Date: Sun, 20 Sep 1998 09:04:28 +0200 (MET DST) From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> To: stable@FreeBSD.ORG Cc: spam@distance.net, mike@sentex.net Subject: NATD/IPFW brokennes reports... Message-ID: <199809200704.JAA29811@labinfo.iet.unipi.it>
next in thread | raw e-mail | index | archive | help
There have been some reports on natd/ipfw/fxp not working anymore on
-stable after the dummynet commit:
> > Something is defiantly broke with the latest source regarding NATD and
> >IPFW, I took my old source from Aug 18, 98 and rebuilt my system. NATD /
> >IPFW work fine. I did not have a chance to try any other cards, I just
> >have the Intel 10/100 Etherexpress NIC, I doubt there is a problem with
> >fxp driver though because everything else works fine. If someone has the
...
> I think I am seeing the same problem... A machine I was putting together
> did not come up after I rebuilt it with a new kernel... I did a fresh
I have been trying to reproduce the problem myself, but i think i
am not seeing problems (i don't have access to an "fxp" card though).
Let me say first that this is the first time i used divert myself,
so i might have done something unusual in the configuration. In
any case, this is what i have and it seems to work fine:
The configuration i used is the following
[ prova <ed2>]---------[<de0> rizzo <ed3>]-| rest of the net.
Significant machine config info is the following.
prova:
ed2 is 10.0.0.236/8
default route to 10.0.0.26 (Note 1)
rizzo:
de0 is 10.0.0.26/8
ed3 is 131.114.9.26
net.inet.ip.forwarding=1
net.link.ether.inet.proxyall=0
default route to interface ed3
ipfw add divert natd all from any to any via ed3
natd -v -n ed3
/etc/services contains
natd 6678/divert
/etc/protocols contains
divert 254 DIVERT
Note 1: it seems to be critical thay you set the default route to
the natd box address (i.e. route add default 10.0.0.26)
and NOT to the interface (i.e route add default -interface ed2)
In the second case (seen using tcpdump on "prova") the first
thing that goes out is an arp request for the dest. address,
and that one remains unanswered (maybe setting proxy arp on
the natd box can fix things) because ARP are not IP packets
and are not diverted...
with this setting there appear to be no problems (and as a matter of fact
i am working through this natd machine at the moment).
So... i don't know what to say: the above pretty much confines the
problem (if any) to the if_fxp driver, or to the ARP handling (i
did have a small change to that as well but it goes in only if you
have "option BRIDGE" in your kernel config), or to some difference
in configuration between what i use and what other people has...
I suggest people interested in tracking the problem to check with
tcpdump on the unregistered segment what really goes onto the wire.
Also, if possible, try the same config with an "fxp" and another (e.g.
"ed" or "de") card to help identifying if the problem is card-related.
thanks
luigi
-----------------------------+--------------------------------------
Luigi Rizzo | Dip. di Ingegneria dell'Informazione
email: luigi@iet.unipi.it | Universita' di Pisa
tel: +39-50-568533 | via Diotisalvi 2, 56126 PISA (Italy)
fax: +39-50-568522 | http://www.iet.unipi.it/~luigi/
_____________________________|______________________________________
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809200704.JAA29811>