From owner-freebsd-hackers Sat Oct 31 06:46:16 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA02324 for freebsd-hackers-outgoing; Sat, 31 Oct 1998 06:46:16 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from fep2-orange.clear.net.nz (fep2-orange.clear.net.nz [203.97.32.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA02308; Sat, 31 Oct 1998 06:46:10 -0800 (PST) (envelope-from jabley@buddha.clear.net.nz) Received: from buddha.clear.net.nz (buddha.clear.net.nz [192.168.24.106]) by fep2-orange.clear.net.nz (1.5/1.9) with ESMTP id DAA16686; Sun, 1 Nov 1998 03:45:40 +1300 (NZDT) Received: (from jabley@localhost) by buddha.clear.net.nz (8.9.1/8.9.1) id DAA16290; Sun, 1 Nov 1998 03:45:37 +1300 (NZDT) Message-ID: <19981101034536.B16248@clear.co.nz> Date: Sun, 1 Nov 1998 03:45:36 +1300 From: Joe Abley To: john cooper , freebsd-hackers@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Cc: tfujii@isi.co.jp Subject: Re: Request help with packet forwarding problem [2.2.7].. References: <98Oct31.231201jst.21889@ns.isi.co.jp> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <98Oct31.231201jst.21889@ns.isi.co.jp>; from john cooper on Sat, Oct 31, 1998 at 11:06:16PM +0900 X-Files: the Truth is Out There Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG John, Could you do a "netstat -rn" on A, B and FW, and post the output? Where were you running tcpdump? Were you identifying the gateway for each ICMP request or response by looking at the destination ethernet address? Joe On Sat, Oct 31, 1998 at 11:06:16PM +0900, john cooper wrote: > I'm trying to get a system configured as a gateway. The > first step [which I thought would be simple] was to simply > forward packets between interfaces: > > > ------- > | | default gateway: 203.168.62.35 > | A | > | | > ------- > | 203.168.62.58 (ed1) > | > | 203.168.62.35 (ed0) > ------- > | | default gateway: ISP router > | FW | net.inet.ip.forwarding: 1 > | | > ------- > | 202.214.62.40 (vx0) > | > -----|-----------------------------> ISP router + DNS server > | > | 202.214.62.62 > ------- > | | default gateway: ISP router > | B | static route: 202.214.62.40 for net 203.168.62.0 > | | > ------- > > Using netstat and tcpdump I discovered the following. If I ping > machine B from A, I can see the ICMP packets make this journey: > > ICMP request: A --> FW --> B > ICMP reply: B --> FW --> land of no return > > If I ping machine A from B, I get this: > > ICMP request: B --> FW --> ISP router > > I seems that FW will only forward packets in one direction. > However in the first case it appears the ICMP reply packets > are silently dropped [netstat does not report dropped packets]. > > In the second case, FW is actively trying to forward the packets > to the default gateway. > > I'm at a loss to explain why this is occuring. I've enabled > packet forwarding in FW's kernel. Is something else required > to get packets forwarded between network interfaces on the same > machine??? > > Incidentally, IPFW is not built into machine FW's kernel. > > Any suggestions would be most appreciated. > > Thanks, > > -john -- Joe Abley Tel +64 9 912-4065, Fax +64 9 912-5008 Network Architect, CLEAR Net http://www.clear.net.nz/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message