From owner-freebsd-questions  Sat Oct 31 07:48:19 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA09808
          for freebsd-questions-outgoing; Sat, 31 Oct 1998 07:48:19 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from isi.co.jp (ns [202.214.62.35] (may be forged))
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA09792;
          Sat, 31 Oct 1998 07:48:16 -0800 (PST)
          (envelope-from john@isi.co.jp)
Received: by ns.isi.co.jp id <21889>; Sun, 1 Nov 1998 00:47:13 +0900
Date: Sun, 1 Nov 1998 00:41:23 +0900
From: john cooper <john@isi.co.jp>
To: freebsd-hackers@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG,
        jabley@clear.co.nz, john@isi.co.jp
Subject: Re: Request help with packet forwarding problem [2.2.7]..
Cc: tfujii@isi.co.jp
Message-Id: <98Nov1.004713jst.21889@ns.isi.co.jp>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


> Date: Sat, 31 Oct 1998 23:45:36 +0900
> From: Joe Abley <jabley@clear.co.nz>
> To: john cooper <john@isi.co.jp>, freebsd-hackers@FreeBSD.org,
>         freebsd-questions@FreeBSD.org
> Cc: tfujii@isi.co.jp
> Subject: Re: Request help with packet forwarding problem [2.2.7]..
> 
> 
> John,
> 
> Could you do a "netstat -rn" on A, B and FW, and post the output?

Machine A:
Routing tables

Internet:
Destination        Gateway            Flags     Refs     Use     Netif Expire
default            203.168.62.35      UGSc        0    21183       ed1
127.0.0.1          127.0.0.1          UH          0        7       lo0
203.168.62         link#1             UC          0        0 
203.168.62.35      0:0:f4:4a:ad:e8    UHLW        2      312       ed1   1125
203.168.62.58      0:20:18:71:be:2d   UHLW        1       26       lo0

Machine FW:
Routing tables

Internet:
Destination        Gateway            Flags     Refs     Use     Netif Expire
default            202.214.62.33      UGSc        4      530       vx0
127.0.0.1          127.0.0.1          UH          0        2       lo0
202.214.62         link#1             UC          0        0 
202.214.62.33      0:a0:de:0:13:76    UHLW        4        0       vx0     15
202.214.62.35      0:a0:24:2a:9:24    UHLW        0       34       vx0    795
202.214.62.62      link#1             UHLW        1     8266 
203.168.62         link#2             UC          0        0 
203.168.62.35      0:0:f4:4a:ad:e8    UHLW        0        8       lo0
203.168.62.58      0:20:18:71:be:2d   UHLW        0        2       ed0   1197

Machine B:
Routing tables

Internet:
Destination        Gateway            Flags     Refs     Use     Netif Expire
default            202.214.62.33      UGSc        2    87918       vx0
127.0.0.1          127.0.0.1          UH          0      180       lo0
202.214.62/25      link#1             UC          0        0 
202.214.62.33      link#1             UHLW        3        0 
202.214.62.35      0:a0:24:2a:9:24    UHLW        2     3142       vx0   1101
202.214.62.40      0:a0:24:7d:c6:7c   UHLW        2      297       vx0   1038
202.214.62.62      0:a0:24:7d:c6:43   UHLW        0        0       lo0
203.214.62         202.214.62.40      UGSc        0      596       vx0

> Where were you running tcpdump?

On machine FW.

> Were you identifying the gateway for
> each ICMP request or response by looking at the destination ethernet
> address?

No, I was referring to /etc/rc.conf: defaultrouter="..."

Thanks for the response,

-john


> 
> Joe
> 
> On Sat, Oct 31, 1998 at 11:06:16PM +0900, john cooper wrote:
> >     I'm trying to get a system configured as a gateway.  The
> > first step [which I thought would be simple] was to simply
> > forward packets between interfaces:
> > 
> > 
> >          -------
> >          |     | default gateway: 203.168.62.35
> >          |  A  |
> >          |     |
> >          -------
> >             | 203.168.62.58 (ed1)
> >             |
> >             | 203.168.62.35 (ed0)
> >          -------
> >          |     | default gateway: ISP router
> >          | FW  | net.inet.ip.forwarding: 1
> >          |     |
> >          -------
> >             | 202.214.62.40 (vx0)
> >             |
> >        -----|-----------------------------> ISP router + DNS server
> >             |
> >             | 202.214.62.62
> >          -------
> >          |     | default gateway: ISP router
> >          |  B  | static route: 202.214.62.40 for net 203.168.62.0
> >          |     |
> >          -------
> > 
> > Using netstat and tcpdump I discovered the following.  If I ping
> > machine B from A, I can see the ICMP packets make this journey:
> > 
> >     ICMP request:  A --> FW --> B    
> >     ICMP reply:    B --> FW --> land of no return
> > 
> > If I ping machine A from B, I get this:
> > 
> >     ICMP request:  B --> FW --> ISP router
> > 
> > I seems that FW will only forward packets in one direction.
> > However in the first case it appears the ICMP reply packets
> > are silently dropped [netstat does not report dropped packets].
> > 
> > In the second case, FW is actively trying to forward the packets
> > to the default gateway.
> > 
> > I'm at a loss to explain why this is occuring.  I've enabled
> > packet forwarding in FW's kernel.  Is something else required
> > to get packets forwarded between network interfaces on the same
> > machine???
> > 
> > Incidentally, IPFW is not built into machine FW's kernel.
> > 
> > Any suggestions would be most appreciated.
> > 
> > Thanks,
> > 
> > -john
> 
> -- 
> Joe Abley <jabley@clear.co.nz>      Tel +64 9 912-4065, Fax +64 9 912-5008
> Network Architect, CLEAR Net                      http://www.clear.net.nz/
> 
> 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message