Date: Mon, 9 Oct 2000 21:45:58 -0500 (CDT) From: Gene Harris <zeus@tetronsoftware.com> To: Doug Poland <doug@polands.org> Cc: FreeBSD-Questions@FreeBSD.ORG Subject: Re: routing problem, what am I missing!?!?!? Message-ID: <Pine.BSF.4.21.0010092111080.97902-100000@ns1.tetronsoftware.com> In-Reply-To: <NDBBKMNOJKJGAEKJNLIAIEFCELAA.doug@polands.org>
next in thread | previous in thread | raw e-mail | index | archive | help
First, check that forwarding is enabled. Enter the command "sysctl -A | grep forwarding". You should see the following: su-2.03# sysctl -A | grep forwarding net.inet.ip.forwarding: 1 net.inet.ip.fastforwarding: 0 net.inet6.ip6.forwarding: 0 The key value is the first one, ip.forwarding. If this is not 1, then you cannot act as a gateway. You will need to enable forwarding with the command "sysctl -w net.inet.ip.forwarding=1" The promiscuous mode is set when you run tcpdump. I notice you are running routed - you don't need it (an opinion only). When you enable forwarding, you should see a broadcast address like 10.20.255.255 with a "gateway" address of ff:ff:ff:ff:ff:ff in your route table. Hope this helps, Gene On Mon, 9 Oct 2000, Doug Poland wrote: > Hello, > > I'm struggling here trying to get my 4.1.1-RELEASE > box working as a gateway. I've followed the instructions > on http://www.mostgraveconcern.com/freebsd/ipfw.html > exactly and both NICs are functioning on their own > networks. > > The box still appears to not route ip from ed0 (this > NIC talks to my cable modem) to ed1 (on my internal > network). > > When I ping from another fbsd box (10.20.1.134) on my network: > > % ping freebsd.org > > PING freebsd.org (216.136.204.18): 56 data bytes > > > When I run > #natd -v -n ed0 > natd[257]: Aliasing to 24.164.246.248, mtu 1500 bytes > > I see many messages like... > Oct 9 11:02:46 nebo routed[585]: Send bcast sendto > (ed0,255.255.255.255.520): Network is unreachable > > On the console screen I get messages like... > Oct 9 11:44:36 nebo /kernel: ed0: promiscuous mode enabled > > > When I run > #tcpdump -n -i ed0 > I see many, many messages like... > 11:03:23.827471 arp who-has 24.164.245.216 tell 24.164.244.1 > 11:03:23.827578 arp who-has 24.164.244.241 tell 24.164.244.1 > 11:03:23.841950 arp who-has 24.164.244.247 tell 24.164.244.1 > 11:03:23.882579 arp who-has 24.164.247.92 tell 24.164.244.1 > 11:03:23.891482 arp who-has 24.164.247.82 tell 24.164.244.1 > > Using the ping freebsd.org example above, I see this... > 12:06:51.512227 24.164.246.248.1029 > 198.41.0.4.53: 53362 A? > freebsd.org. (29) > 12:06:51.567269 198.41.0.4.53 > 24.164.246.248.1029 53362- > 0/6/6 (259) > 12:06:51.593928 24.164.246.248.1029 > 204.216.27.53: 53503 A? > freebsd.org. (29) > 12:06:51.748317 204.216.3.53 > 24.164.246.248.1029: 53503* > 1/7/7 A 216.136.204.18 (319) > 12:06:51.853579 10.20.1.134 > 216.136.204.18: icmp: echo request > 12:06:51.853623 10.20.1.134 > 216.136.204.18: icmp: echo request > (the above lines repeat until I <ctl> c ping > > ############ ifconfig -a > > ed0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 > inet6 fe80::200:c0ff:fef7:dc9e%ed0 prefixlen 64 scopeid 0x1 > inet 24.164.246.248 netmask 0xfffffc00 broadcast 255.255.255.255 > ether 00:00:c0:f7:dc:9e > ed1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 > inet6 fe80::200:e9ff:fef9:107d%ed1 prefixlen 64 scopeid 0x2 > inet 10.20.1.129 netmask 0xffff0000 broadcast 10.20.255.255 > ether 00:00:e9:f9:10:7d > faith0: flags=8000<MULTICAST> mtu 1500 > gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 > gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 > gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 > gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 > inet6 ::1 prefixlen 128 > inet 127.0.0.1 netmask 0xff000000 > ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 > > ########### ipfw list > > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 65000 allow ip from any to any > 65535 deny ip from any to any > > ########### /etc/rc.conf > > gateway_enable="YES" > nfs_server_enable="YES" > weak_mountd_authentication="YES" > portmap_enabled="YES" > portmap_flags="" > network_interfaces="ed0 lo0 ed1" > ifconfig_ed0="DHCP" > hostname="nebo.new.rr.com" > ntpdate_flags="ncar.ucar.edu" > check_quotas="NO" > ntpdate_enable="YES" > sshd_enable="YES" > local_startup="/usr/local/etc/rc.d" > ifconfig_ed1="inet 10.20.1.129 netmask 255.255.0.0" > firewall_enable="YES" > firewall_script="/etc/rc.firewall" > firewall_type="open" > firewall_quiet="NO" > natd_program="/sbin/natd" > natd_enabled="YES" > natd_interface="ed0" > natd_flags="-f /etc/natd.conf" > > ########### /etc/resolv.conf > > search new.rr.com > nameserver 24.164.225.35 > nameserver 24.164.225.36 > > > ########### /etc/natd.conf > > dynamic yes > use_sockets > same_ports yes > > > ########### netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif > Expire > default 24.164.244.1 UGSc 6 0 ed0 > 10.20/16 link#2 UC 0 0 ed1 => > 10.20.1.128 0:0:c0:5d:35:ec UHLW 0 66 ed1 801 > 10.20.1.130 0:d0:59:1a:33:de UHLW 2 53 ed1 1094 > 24.164.244/22 link#1 UC 0 0 ed0 => > 24.164.244.1 0:1:64:f6:48:54 UHLW 7 0 ed0 1160 > 127.0.0.1 127.0.0.1 UH 1 26 lo0 > > Internet6: > Destination Gateway Flags > Netif Expire > ::1 ::1 UH > lo0 > fe80::%ed0/64 link#1 UC > ed0 > fe80::%ed1/64 link#2 UC > ed1 > fe80::%lo0/64 fe80::1%lo0 Uc > lo0 > ff01::/32 ::1 U > lo0 > ff02::%ed0/32 link#1 UC > ed0 > ff02::%ed1/32 link#2 UC > ed1 > ff02::%lo0/32 fe80::1%lo0 UC > lo0 > > So what am I missing? I'm so close but obviously > I'm missing a key element. Many, many thanks for > you help > > Regards, > Doug > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > Tetron Software, LLC http://www.tetronsoftware.com FreeBSD Apache PostgreSQL Oracle 8/8i Windows 95/98/NT Visual C Visual Basic To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010092111080.97902-100000>