Date: Sun, 2 Sep 2001 23:46:56 -0400 (EDT) From: Joe Clarke <marcus@marcuscom.com> To: Chip <chip@wiegand.org> Cc: Ted Mittelstaedt <tedm@toybox.placo.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: replacing a cisco router with a fbsd box Message-ID: <20010902234540.I17519-100000@shumai.marcuscom.com> In-Reply-To: <01090215253407.44697@chip.wiegand.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Telnet is one way of going, but if the router isn't allowing connections, you'll need to do it from the console. I can also send you a good list of SNMP objects for polling if you'd like that. Joe On Sun, 2 Sep 2001, Chip wrote: > On Sunday 02 September 2001 09:40, Joe Clarke wrote: > > I believe the NAT bug you're referring to has been fixed. However, if you > > send me some details, I'd be happy to verify for you. > > > > Yes, FreeBSD's NAT isn't as feature-rich as Cisco's, but the libalias > > stuff is easy to add protocol support to. I just added TFTP to the tree, > > and internal to Cisco, I've added another protocol for IP telephony. > > > > As for the crash/hang. Yeah, if it hangs, you're screwed. It's hard to > > troubleshoot those kind of things if you can't produce any kind of error > > messages. In those cases, obtaining information regularly like show proc, > > show proc cpu, show buff, and show log can help. > > Are those run on the router via telnet? > > -- > Chip > > > > > Joe > > > > On Sun, 2 Sep 2001, Ted Mittelstaedt wrote: > > > >-----Original Message----- > > > >From: owner-freebsd-questions@FreeBSD.ORG > > > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Joe Clarke > > > > > > > >I realize I'm coming in a bit late on this, but I work for Cisco TAC, > > > > and can say that with the recent Code Red thing, our NAT has seen a lot > > > > of work. There have been bugs filed to be sure. > > > > > > I hope that you fix the one where the Cisco NAT doesen't tear down the > > > address map as soon as the connection is closed. I saw that one on a > > > 1005 running early 12.0 code when someone asked us why they could Telnet > > > into a JetDirect card from the Internet that in reality had a private > > > network number. Turned out they were telnetting into the overload number > > > on a nat pool on the 1005. I never did get around to writing that one up > > > because I figured it was an > > > obvious hole that would be caught, but if your interested I'll dig up the > > > particulars. > > > > > > Offloading NAT from a > > > > > > >router with a small amount of RAM will improve packet flow to be sure. > > > > In fact, if you're experiencing lock-ups, I'd try that. It may help > > > > you isolate the problem. FreeBSD's NAT is pretty good for most > > > > standard protocols. I've found it's relatively easy to add support to. > > > > > > But it doesen't so the DNS trick that you guys do which is very useful. > > > :-( > > > > > > >Also, if you do find yourself having to reload, see if you're getting > > > > any tracebacks. Do a show ver or show stack, and see what you can see. > > > > Those memory addresses can be useful for tracking down bugs. > > > > > > He was saying that when the router got hosed that they had to power-cycle > > > which I take it to mean the device froze. It sounds suspiciously like > > > flakey hardware to me. Maybe someone upgraded the ram with some random > > > PC memory they had lying around? > > > > > > > > > Ted Mittelstaedt > > > tedm@toybox.placo.com Author of: The FreeBSD > > > Corporate Networker's Guide Book website: > > > http://www.freebsd-corp-net-guide.com > > -- > -- > Chip W. > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010902234540.I17519-100000>