Date: Sun, 2 Sep 2001 15:25:34 -0700 From: Chip <chip@wiegand.org> To: Joe Clarke <marcus@marcuscom.com>, Ted Mittelstaedt <tedm@toybox.placo.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: replacing a cisco router with a fbsd box Message-ID: <01090215253407.44697@chip.wiegand.org> In-Reply-To: <20010902123707.Y68847-100000@shumai.marcuscom.com> References: <20010902123707.Y68847-100000@shumai.marcuscom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday 02 September 2001 09:40, Joe Clarke wrote: > I believe the NAT bug you're referring to has been fixed. However, if you > send me some details, I'd be happy to verify for you. > > Yes, FreeBSD's NAT isn't as feature-rich as Cisco's, but the libalias > stuff is easy to add protocol support to. I just added TFTP to the tree, > and internal to Cisco, I've added another protocol for IP telephony. > > As for the crash/hang. Yeah, if it hangs, you're screwed. It's hard to > troubleshoot those kind of things if you can't produce any kind of error > messages. In those cases, obtaining information regularly like show proc, > show proc cpu, show buff, and show log can help. Are those run on the router via telnet? -- Chip > > Joe > > On Sun, 2 Sep 2001, Ted Mittelstaedt wrote: > > >-----Original Message----- > > >From: owner-freebsd-questions@FreeBSD.ORG > > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Joe Clarke > > > > > >I realize I'm coming in a bit late on this, but I work for Cisco TAC, > > > and can say that with the recent Code Red thing, our NAT has seen a lot > > > of work. There have been bugs filed to be sure. > > > > I hope that you fix the one where the Cisco NAT doesen't tear down the > > address map as soon as the connection is closed. I saw that one on a > > 1005 running early 12.0 code when someone asked us why they could Telnet > > into a JetDirect card from the Internet that in reality had a private > > network number. Turned out they were telnetting into the overload number > > on a nat pool on the 1005. I never did get around to writing that one up > > because I figured it was an > > obvious hole that would be caught, but if your interested I'll dig up the > > particulars. > > > > Offloading NAT from a > > > > >router with a small amount of RAM will improve packet flow to be sure. > > > In fact, if you're experiencing lock-ups, I'd try that. It may help > > > you isolate the problem. FreeBSD's NAT is pretty good for most > > > standard protocols. I've found it's relatively easy to add support to. > > > > But it doesen't so the DNS trick that you guys do which is very useful. > > :-( > > > > >Also, if you do find yourself having to reload, see if you're getting > > > any tracebacks. Do a show ver or show stack, and see what you can see. > > > Those memory addresses can be useful for tracking down bugs. > > > > He was saying that when the router got hosed that they had to power-cycle > > which I take it to mean the device froze. It sounds suspiciously like > > flakey hardware to me. Maybe someone upgraded the ram with some random > > PC memory they had lying around? > > > > > > Ted Mittelstaedt > > tedm@toybox.placo.com Author of: The FreeBSD > > Corporate Networker's Guide Book website: > > http://www.freebsd-corp-net-guide.com -- -- Chip W. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01090215253407.44697>