From owner-freebsd-net@FreeBSD.ORG  Sun Feb 12 12:51:34 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: net@freebsd.org
Delivered-To: freebsd-net@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1A2F816A420
	for <net@freebsd.org>; Sun, 12 Feb 2006 12:51:34 +0000 (GMT)
	(envelope-from b.candler@pobox.com)
Received: from thorn.pobox.com (thorn.pobox.com [208.210.124.75])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CBBF143D70
	for <net@freebsd.org>; Sun, 12 Feb 2006 12:51:28 +0000 (GMT)
	(envelope-from b.candler@pobox.com)
Received: from thorn (localhost [127.0.0.1])
	by thorn.pobox.com (Postfix) with ESMTP id 90331D9;
	Sun, 12 Feb 2006 07:51:49 -0500 (EST)
Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com
	[212.74.113.67])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by thorn.sasl.smtp.pobox.com (Postfix) with ESMTP id 30E8CCE42;
	Sun, 12 Feb 2006 07:51:48 -0500 (EST)
Received: from lists by mappit.local.linnet.org with local (Exim 4.60
	(FreeBSD)) (envelope-from <b.candler@pobox.com>)
	id 1F8GhI-0005J6-VM; Sun, 12 Feb 2006 12:51:24 +0000
Date: Sun, 12 Feb 2006 12:51:24 +0000
From: Brian Candler <B.Candler@pobox.com>
To: GiZmen <gizmen@zion.vsip.pl>
Message-ID: <20060212125124.GA20369@uk.tiscali.com>
References: <20060211163533.GA87353@blurp.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20060211163533.GA87353@blurp.pl>
User-Agent: Mutt/1.4.2.1i
Cc: net@freebsd.org
Subject: Re: fastforward problem
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Feb 2006 12:51:34 -0000

On Sat, Feb 11, 2006 at 05:35:33PM +0100, GiZmen wrote:
> I would like to use fastforward option on my freebsd 6.0-stable
> box. But i have strange problem with it. My box is a router for LAN
> with IP visible to internet. I am managinc C class network.
> When i turn on fastforward option any of the computers in my network
> can't open google.com page. This option is quite good because i have
> quite a lot interrupts and this option lower this about half.
> Could anyone tell me why i can't open google.com page ?
> I have tested different pages and i don't have such problem only with
> google.

Just saying "I can't see google.com" is not a good diagnosis of the problem.
If it's your job to manage a router, then you need to be able to do lower-
level tests to isolate the problem.

Check each of the components in turn:

(1) can my client resolve google.com in the DNS?

If the client is some sort of Unix then try

$ nslookup google.com

You should see a response such as:

Non-authoritative answer:
Name:   google.com
Address: 72.14.207.99
Name:   google.com
Address: 64.233.187.99
Name:   google.com
Address: 64.233.167.99

(2) can my client ping these addresses? That is, is there layer 3 network
reachability between my network and theirs?

$ ping 72.14.207.99
PING 72.14.207.99 (72.14.207.99): 56 data bytes
64 bytes from 72.14.207.99: icmp_seq=1 ttl=238 time=133.730 ms
64 bytes from 72.14.207.99: icmp_seq=2 ttl=237 time=133.179 ms
64 bytes from 72.14.207.99: icmp_seq=3 ttl=238 time=133.316 ms
64 bytes from 72.14.207.99: icmp_seq=4 ttl=237 time=133.396 ms
^C
--- 72.14.207.99 ping statistics ---
5 packets transmitted, 4 packets received, 20% packet loss
round-trip min/avg/max/stddev = 133.179/133.405/133.730/0.203 ms

(3) what happens when I open a TCP/IP connection to port 80, and manually
fetch a HTTP page?

$ telnet 72.14.207.99 80
Trying 72.14.207.99...
Connected to 72.14.207.99.
Escape character is '^]'.
GET / HTTP/1.0
Host: google.com
                                         <<<<< end with a blank line
HTTP/1.0 301 Moved Permanently
Location: http://www.google.com/
Set-Cookie: PREF=ID=f811e9355f349c08:TM=1139748428:LM=1139748428:S=UhZOEU98p2mnw_H0; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com
Content-Type: text/html
Server: GWS/2.1
Content-Length: 219
Date: Sun, 12 Feb 2006 12:47:08 GMT
Connection: Keep-Alive

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
Connection closed by foreign host.

OK, that's fine. google.com has redirected me to www.google.com. So try the
whole process again with www.google.com instead of google.com

Brian.