From owner-freebsd-questions@FreeBSD.ORG Fri May 29 15:57:43 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ACC5F106564A for ; Fri, 29 May 2009 15:57:43 +0000 (UTC) (envelope-from nvass9573@gmx.com) Received: from mail.gmx.com (unknown [213.165.64.42]) by mx1.freebsd.org (Postfix) with SMTP id 040B28FC19 for ; Fri, 29 May 2009 15:57:42 +0000 (UTC) (envelope-from nvass9573@gmx.com) Received: (qmail invoked by alias); 29 May 2009 15:57:41 -0000 Received: from ipa228.83.91.tellas.gr (EHLO [192.168.254.1]) [91.140.83.228] by mail.gmx.com (mp-eu005) with SMTP; 29 May 2009 17:57:41 +0200 X-Authenticated: #46156728 X-Provags-ID: V01U2FsdGVkX1+pdBYfGEqp/Hs1bttnIpnLnRjdIpviaoUOUhH1ny GalgpshD1FCuoN Message-ID: <4A2005C1.9050404@gmx.com> Date: Fri, 29 May 2009 18:56:49 +0300 From: Nikos Vassiliadis User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: Fabian Holler References: <20090529104441.GP98712@whiteshark.holler> In-Reply-To: <20090529104441.GP98712@whiteshark.holler> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 X-FuHaFi: 0.46 Cc: freebsd-questions@freebsd.org Subject: Re: pppoe routing problem, default route isnt used for some hosts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 May 2009 15:57:43 -0000 Fabian Holler wrote: > Hello, > > I have an strange routing problem. I can't connect to some hosts in the > internet till I add an explicit route for this hosts with my default gw > as gateway. > There aren't any other routes that could match the destination IP for > "non-working hosts". So the connection should also without an explicit > route for this Hosts use the default gw. > > My Setup: > FreeBSD 7.2-RELEASE > mppd to make an PPPOE connection to my internet service > provider. > PF as firewall > > To isolate the problem I used an minimal pf.conf: > --- > "inetif=ng0 > lanif=vr0 > > scrub all max-mss 1492 > pass quick on lo0 all > pass out on $inetif proto { tcp udp icmp } all keep state" > pass on $lanif from any to any > --- > I also tried pppd instead of mppd(dont helps). > > > Hosts that I can't connect to, are ie spiegel.de, tagesschau.de, freebsd.org > southparkstudios.com > I.e > TCP connections to Port 80 of southparkstudios.com dont work. > If I add an explicit route: > "route add southparkstudios.com 213.191.84.199" Besides netstat -rn, you can use "route get southparkstudios.com" to check a route for a destination. > Connections with nc to port 80 works > (the connections tests are made from the router, the iface MTUs are correct) You cannot test MTU settings using nc, since initial packets, that is, small packets, are always smaller than your MTU. You can test MTU using fetch or ftp or nc + "GET /some.big.file". > > Anybody have an idea what could be wrong? > > I have no idea anymore > (its also not an provider problem, when i made the pppoe connection from windows I can connect to alls hosts) > > > thanks for any hints:) > > best regards > > Fabian > > > ------------------------------------- > My routing table: > " > # netstat -ra > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default lo1.br04.weham.de. UGS 0 15505 ng0 > 1.1.1.1&0x1010101 link#1 UC 0 0 rl0 What is this ^^^^??? It looks like not-contiguous netmask? > exxx45031.adsl.al lo0 UHS 0 0 lo0 > localhost localhost UH 0 433 lo0 > 192.168.113.0 link#2 UC 0 0 vr0 > xyz 00:30:18:ad:26:88 UHLW 1 24005 lo0 > mail.xyz.ath.cx 00:30:18:ad:26:88 UHLW 1 86400 lo0 > http.xyz.ath.cx 00:30:18:ad:26:88 UHLW 1 770 lo0 > 192.168.113.255 ff:ff:ff:ff:ff:ff UHLWb 1 3228 vr0 > lo1.br04.weham.de. e176145031.adsl.al UH 1 0 ng0 > > [... ipv6 stuff] > " > > Interface infos: > " > # netstat -ira > Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll > rl0 1492 00:02:2a:b0:4a:e0 26128479 0 19855993 0 0 > 01:00:5e:00:00:01 0 0 > rl0 1492 1.1.1.1&0x101 1.1.1.1 0 - 2653 - - > ALL-SYSTEMS.MCAST > vr0 1500 00:30:18:ad:26:88 12662831 0 17678949 0 0 > 01:00:5e:00:00:01 2038 0 > vr0 1500 192.168.113.0 xyz 9745471 - 13639692 - - > ALL-SYSTEMS.MCAST > vr0 1500 192.168.113.0 mail.xyz.a 291626 - 86404 - - > ALL-SYSTEMS.MCAST > vr0 1500 192.168.113.0 http.xyz.a 6814 - 770 - - > ALL-SYSTEMS.MCAST > lo0 16384 113929 0 113929 0 0 > lo0 16384 fe80:3::1 fe80:3::1 0 - 0 - - > ff01:3::1 (refs: 1) > ff02:3::2:a61d:93b4(refs: 1) > ff02:3::1 (refs: 1) > ff02:3::1:ff00:1 (refs: 1) > lo0 16384 localhost ::1 0 - 0 - - > ff01:3::1 (refs: 1) > ff02:3::2:a61d:93b4(refs: 1) > ff02:3::1 (refs: 1) > ff02:3::1:ff00:1 (refs: 1) > lo0 16384 your-net localhost 433 - 2433 - - > ALL-SYSTEMS.MCAST > pflog 33204 0 0 80567 0 0 > tun0* 1500 78331 0 76381 0 0 > tun99 1500 353 0 375 0 0 > ng0 1492 17114096 0 13449463 0 0 > ng0 1492 85.176.145.31 e176145031.adsl.a 12398 - 17011 - - > ALL-SYSTEMS.MCAST > " > > mpd.conf: > " > default: > load PPPoE > PPPoE: > new -i ng0 PPPoE PPPoE > set iface addrs 1.1.1.1 2.2.2.2 Maybe you should delete the above line as well. I dont remembere what "iface addrs" does, but you'll get the IP addresses via IPCP, so it's surely redundant. > set iface route default > set iface enable on-demand > set iface idle 0 > set bundle disable multilink > set bundle authname "xxy" > set iface disable tcpmssfix > set link no acfcomp protocomp > set link disable pap chap > set link accept chap > set link mtu 1492 > set link mru 1492 this is also wrong, don't try to set MTU or MRU. There are negotiated during PPP. > set link keep-alive 10 60 > set ipcp yes vjcomp > set iface enable tcpmssfix#I know pf also do this in my setup, but Iam despaired:) > set ipcp ranges 0.0.0.0/0 0.0.0.0/0 > set nat disable > log +link > open iface > " > mpd.links: > "PPPoE: > set link type pppoe > set pppoe iface rl0 > set pppoe disable incoming > set pppoe enable originate > " What is really strange is that netmask, maybe that's the source of the problem... HTH, Nikos