Date: Fri, 6 Jul 2001 12:59:25 -0500 From: "Mark Kobussen" <kobes@usermail.com> To: <freebsd-questions@freebsd.org> Subject: IPFW/NATD or Cable Modem Trouble?? Message-ID: <004001c10645$64f25e00$0201a8c0@goldenrod.net>
next in thread | raw e-mail | index | archive | help
I'm having some problems with my cable modem service, and I have yet to
figure out whether it is caused by my incompetence with UNIX, or
questionable service.
Here's the Problem:
My cable service dies probably every 30 minutes of internet usage. Up until
this point, the remedy is usually to cycle the power to the cable modem, at
which time I'm able to access the internet again. The one thing that
confuses me, is that at the same time the cable modem stops responding, I
can no longer telnet into the FreeBSD box - it just won't respond. The
FreeBSD machine just runs the whole time, without any error messages
whatsoever.
I will mention that as I was writing this, I could no longer access the
FreeBSD machine. Approximately 5-10 minutes later it began responding again,
without me power cycling the cable modem.
Here's the information:
Cable Modem: 3com Sharkfin
FreeBSD 4.3, using NATD/IPFW for gateway functions
2 LinkSys Ether16 ISA 10BaseT NIC's
ed1 is connected to the hub
ed2 is connected to the cable modem
----- Pertinent rc.conf Information
gateway_enable="YES"
hostname="marlborough "
ifconfig_ed1="inet 192.168.1.1 netmask 255.255.255.0"
ifconfig_ed2="DHCP"
inetd_enable="YES"
kern_securelevel_enable="NO"
linux_enable="YES"
moused_enable="YES"
sendmail_enable="YES"
gateway_enable="YES"
sshd_enable="YES"
portmap_enable="YES"
firewall_enable="YES"
firewall_script="/etc/firewall/fwrules"
natd_enable="YES"
natd_flags="-dynamic"
natd_interface="ed2"
----- Now follows is /etc/firewall/fwrules
/sbin/ipfw -f flush
/sbin/ipfw add 1000 pass all from 127.0.0.1 to 127.0.0.1
/sbin/ipfw add 2000 divert natd all from any to any via ed2
/sbin/ipfw add 6500 pass all from any to any
----- Important ifconfig information; ed2 inet address has been changed
ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::240:5ff:fe6f:b0d4%ed1 prefixlen 64 scopeid 0x2
ether 00:40:05:6f:b0:d4
ed2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::240:5ff:fe6e:4ded%ed2 prefixlen 64 scopeid 0x3
inet 11.22.33.114 netmask 0xfffff800 broadcast 255.255.255.255
ether 00:40:05:6e:4d:ed
----- Crucial netstat -nr; some names changed to protect the innocent
Internet:
Destination Gateway Flags Refs Use
Netif Expire
default 11.22.33.1 UGSc 4 30356
ed2
11.22.33/21 link#3 UC 0 0
ed2 =>
127.0.0.1 127.0.0.1 UH 0 0
lo0
192.168.1 link#2 UC 0 0
ed1 =>
----- Finally, ipfw -at list
01000 0 0 allow ip from 127.0.0.1 to 127.0.0.1
02000 36196 21882514 Thu Jul 5 23:24:33 2001 divert 8668 ip from any to any
via ed2
06500 80257 46277217 Thu Jul 5 23:26:37 2001 allow ip from any to any
65535 1 345 Thu Jul 5 17:14:47 2001 deny ip from any to any
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004001c10645$64f25e00$0201a8c0>