From owner-freebsd-questions@FreeBSD.ORG Mon Nov 26 01:26:21 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4D7D416A418 for ; Mon, 26 Nov 2007 01:26:21 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.freebsd.org (Postfix) with ESMTP id 5884D13C4F7 for ; Mon, 26 Nov 2007 01:26:18 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.5) with SMTP id MAA17850; Mon, 26 Nov 2007 12:26:01 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Mon, 26 Nov 2007 12:26:00 +1100 (EST) From: Ian Smith To: Alaor Barroso de Carvalho Neto In-Reply-To: <2949641c0711240741i24ef2a1cj46c2ba0f5a33fd38@mail.gmail.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-questions@freebsd.org Subject: Re: routing problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2007 01:26:21 -0000 On Sat, 24 Nov 2007, Alaor Barroso de Carvalho Neto wrote: > 2007/11/24, Ian Smith : > > > > No I didn't mean that; use your own favourite packet filter, any of them > > can handle what you've described. Bill suggested pf - lots of people > > seem to like it a lot - and I use ipfw because I (mostly) know how to. > > > I always had linux servers, so I'm very familiar with iptables, I don't have > a favorite BSD firewall yet, so that's why I'm asking. I choose ipfilter > because I liked the tutorial in the FreeBSD handbook, but I don't know any > features of the others, I even don't know ipfilter yet. Yes, I suspect the handbook firewall sections were put together by an ipfilter fan, even the ipfw section contains some oddities indicating that, and the pf section so far lacks the basic and with-NAT firewall setups that might encourage more people unfamiliar with pf to try it. > Ok. Pasted output of 'ifconfig' and 'netstat -finet -nr' may help .. > > it's easier to parse familiar machine output than textual descriptions. > > > My BSD box don't have graphic interface and I must admit I'm suffering to > use it, so that's why I'm transcripting the configs, but I'm gonna change > that. You can mark and copy with the mouse in text terminals on non-X boxes, at a pinch. I then use (say) ee to save the paste, though of course it's a lot less tedious working from an xterm with multiple clipboard buffers .. I've pasted up to 2000 lines from a Konsole at times :) > Dunno. I'd just run tcpdump in a different terminal for each interface > > and watch the traffic; what gets forwarded, or not, what gets translated > > by NAT, or not. As you said, pings are a useful start, as can be adding > > temporary firewall rules to log everything in and out per interface .. > > > > I know next to nothing about routed(8) and RIP, nor why you might prefer > > it to static and cloned routing, but taking it out of the mix might help > > with debugging until your basic routing and filtering works right? > > > I think it's hard to be NAT even because I've disabled ipfilter and the > problem still. I thought I would just set gateway_enable="YES" and things > would start working, at least that was how I've seem in the docs, but like > it didn't, I tried to set static routes. I don't know anything about routed > too, I just know that it's supposed to build the routes on demand, or I think routed might only work in a network that's using RIP throughout, but that's only from what I've read in Hunt's TCP/IP Network Admin book, and I've seen next to no discussion of using RIP in recent times. I'm pretty sure you don't want to run routed(8) and that it would only add to confusion for anyone trying to help you spot your problem here. > something like that. I'll copy the result of netstat on monday but the > routes seems to be OK, they're there like they're supposed to be, at least I > think they are right. Probably the problem is very stupid, but I feel like Possibly just a little confusion re how freebsd routing tables are presented compared to Linux, especially re default routes, perhaps? > I've checked everything and I can't find the error, and like I'm not very > familiar with BSD I'm losing my hope. Next week I'll try some things and if > it don't work I think it's time to go back to linux. That's bad because I > liked a lot the freebsd way of do the things. I suggest ending this thread here, and that you come back with a fresh start on a fresh subject stating again what you want to do, your network setup and layout, ifconfig and your full IPv4 routing tables, and clear description of which packets via which interface/s are failing to get to where you want them to go (and back!). Your original message was fairly clear about that, though it's got lost in the mists of time by now .. Don't give up. Perhaps spend a little time browsing the freebsd-net list to see if that's worth joining for you, if you can't get sufficent answers here, but with enough basic info I'm sure someone here can help. Cheers, Ian