Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 2 Sep 2001 23:46:56 -0400 (EDT)
From:      Joe Clarke <marcus@marcuscom.com>
To:        Chip <chip@wiegand.org>
Cc:        Ted Mittelstaedt <tedm@toybox.placo.com>, <freebsd-questions@FreeBSD.ORG>
Subject:   Re: replacing a cisco router with a fbsd box
Message-ID:  <20010902234540.I17519-100000@shumai.marcuscom.com>
In-Reply-To: <01090215253407.44697@chip.wiegand.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Telnet is one way of going, but if the router isn't allowing connections,
you'll need to do it from the console.  I can also send you a good list of
SNMP objects for polling if you'd like that.

Joe

On Sun, 2 Sep 2001, Chip wrote:

> On Sunday 02 September 2001 09:40, Joe Clarke wrote:
> > I believe the NAT bug you're referring to has been fixed.  However, if you
> > send me some details, I'd be happy to verify for you.
> >
> > Yes, FreeBSD's NAT isn't as feature-rich as Cisco's, but the libalias
> > stuff is easy to add protocol support to.  I just added TFTP to the tree,
> > and internal to Cisco, I've added another protocol for IP telephony.
> >
> > As for the crash/hang.  Yeah, if it hangs, you're screwed.  It's hard to
> > troubleshoot those kind of things if you can't produce any kind of error
> > messages.  In those cases, obtaining information regularly like show proc,
> > show proc cpu, show buff, and show log can help.
>
> Are those run on the router via telnet?
>
> --
> Chip
>
> >
> > Joe
> >
> > On Sun, 2 Sep 2001, Ted Mittelstaedt wrote:
> > > >-----Original Message-----
> > > >From: owner-freebsd-questions@FreeBSD.ORG
> > > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Joe Clarke
> > > >
> > > >I realize I'm coming in a bit late on this, but I work for Cisco TAC,
> > > > and can say that with the recent Code Red thing, our NAT has seen a lot
> > > > of work.  There have been bugs filed to be sure.
> > >
> > > I hope that you fix the one where the Cisco NAT doesen't tear down the
> > > address map as soon as the connection is closed.  I saw that one on a
> > > 1005 running early 12.0 code when someone asked us why they could Telnet
> > > into a JetDirect card from the Internet that in reality had a private
> > > network number. Turned out they were telnetting into the overload number
> > > on a nat pool on the 1005.  I never did get around to writing that one up
> > > because I figured it was an
> > > obvious hole that would be caught, but if your interested I'll dig up the
> > > particulars.
> > >
> > >   Offloading NAT from a
> > >
> > > >router with a small amount of RAM will improve packet flow to be sure.
> > > > In fact, if you're experiencing lock-ups, I'd try that.  It may help
> > > > you isolate the problem.  FreeBSD's NAT is pretty good for most
> > > > standard protocols.  I've found it's relatively easy to add support to.
> > >
> > > But it doesen't so the DNS trick that you guys do which is very useful.
> > > :-(
> > >
> > > >Also, if you do find yourself having to reload, see if you're getting
> > > > any tracebacks.  Do a show ver or show stack, and see what you can see.
> > > >  Those memory addresses can be useful for tracking down bugs.
> > >
> > > He was saying that when the router got hosed that they had to power-cycle
> > > which I take it to mean the device froze.  It sounds suspiciously like
> > > flakey hardware to me.  Maybe someone upgraded the ram with some random
> > > PC memory they had lying around?
> > >
> > >
> > > Ted Mittelstaedt
> > > tedm@toybox.placo.com Author of:                           The FreeBSD
> > > Corporate Networker's Guide Book website:
> > > http://www.freebsd-corp-net-guide.com
>
> --
> --
> Chip W.
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010902234540.I17519-100000>