From owner-freebsd-questions Sun Sep 2 22:17:53 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id D2FFC37B406 for ; Sun, 2 Sep 2001 22:17:47 -0700 (PDT) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f835He700410; Sun, 2 Sep 2001 22:17:40 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Joe Clarke" , "Chip" Cc: Subject: RE: replacing a cisco router with a fbsd box Date: Sun, 2 Sep 2001 22:17:38 -0700 Message-ID: <000401c13437$bfa39920$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 In-Reply-To: <20010902234540.I17519-100000@shumai.marcuscom.com> Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Just be sure that you are running current code or an access list because there were several security holes discovered in Cisco IOS. If you do a "sh hard" or a "sh ver" what is the IOS version? Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: Joe Clarke [mailto:marcus@marcuscom.com] >Sent: Sunday, September 02, 2001 8:47 PM >To: Chip >Cc: Ted Mittelstaedt; freebsd-questions@FreeBSD.ORG >Subject: Re: replacing a cisco router with a fbsd box > > >Telnet is one way of going, but if the router isn't allowing connections, >you'll need to do it from the console. I can also send you a good list of >SNMP objects for polling if you'd like that. > >Joe > >On Sun, 2 Sep 2001, Chip wrote: > >> On Sunday 02 September 2001 09:40, Joe Clarke wrote: >> > I believe the NAT bug you're referring to has been fixed. >However, if you >> > send me some details, I'd be happy to verify for you. >> > >> > Yes, FreeBSD's NAT isn't as feature-rich as Cisco's, but the libalias >> > stuff is easy to add protocol support to. I just added TFTP to the tree, >> > and internal to Cisco, I've added another protocol for IP telephony. >> > >> > As for the crash/hang. Yeah, if it hangs, you're screwed. It's hard to >> > troubleshoot those kind of things if you can't produce any kind of error >> > messages. In those cases, obtaining information regularly like >show proc, >> > show proc cpu, show buff, and show log can help. >> >> Are those run on the router via telnet? >> >> -- >> Chip >> >> > >> > Joe >> > >> > On Sun, 2 Sep 2001, Ted Mittelstaedt wrote: >> > > >-----Original Message----- >> > > >From: owner-freebsd-questions@FreeBSD.ORG >> > > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Joe Clarke >> > > > >> > > >I realize I'm coming in a bit late on this, but I work for Cisco TAC, >> > > > and can say that with the recent Code Red thing, our NAT has >seen a lot >> > > > of work. There have been bugs filed to be sure. >> > > >> > > I hope that you fix the one where the Cisco NAT doesen't tear down the >> > > address map as soon as the connection is closed. I saw that one on a >> > > 1005 running early 12.0 code when someone asked us why they >could Telnet >> > > into a JetDirect card from the Internet that in reality had a private >> > > network number. Turned out they were telnetting into the >overload number >> > > on a nat pool on the 1005. I never did get around to writing >that one up >> > > because I figured it was an >> > > obvious hole that would be caught, but if your interested I'll >dig up the >> > > particulars. >> > > >> > > Offloading NAT from a >> > > >> > > >router with a small amount of RAM will improve packet flow to be sure. >> > > > In fact, if you're experiencing lock-ups, I'd try that. It may help >> > > > you isolate the problem. FreeBSD's NAT is pretty good for most >> > > > standard protocols. I've found it's relatively easy to add >support to. >> > > >> > > But it doesen't so the DNS trick that you guys do which is very useful. >> > > :-( >> > > >> > > >Also, if you do find yourself having to reload, see if you're getting >> > > > any tracebacks. Do a show ver or show stack, and see what >you can see. >> > > > Those memory addresses can be useful for tracking down bugs. >> > > >> > > He was saying that when the router got hosed that they had to >power-cycle >> > > which I take it to mean the device froze. It sounds suspiciously like >> > > flakey hardware to me. Maybe someone upgraded the ram with some random >> > > PC memory they had lying around? >> > > >> > > >> > > Ted Mittelstaedt >> > > tedm@toybox.placo.com Author of: The FreeBSD >> > > Corporate Networker's Guide Book website: >> > > http://www.freebsd-corp-net-guide.com >> >> -- >> -- >> Chip W. >> >> > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message