Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 2 Sep 2001 15:25:34 -0700
From:      Chip <chip@wiegand.org>
To:        Joe Clarke <marcus@marcuscom.com>, Ted Mittelstaedt <tedm@toybox.placo.com>
Cc:        <freebsd-questions@FreeBSD.ORG>
Subject:   Re: replacing a cisco router with a fbsd box
Message-ID:  <01090215253407.44697@chip.wiegand.org>
In-Reply-To: <20010902123707.Y68847-100000@shumai.marcuscom.com>
References:  <20010902123707.Y68847-100000@shumai.marcuscom.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday 02 September 2001 09:40, Joe Clarke wrote:
> I believe the NAT bug you're referring to has been fixed.  However, if you
> send me some details, I'd be happy to verify for you.
>
> Yes, FreeBSD's NAT isn't as feature-rich as Cisco's, but the libalias
> stuff is easy to add protocol support to.  I just added TFTP to the tree,
> and internal to Cisco, I've added another protocol for IP telephony.
>
> As for the crash/hang.  Yeah, if it hangs, you're screwed.  It's hard to
> troubleshoot those kind of things if you can't produce any kind of error
> messages.  In those cases, obtaining information regularly like show proc,
> show proc cpu, show buff, and show log can help.

Are those run on the router via telnet?

--
Chip

>
> Joe
>
> On Sun, 2 Sep 2001, Ted Mittelstaedt wrote:
> > >-----Original Message-----
> > >From: owner-freebsd-questions@FreeBSD.ORG
> > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Joe Clarke
> > >
> > >I realize I'm coming in a bit late on this, but I work for Cisco TAC,
> > > and can say that with the recent Code Red thing, our NAT has seen a lot
> > > of work.  There have been bugs filed to be sure.
> >
> > I hope that you fix the one where the Cisco NAT doesen't tear down the
> > address map as soon as the connection is closed.  I saw that one on a
> > 1005 running early 12.0 code when someone asked us why they could Telnet
> > into a JetDirect card from the Internet that in reality had a private
> > network number. Turned out they were telnetting into the overload number
> > on a nat pool on the 1005.  I never did get around to writing that one up
> > because I figured it was an
> > obvious hole that would be caught, but if your interested I'll dig up the
> > particulars.
> >
> >   Offloading NAT from a
> >
> > >router with a small amount of RAM will improve packet flow to be sure. 
> > > In fact, if you're experiencing lock-ups, I'd try that.  It may help
> > > you isolate the problem.  FreeBSD's NAT is pretty good for most
> > > standard protocols.  I've found it's relatively easy to add support to.
> >
> > But it doesen't so the DNS trick that you guys do which is very useful.
> > :-(
> >
> > >Also, if you do find yourself having to reload, see if you're getting
> > > any tracebacks.  Do a show ver or show stack, and see what you can see.
> > >  Those memory addresses can be useful for tracking down bugs.
> >
> > He was saying that when the router got hosed that they had to power-cycle
> > which I take it to mean the device froze.  It sounds suspiciously like
> > flakey hardware to me.  Maybe someone upgraded the ram with some random
> > PC memory they had lying around?
> >
> >
> > Ted Mittelstaedt                                      
> > tedm@toybox.placo.com Author of:                           The FreeBSD
> > Corporate Networker's Guide Book website:                         
> > http://www.freebsd-corp-net-guide.com

-- 
--
Chip W.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01090215253407.44697>