Date: Mon, 6 Aug 2001 10:49:48 -0700 From: Eric Wanner <ewanner@gpwa.com> To: "'questions@freebsd.org'" <questions@freebsd.org> Subject: Strange problem with natd Message-ID: <55F9FDB5F54DD211B2E000A0C9D849F31FDD1E@GPWANT1>
next in thread | raw e-mail | index | archive | help
I set up my freebsd-4.3-RELEASE machine with the following kernel entries options IPFIREWALL options IPDIVERT options IPFIREWALL_FORWARD IPv6 options were also enabled if this makes a difference. They have now been removed so the problem can be narrowed and for the sake of simplicity. I setup rc.conf with natd enabled and the interface set to xl1 (my external interface). My firewall rules were as follows: /sbin/ipfw add 00025 allow ip from 10.10.10.0/24 to 10.10.10.0/24 recv xl0 /sbin/ipfw add 00050 divert 8668 ip from any to any via xl1 /sbin/ipfw add 00100 deny tcp from any to any 8081 recv xl1 (for proxy) /sbin/ipfw add 00200 deny udp from any to any 514 recv xl1 (to block external syslog) (the 2 rules direcly above may not have been #ed exactly like that, as I've since removed them) /sbin/ipfw add 10000 allow ip from any to any There was no natd.conf file (in rc.conf natd was enabled and the interface was set to xl1). My route table is as follows: Internet: Destination Gateway Flags Refs Use Netif Expire default 63.226.21.94 UGSc 1 0 xl1 10.10.10/24 link#1 UC 0 0 xl0 => 63.226.21.88/29 link#2 UC 0 0 xl1 => 127.0.0.1 127.0.0.1 UH 1 406 lo0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%xl0/64 link#1 UC xl0 fe80::%xl1/64 link#2 UC xl1 fe80::%lo0/64 fe80::1%lo0 Uc lo0 ff01::/32 ::1 U lo0 ff02::%xl0/32 link#1 UC xl0 ff02::%xl1/32 link#2 UC xl1 ff02::%lo0/32 fe80::1%lo0 UC lo0 Everything works great, until I go home and the middle of the night hits, at which point the machine will stop passing traffic (well, it wasn't the middle of the night the second time it happened, it was Sunday morning). I can ping the internal interface, but cannot get out from the machine. I get the following errors for natd in my /var/log/messages: Aug 6 06:16:48 newlink natd[161]: failed to write packet back (No route to host) Aug 6 06:17:04 newlink last message repeated 6 times Aug 6 06:19:19 newlink last message repeated 118 times Aug 6 06:29:12 newlink last message repeated 743 times Aug 6 06:39:17 newlink last message repeated 419 times Aug 6 06:49:07 newlink last message repeated 747 times Aug 6 06:58:46 newlink last message repeated 280 times Aug 6 07:06:47 newlink last message repeated 292 times Aug 6 07:19:21 newlink last message repeated 102 times Aug 6 07:29:15 newlink last message repeated 362 times Aug 6 07:39:23 newlink last message repeated 61 times Aug 6 07:48:42 newlink last message repeated 149 times Aug 6 07:57:39 newlink last message repeated 165 times Aug 6 08:08:51 newlink last message repeated 404 times Aug 6 08:14:11 newlink last message repeated 49 times And so on... The route tables seem to be intact (although I do not have a netstat -rn to paste from when it was messing up). The funny thing is that I rebooted the machine the first time that it happened and it did not fix anything. I even reset the uplink equip. (a cisco 675 dsl router), thinking it may have been some weird arp problem because I swapped the old box for this one (an old p100 linux box). This did not solve the problem either. The problem WAS fixed by removing routes and readding them (I believe, I did so much stuff Im really not sure exactly what solved it). The machine is not heavily loaded, in fact probably has no nat traffic at all during the times it quits passing traffic. The only data it is passing in the middle of the night is probably email. (MX points to that machine's external interface, sendmail mailertable points it to the internal exchange machine). Squid was running, so was apache, and bind9 (although I doubt they make a difference, especially because none of them should have even been being accessed). The machine is a dell, with an 815(e I believe) chipset, with 2 3c590s(one with wake on lan, which is not enabled). The machine's external interface is in an 8ip subnet, with the cisco 675 it is uplinked to as the last IP (.94). The only other IP used is for this machine. They are hardwired (no hub/switch inbetween). The linux box has been running for years w/o doing anything like this, so I'd guess it's not a problem with any other equiptment. Any ideas? This is driving me insane. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55F9FDB5F54DD211B2E000A0C9D849F31FDD1E>