Date: Fri, 16 Aug 2002 09:27:36 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: "Philip J. Koenig" <pjklist@ekahuna.com> Cc: questions@FreeBSD.ORG Subject: Re: IPF/routing question Message-ID: <20020816082736.GB13784@happy-idiot-talk.infracaninophi>
next in thread | raw e-mail | index | archive | help
On Thu, Aug 15, 2002 at 09:00:42PM -0700, Philip J. Koenig wrote:
> The router has been configured with a default route pointing to its
> external interface, and connectivity works fine from the router to
> the internet. A static route has been configured to get to
> 2.2.2.0/24 via 10.1.1.2.
Sounds good to me.
> Started out on the BSD box configuring the default gateway in rc.conf
> as 10.1.1.1, but that didn't seem to help. rc.conf contains a
> "gateway enable" statement.
Ditto. That should work fine...
> Tried the following variations, but the route either doesn't show up
> as expected in the routing table, or the machine locks-up trying to
> display the routing table. (netstat -r)
When you say 'the machine locks up' I hope you mean nothing more than
the 'netstat -r' command hanging, and not that the whole machine freezes.
If it's the former, you're probably being bitten by DNS latency. Try
'netstat -rn' to avoid getting the DNS involved. If it's the latter,
then your machine is very sick and probably in need of extreme
unction.
> route add default 10.1.1.1
> route add 0.0.0.0 10.1.1.1
> route add -interface default 10.1.1.1
> (can't figure out from the manpage exactly what the -interface
> command actually does, or if it needs add'l arguments, but it appears
> to help prevent the machine from locking up while displaying the
> routing table)
The first two versions are correct, and equivalent. The last version
isn't --- it says (effectively) that the 0.0.0.0/0 network is directly
accessible through the machines' network interface with address
10.1.1.1. That can't work, as 10.1.1.1 isn't an interface on the
machine in question, and the network it plugs into is rather less
generic than 0.0.0.0/0 The reason it stops the netstat command hanging
is that it causes DNS lookups to fail immediately.
Generally, you almost never need to specify interface routes yourself:
ifconfig(8) does it for you automatically.
> I can ping 10.1.1.2 and 1.1.1.2 from the FreeBSD box, but not beyond,
> so I assume this is a default route problem.
Do you have the ability to run tcpdump or the equivalent on the
router? My guess is that your routing setup is OK, and that if you
tried to ping a site on the internet you would see your packets going
outwards to your ISP. However, I guess that your ISP doesn't have a
route back to your 2.2.2.0/24 network, so you won't be getting any
reply packets.
You can test that by trying to traceroute to 2.2.2.1 from some other
place on the net --- if the packets get as far as your router, then
the problem is with your system. If not, complain to your ISP.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
Tel: +44 1628 476614 Marlow
Fax: +44 0870 0522645 Bucks., SL7 1TH UK
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020816082736.GB13784>