Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 19 Apr 1999 07:23:51 +1000
From:      Stanley.Hopcroft@ipaustralia.gov.au
To:        freebsd-isp@freebsd.org
Subject:   NATD and packet fragmentation: fragments are not re-assembled or delivered ?
Message-ID:  <4A256757.00759ECE.00@noteshub01.aipo.gov.au>

next in thread | raw e-mail | index | archive | help
Dear Ladies and Gentlemen,

I am writing to ask your help with NATD. The topology is


|
|-------------------------------<FreeBSD 2.2.8 STABLE >   ...intranet .. ours
and other admin ... Mainframe
|              ed1       ed0
|
LAN 199.19.99.0/24

The FreeBSD host runs the ports collection copy of gated  (3.5.7 ?) and is
configured as a router, advertising to other OSPF routers the link to the
199.19.99.0 LAN. The router's interfaces are two ISA ethernet NICs using the ed
driver.

Because the outsourced mainframe is under others administration (CSC Australia)
and it does not run a routing protocol, and I was too stupid to pick a network
it had routes for, I had hoped to use natd to have mainframe traffic from the
199.19.99.0 LAN appear as from the routers ed0 interface (a host for which the
mainframe did have routes for).

THis would have saved me 'fessing up my stupidity and waiting on CSC to get
their end right.

The natd ipfw config on the FreeBSD router is

ipfw divert natd all from any to any
ipfw allow ip from any to any
natd -use_sockets -same_ports -interface ed0

This allows 199.19.99.0 LAN hosts to open tn3270 or ftp sessions with the
mainframe.

Unfortunately it does *not* reliably transport the data between the mainframe
and the LAN.

The tn3270 sessions and ftp data sessions hang intermittently.

A tcpdump on the router shows that packets from the mainframe (which is via a
frame-relay WAN)

. are bigger than 500 bytes
. are fragmented by some intervening router into two 1480 byte packets (probably
the FreeBSD router given the size of the fragments)
. are not acknowleged by  the 199.19.99.0 end-system

The 199.19.99.0 end-system keeps acking earlier byte-ranges, the mainframe
resends the packet (which appears as new fragements) until the end-system resets
the connection.

When I change the LAN (and router) to an address the mainframe can route to, and
stop using natd, all is well.

In particular, the packets from the mainframe

. not fragmented
. are about 500 bytes

Your suggestions will, as always, be gratefully received.

Thank you,

Yours sincerely

S Hopcroft

-- not part of the list but I can read the archives --





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A256757.00759ECE.00>