Date: Sat, 31 Oct 1998 21:26:22 -0500 (EST) From: Barrett Richardson <rabtter@aye.net> To: john cooper <john@isi.co.jp> Cc: freebsd-hackers@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG, jabley@clear.co.nz, tfujii@isi.co.jp Subject: Re: Request help with packet forwarding problem [2.2.7].. Message-ID: <Pine.BSF.3.96.981031210727.10320A-100000@phoenix.aye.net> In-Reply-To: <98Nov1.004713jst.21889@ns.isi.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
Look at this route on machine B:
203.214.62 202.214.62.40 UGSc 0 596 vx0
^^^
I think it probably should be
203.168.62 202.214.62.40 UGSc 0 596 vx0
Are you sure you were running the tcpdump on FW and not B? With no route
to 203.168.62 on B, the ISP router and B should have played ping pong
with the echo request until it died.
Also check the netmask on vx0 on FW. It is not showing a 202.214.62/25
route like B is.
On Sun, 1 Nov 1998, john cooper wrote:
>
> > Date: Sat, 31 Oct 1998 23:45:36 +0900
> > From: Joe Abley <jabley@clear.co.nz>
> > To: john cooper <john@isi.co.jp>, freebsd-hackers@FreeBSD.org,
> > freebsd-questions@FreeBSD.org
> > Cc: tfujii@isi.co.jp
> > Subject: Re: Request help with packet forwarding problem [2.2.7]..
> >
> >
> > John,
> >
> > Could you do a "netstat -rn" on A, B and FW, and post the output?
>
> Machine A:
> Routing tables
>
> Internet:
> Destination Gateway Flags Refs Use Netif Expire
> default 203.168.62.35 UGSc 0 21183 ed1
> 127.0.0.1 127.0.0.1 UH 0 7 lo0
> 203.168.62 link#1 UC 0 0
> 203.168.62.35 0:0:f4:4a:ad:e8 UHLW 2 312 ed1 1125
> 203.168.62.58 0:20:18:71:be:2d UHLW 1 26 lo0
>
> Machine FW:
> Routing tables
>
> Internet:
> Destination Gateway Flags Refs Use Netif Expire
> default 202.214.62.33 UGSc 4 530 vx0
> 127.0.0.1 127.0.0.1 UH 0 2 lo0
> 202.214.62 link#1 UC 0 0
> 202.214.62.33 0:a0:de:0:13:76 UHLW 4 0 vx0 15
> 202.214.62.35 0:a0:24:2a:9:24 UHLW 0 34 vx0 795
> 202.214.62.62 link#1 UHLW 1 8266
> 203.168.62 link#2 UC 0 0
> 203.168.62.35 0:0:f4:4a:ad:e8 UHLW 0 8 lo0
> 203.168.62.58 0:20:18:71:be:2d UHLW 0 2 ed0 1197
>
> Machine B:
> Routing tables
>
> Internet:
> Destination Gateway Flags Refs Use Netif Expire
> default 202.214.62.33 UGSc 2 87918 vx0
> 127.0.0.1 127.0.0.1 UH 0 180 lo0
> 202.214.62/25 link#1 UC 0 0
> 202.214.62.33 link#1 UHLW 3 0
> 202.214.62.35 0:a0:24:2a:9:24 UHLW 2 3142 vx0 1101
> 202.214.62.40 0:a0:24:7d:c6:7c UHLW 2 297 vx0 1038
> 202.214.62.62 0:a0:24:7d:c6:43 UHLW 0 0 lo0
> 203.214.62 202.214.62.40 UGSc 0 596 vx0
>
> > Where were you running tcpdump?
>
> On machine FW.
>
> > Were you identifying the gateway for
> > each ICMP request or response by looking at the destination ethernet
> > address?
>
> No, I was referring to /etc/rc.conf: defaultrouter="..."
>
> Thanks for the response,
>
> -john
>
>
> >
> > Joe
> >
> > On Sat, Oct 31, 1998 at 11:06:16PM +0900, john cooper wrote:
> > > I'm trying to get a system configured as a gateway. The
> > > first step [which I thought would be simple] was to simply
> > > forward packets between interfaces:
> > >
> > >
> > > -------
> > > | | default gateway: 203.168.62.35
> > > | A |
> > > | |
> > > -------
> > > | 203.168.62.58 (ed1)
> > > |
> > > | 203.168.62.35 (ed0)
> > > -------
> > > | | default gateway: ISP router
> > > | FW | net.inet.ip.forwarding: 1
> > > | |
> > > -------
> > > | 202.214.62.40 (vx0)
> > > |
> > > -----|-----------------------------> ISP router + DNS server
> > > |
> > > | 202.214.62.62
> > > -------
> > > | | default gateway: ISP router
> > > | B | static route: 202.214.62.40 for net 203.168.62.0
> > > | |
> > > -------
> > >
> > > Using netstat and tcpdump I discovered the following. If I ping
> > > machine B from A, I can see the ICMP packets make this journey:
> > >
> > > ICMP request: A --> FW --> B
> > > ICMP reply: B --> FW --> land of no return
> > >
> > > If I ping machine A from B, I get this:
> > >
> > > ICMP request: B --> FW --> ISP router
> > >
> > > I seems that FW will only forward packets in one direction.
> > > However in the first case it appears the ICMP reply packets
> > > are silently dropped [netstat does not report dropped packets].
> > >
> > > In the second case, FW is actively trying to forward the packets
> > > to the default gateway.
> > >
> > > I'm at a loss to explain why this is occuring. I've enabled
> > > packet forwarding in FW's kernel. Is something else required
> > > to get packets forwarded between network interfaces on the same
> > > machine???
> > >
> > > Incidentally, IPFW is not built into machine FW's kernel.
> > >
> > > Any suggestions would be most appreciated.
> > >
> > > Thanks,
> > >
> > > -john
> >
> > --
> > Joe Abley <jabley@clear.co.nz> Tel +64 9 912-4065, Fax +64 9 912-5008
> > Network Architect, CLEAR Net http://www.clear.net.nz/
> >
> >
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981031210727.10320A-100000>