Date: Mon, 1 Nov 1999 11:39:26 +0200 From: Rick Afonso <rick.afonso@usko.com> To: "'freebsd-questions@FreeBSD.ORG.'" <freebsd-questions@FreeBSD.ORG> Subject: Squid Proxy & Natd Arp problem Message-ID: <91FBD7B8C861D2119C3100805FA72FE1199ECE@CPTCOMXCH>
next in thread | raw e-mail | index | archive | help
Hi Everyone I have a client who is experiencing a strange problem which appears to be ARP related. ISP1 ISP2 | | router router | ip1 |ip2 |------------------------------------------------------------|Ethernet | | |ip1.1 |ip2.1 | | | | DNS DNS Proxy1 Proxy2 | | 10.0.0.0/16|----------------------------------| Ethernet | | WWW W/stations Server The client has two incoming leased line circuits from two different ISP's, each circuit has a registered IP address range being routed through it. The client has two BSD boxes setup as Proxy (Squid) servers also running NATD. The clients internal network sits on the 10.0.0.0 / 16 range behind these two proxy servers. The client's two DNS servers are on the registered IP side of the Proxy servers, while his web server (hosting multiple sites) is behind the proxy servers. The two proxy servers have NATd alias tables mapping the relevant registered IP address to the private internal address. Each server is dedicated to one of the registered IP ranges. ie: an http request will be resolved to a registered IP address which when the client browser connects to, will be redirected to the private address, which it corresponds to in the NATd tables, by the proxy server which services the particular external IP range( indicated by numbering above) From the outside world this works fine. Attempting to connect to one of the hosted web sites, the traffic hits the relevant proxy server which then translates it and passes it to the web server on the relevant internal address. If an internal user tries to connect to a web site (using one of the proxy servers as his browser proxy) the results vary. If the site he attempts to connect to is natted via the proxy box (being used as his web proxy) he cannot connect.. Looking at the ARP table on that proxy server it indicates " incomplete " for the relevant external IP address arp resolution. If the web site is natted via the other proxy server it works fine ie: if the IP address resolved for a web site is an address which is being natted by the same proxy server (which is used as a proxy ) by the client workstation, the proxy server is not immediately replacing the external address with the internal NATTED address and passing the traffic back to the internal server. It appears to try an ARP request which never gets answered. Does anyone have any ideas what could cause this? And an idea on how to resolve it. Thanks Rick Rick Afonso Senior Network Engineer USKO Communications Cape Town South Africa Mobile: +27 83 6014010 Phone: +27 21 4185354 Fax: +27 21 4185478 This message may contain information which is confidential and subject to legal privilege. If you are not the intended recipient, you may not peruse, use, disseminate, distribute or copy this message. If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and return and/or destroy the original message. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?91FBD7B8C861D2119C3100805FA72FE1199ECE>