From owner-freebsd-questions Mon Mar 13 1:30:30 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mel.alcatel.fr (mel.alcatel.fr [212.208.74.132]) by hub.freebsd.org (Postfix) with ESMTP id F273E37B99D for ; Mon, 13 Mar 2000 01:30:24 -0800 (PST) (envelope-from Thierry.Herbelot@alcatel.fr) Received: from aifhs10.alcatel.fr (mailhub2.alcatel.fr [155.132.188.80]) by mel.alcatel.fr (ALCANET/SMTP) with ESMTP id KAA28271; Mon, 13 Mar 2000 10:22:34 +0100 From: Thierry.Herbelot@alcatel.fr Received: from frmta003.netfr.alcatel.fr (frmta003.netfr.alcatel.fr [155.132.251.32]) by aifhs10.alcatel.fr (ALCANET/SMTP2) with SMTP id KAA02820; Mon, 13 Mar 2000 10:23:40 +0100 (MET) Received: by frmta003.netfr.alcatel.fr(Lotus SMTP MTA v4.6.6 (890.1 7-16-1999)) id C12568A1.00343407 ; Mon, 13 Mar 2000 10:30:11 +0100 X-Lotus-FromDomain: ALCATEL To: Ryan Thompson Cc: freebsd-questions@FreeBSD.ORG Message-ID: Date: Mon, 13 Mar 2000 10:29:37 +0100 Subject: Re: Funny routing problem... Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, Your setup seems **way** too complicated : I have such a network at home and all works fine with unregistered addresses for the internal machines (and **no** aliases) and natd(8) running on the gateway machine. For some specific applications, you may want to directly forward connections attempts from the Internet to a defined machine of your internal network (via the "redirect_port" feature of natd) TfH PS : as an example, here is how I allow X-windows connection on an internal machine : (in /etc/natd.conf) redirect_port tcp 10.0.1.103:6000 6001 Ryan Thompson on 11/03/2000 22:17:33 To: freebsd-questions@FreeBSD.ORG cc: (bcc: Thierry HERBELOT/FR/ALCATEL) Subject: Re: Funny routing problem... Ryan Thompson wrote to freebsd-questions@FreeBSD.ORG: Growl... This will be a LONG message. :-) Since I haven't had any replies yet, I suppose I'll include some more details. This is an extremely simple office network. Am I doing something wrong, here? .--------. .-------------. .------------------. <<----| Uplink |---| 3.4 Gateway |---| Internal machine | `--------' `-------------' `------------------' 1xx.1xx.xx.1 1xx.1xx.xx.10 3.2-RELEASE 10.0.0.2 3.4-STABLE 4.0-CURRENT PicoBSD Also tried NT, 98 1xx.1xx.xx.{6,7,8,9,11,12,13} 10.0.0.1 Problem: "Internal machine" can't talk to "Uplink" (or any hosts beyond), but the 3.4-STABLE gateway and the Internal machine can communicate fine on all ports with both public (1xx.1xx.xx.0/24) and private (10.0.0.0/8) network addresses. And, the 3.4-STABLE gateway can reach all hosts on outside networks, including other hosts on 1xx.1xx.xx.0/24. I no longer believe the configuration of the internal machine is at fault, as I have tried many "known-good" configurations in several operating systems on the other end, and they're all relatively simple: configure a single network interface on 10.0.0.2 and 1xx.1xx.xx.10/32, default router at 10.0.0.1 (3.4 gateway). No packets are being dropped by ANY interface of mine during my tests... I'm just not receiving responses from any hosts on any ports beyond the 3.4 gateway. # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 1xx.1xx.2xx.1 UGSc 64 70 ep0 10 link#1 UC 0 0 pn0 10.0.0.2 0:xx:xx:xx:xx:9e UHLW 1 0 pn0 537 127.0.0.1 127.0.0.1 UH 5 1231 lo0 1xx.1xx.xx.1 8:xx:xx:xx:xx:44 UHLW 61 20 ep0 1042 1xx.1xx.xx.6 0:xx:xx:xx:xx:8c UHLW 0 1505 lo0 => 1xx.1xx.xx.6/32 link#2 UC 0 0 ep0 1xx.1xx.xx.7/32 link#2 UC 0 0 ep0 1xx.1xx.xx.8 0:xx:xx:xx:xx:8c UHLW 1 85 lo0 => 1xx.1xx.xx.8/32 link#2 UC 0 0 ep0 1xx.1xx.xx.9/32 link#2 UC 0 0 ep0 1xx.1xx.xx.10 10.0.0.2 UGHS 0 8 pn0 1xx.1xx.xx.11 0:xx:xx:xx:xx:8c UHLW 0 10 lo0 => 1xx.1xx.xx.11/32 link#2 