip.fw.enable: 1
net.inet.ip.fw.one_pass: 1
net.inet.ip.fw.debug: 1
net.inet.ip.fw.verbose: 0
net.inet.ip.fw.verbose_limit: 0
Original message, in its lengthy entirety:
> Hi everybody.
>
> After having moved some equipment around (and upgraded several FreeBSD
> systems), I seem to have lost the ability to route between two particular
> machines:
>
> The gateway machine has two interfaces. pn0 for 10.0.0.0/8, ep0 for my
> public network. Packet forwarding is enabled in the kernel. Running
> 3.4-STABLE as of a few days ago. Firewall enabled, set to OPEN. Static
> route to the public IP of the internal machine set to 10.0.0.2.
>
> The internal machine has one interface, dc0 set to 10.0.0.2, netmask
> 0xff000000. Aliased one IP in the public network, netmask 0xffffffff.
> Running -CURRENT. Packet forwarding also enabled, here.
>
> lo0 interfaces are correctly configured on both systems, and both systems
> can talk to each other through the pn0/dc0 interfaces on either set of
> network numbers. NFS mounts between the two work like a charm.
>
> However, while the internal machine can reach the gateway fine, it can not
> reach any outside hosts. When I try tcpdump on the gateway machine for
> the ep0 (external) interface, and try to ping from the internal machine to
> an outside host, I see echo requests being sent, but no echo replies being
> received FROM the outside host. (Yes, pings from the gateway work fine)
>
> AND, I can ping/telnet/ssh/whatever very nicely FROM outside hosts, TO the
> internal machine (through the gateway), using the public IP address or
> hostname of the internal machine.
>
> I'm using static routes on both machines, and the routing tables look
> fine. I'm not using NAT.
>
> I'm at a loss, here, people... Any suggestions on how to regain outgoing
> connectivity from my internal machine?
>
>
--
Ryan Thompson <ryan@sasknow.com>
Systems Administrator, Accounts
Phone: +1 (306) 664-1161
SaskNow Technologies http://www.sasknow.com
#106-380 3120 8th St E Saskatoon, SK S7H 0W2
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C12568A1.00342755.00>