From owner-freebsd-questions Sun Sep 2 9:42:43 2001 Delivered-To: freebsd-questions@freebsd.org Received: from shumai.marcuscom.com (rdu57-28-046.nc.rr.com [66.57.28.46]) by hub.freebsd.org (Postfix) with ESMTP id 241E637B406 for ; Sun, 2 Sep 2001 09:42:39 -0700 (PDT) Received: from localhost (marcus@localhost) by shumai.marcuscom.com (8.11.3/8.11.3) with ESMTP id f82GevR69661; Sun, 2 Sep 2001 12:40:57 -0400 (EDT) (envelope-from marcus@marcuscom.com) X-Authentication-Warning: shumai.marcuscom.com: marcus owned process doing -bs Date: Sun, 2 Sep 2001 12:40:57 -0400 (EDT) From: Joe Clarke To: Ted Mittelstaedt Cc: Chip , Subject: RE: replacing a cisco router with a fbsd box In-Reply-To: <009f01c1339d$941264c0$1401a8c0@tedm.placo.com> Message-ID: <20010902123707.Y68847-100000@shumai.marcuscom.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I believe the NAT bug you're referring to has been fixed. However, if you send me some details, I'd be happy to verify for you. Yes, FreeBSD's NAT isn't as feature-rich as Cisco's, but the libalias stuff is easy to add protocol support to. I just added TFTP to the tree, and internal to Cisco, I've added another protocol for IP telephony. As for the crash/hang. Yeah, if it hangs, you're screwed. It's hard to troubleshoot those kind of things if you can't produce any kind of error messages. In those cases, obtaining information regularly like show proc, show proc cpu, show buff, and show log can help. Joe On Sun, 2 Sep 2001, Ted Mittelstaedt wrote: > >-----Original Message----- > >From: owner-freebsd-questions@FreeBSD.ORG > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Joe Clarke > > > >I realize I'm coming in a bit late on this, but I work for Cisco TAC, and > >can say that with the recent Code Red thing, our NAT has seen a lot of > >work. There have been bugs filed to be sure. > > I hope that you fix the one where the Cisco NAT doesen't tear down the > address map as soon as the connection is closed. I saw that one on a 1005 > running early 12.0 code when someone asked us why they could Telnet into a > JetDirect card from the Internet that in reality had a private network number. > Turned out they were telnetting into the overload number on a nat pool on the > 1005. I never did get around to writing that one up because I figured it was > an > obvious hole that would be caught, but if your interested I'll dig up the > particulars. > > Offloading NAT from a > >router with a small amount of RAM will improve packet flow to be sure. In > >fact, if you're experiencing lock-ups, I'd try that. It may help you > >isolate the problem. FreeBSD's NAT is pretty good for most standard > >protocols. I've found it's relatively easy to add support to. > > > > But it doesen't so the DNS trick that you guys do which is very useful. :-( > > >Also, if you do find yourself having to reload, see if you're getting any > >tracebacks. Do a show ver or show stack, and see what you can see. Those > >memory addresses can be useful for tracking down bugs. > > > > He was saying that when the router got hosed that they had to power-cycle > which I take it to mean the device froze. It sounds suspiciously like flakey > hardware to me. Maybe someone upgraded the ram with some random PC memory > they had lying around? > > > Ted Mittelstaedt tedm@toybox.placo.com > Author of: The FreeBSD Corporate Networker's Guide > Book website: http://www.freebsd-corp-net-guide.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message