UC 0 0 ep0 1xx.1xx.xx.12/32 link#2 UC 0 0 ep0 1xx.1xx.xx.13/32 link#2 UC 0 0 ep0 # ifconfig -a pn0: flags=8843 mtu 1500 inet 10.0.0.1 netmask 0xff000000 broadcast 10.255.255.255 ether 00:xx:xx:xx:xx:b2 media: 100baseTX supported media: autoselect 100baseTX 100baseTX 100baseTX 10baseT/UTP 10baseT/UTP 10baseT/UTP ep0: flags=8843 mtu 1500 inet 1xx.1xx.xx.8 netmask 0xffffffff broadcast 1xx.1xx.xx.8 inet 1xx.1xx.xx.9 netmask 0xffffffff broadcast 1xx.1xx.xx.9 inet 1xx.1xx.xx.11 netmask 0xffffffff broadcast 1xx.1xx.xx.11 inet 1xx.1xx.xx.12 netmask 0xffffffff broadcast 1xx.1xx.xx.12 inet 1xx.1xx.xx.13 netmask 0xffffffff broadcast 1xx.1xx.xx.13 inet 1xx.1xx.xx.6 netmask 0xffffffff broadcast 1xx.1xx.xx.6 inet 1xx.1xx.xx.7 netmask 0xffffffff broadcast 1xx.1xx.xx.7 ether 00:xx:xx:xx:xx:8c lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 # ping -c 1 1xx.1xx.xx.1 PING 1xx.1xx.xx.1 (1xx.1xx.xx.1): 56 data bytes 64 bytes from 1xx.1xx.xx.1: icmp_seq=0 ttl=19 time=323.474 ms --- 1xx.1xx.xx.1 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 323.474/323.474/323.474/0.000 ms # exit Yes, my uplink gateway appears to be very slow at the moment.. That's about 3x the average round-trip time. A better network is in the works :-) Some sysctl settings: net.inet.ip.forwarding: 1 net.inet.ip.redirect: 1 net.inet.ip.ttl: 64 net.inet.ip.rtexpire: 3600 net.inet.ip.rtminexpire: 10 net.inet.ip.rtmaxcache: 128 net.inet.ip.sourceroute: 0 net.inet.ip.intr_queue_maxlen: 50 net.inet.ip.intr_queue_drops: 0 net.inet.ip.accept_sourceroute: 0 net.inet.ip.fastforwarding: 0 net.inet.ip.subnets_are_local: 0 net.inet.ip.fw.enable: 1 net.inet.ip.fw.one_pass: 1 net.inet.ip.fw.debug: 1 net.inet.ip.fw.verbose: 0 net.inet.ip.fw.verbose_limit: 0 Original message, in its lengthy entirety: > Hi everybody. > > After having moved some equipment around (and upgraded several FreeBSD > systems), I seem to have lost the ability to route between two particular > machines: > > The gateway machine has two interfaces. pn0 for 10.0.0.0/8, ep0 for my > public network. Packet forwarding is enabled in the kernel. Running > 3.4-STABLE as of a few days ago. Firewall enabled, set to OPEN. Static > route to the public IP of the internal machine set to 10.0.0.2. > > The internal machine has one interface, dc0 set to 10.0.0.2, netmask > 0xff000000. Aliased one IP in the public network, netmask 0xffffffff. > Running -CURRENT. Packet forwarding also enabled, here. > > lo0 interfaces are correctly configured on both systems, and both systems > can talk to each other through the pn0/dc0 interfaces on either set of > network numbers. NFS mounts between the two work like a charm. > > However, while the internal machine can reach the gateway fine, it can not > reach any outside hosts. When I try tcpdump on the gateway machine for > the ep0 (external) interface, and try to ping from the internal machine to > an outside host, I see echo requests being sent, but no echo replies being > received FROM the outside host. (Yes, pings from the gateway work fine) > > AND, I can ping/telnet/ssh/whatever very nicely FROM outside hosts, TO the > internal machine (through the gateway), using the public IP address or > hostname of the internal machine. > > I'm using static routes on both machines, and the routing tables look > fine. I'm not using NAT. > > I'm at a loss, here, people... Any suggestions on how to regain outgoing > connectivity from my internal machine? > > -- Ryan Thompson Systems Administrator, Accounts Phone: +1 (306) 664-1161 SaskNow Technologies http://www.sasknow.com #106-380 3120 8th St E Saskatoon, SK S7H 0W2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message