From owner-freebsd-questions Sun Sep 2 15:24:55 2001 Delivered-To: freebsd-questions@freebsd.org Received: from pioneernet.net (mail.pioneernet.net [207.115.64.224]) by hub.freebsd.org (Postfix) with ESMTP id 90B6637B407 for ; Sun, 2 Sep 2001 15:24:51 -0700 (PDT) Received: from chip.wiegand.org [66.114.152.128] by pioneernet.net (SMTPD32-6.06) id A2412A600EE; Sun, 02 Sep 2001 15:27:13 -0700 Content-Type: text/plain; charset="iso-8859-1" From: Chip To: Joe Clarke , Ted Mittelstaedt Subject: Re: replacing a cisco router with a fbsd box Date: Sun, 2 Sep 2001 15:25:34 -0700 X-Mailer: KMail [version 1.2] Cc: References: <20010902123707.Y68847-100000@shumai.marcuscom.com> In-Reply-To: <20010902123707.Y68847-100000@shumai.marcuscom.com> MIME-Version: 1.0 Message-Id: <01090215253407.44697@chip.wiegand.org> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sunday 02 September 2001 09:40, Joe Clarke wrote: > I believe the NAT bug you're referring to has been fixed. However, if you > send me some details, I'd be happy to verify for you. > > Yes, FreeBSD's NAT isn't as feature-rich as Cisco's, but the libalias > stuff is easy to add protocol support to. I just added TFTP to the tree, > and internal to Cisco, I've added another protocol for IP telephony. > > As for the crash/hang. Yeah, if it hangs, you're screwed. It's hard to > troubleshoot those kind of things if you can't produce any kind of error > messages. In those cases, obtaining information regularly like show proc, > show proc cpu, show buff, and show log can help. Are those run on the router via telnet? -- Chip > > Joe > > On Sun, 2 Sep 2001, Ted Mittelstaedt wrote: > > >-----Original Message----- > > >From: owner-freebsd-questions@FreeBSD.ORG > > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Joe Clarke > > > > > >I realize I'm coming in a bit late on this, but I work for Cisco TAC, > > > and can say that with the recent Code Red thing, our NAT has seen a lot > > > of work. There have been bugs filed to be sure. > > > > I hope that you fix the one where the Cisco NAT doesen't tear down the > > address map as soon as the connection is closed. I saw that one on a > > 1005 running early 12.0 code when someone asked us why they could Telnet > > into a JetDirect card from the Internet that in reality had a private > > network number. Turned out they were telnetting into the overload number > > on a nat pool on the 1005. I never did get around to writing that one up > > because I figured it was an > > obvious hole that would be caught, but if your interested I'll dig up the > > particulars. > > > > Offloading NAT from a > > > > >router with a small amount of RAM will improve packet flow to be sure. > > > In fact, if you're experiencing lock-ups, I'd try that. It may help > > > you isolate the problem. FreeBSD's NAT is pretty good for most > > > standard protocols. I've found it's relatively easy to add support to. > > > > But it doesen't so the DNS trick that you guys do which is very useful. > > :-( > > > > >Also, if you do find yourself having to reload, see if you're getting > > > any tracebacks. Do a show ver or show stack, and see what you can see. > > > Those memory addresses can be useful for tracking down bugs. > > > > He was saying that when the router got hosed that they had to power-cycle > > which I take it to mean the device froze. It sounds suspiciously like > > flakey hardware to me. Maybe someone upgraded the ram with some random > > PC memory they had lying around? > > > > > > Ted Mittelstaedt > > tedm@toybox.placo.com Author of: The FreeBSD > > Corporate Networker's Guide Book website: > > http://www.freebsd-corp-net-guide.com -- -- Chip W. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message