Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Apr 2002 19:59:12 -0700
From:      "Drew Tomlinson" <drew@mykitchentable.net>
To:        <questions@freebsd.org>
Subject:   Re: Can't Get Gateway To Forward Packets -- SOLVED!!!
Message-ID:  <005301c1e4f2$b0132db0$0301a8c0@bigdaddy>
next in thread | raw e-mail | index | archive | help 
I almost sent the note below but by typing every step as I did it, it
made me think out each step in a logical manner.  I finally figured
out that my gateway *WAS* passing packets but my 3Com router was not
returning them.  Adding a route to 192.168.1.0 using 192.168.10.2 as a
gateway on the 3Com solved the problem.  I've included the note below
in the hope that it might help someone else troubleshoot a similar
problem in the future.

Drew

-------------------------------------
I'm continuing my attempt to resolve the problem I'm having with my
FBSD gateway.  I'm using ipfw to log my traffic and see if I can
determine anything.  I'd appreciate *any* comments even if they're
only to say that my methods are sound and my findings/conclusions are
correct.  I'm *REALLY* stuck here and could use the help.  :)

Here's my network config:

                  ISP
                   |
                   | Public DHCP address
                   |
           3Com ADSL Modem/Router
           (Router performs NAT)
                   | (192.168.10.1)
                   |
                   |
                   | (ed1 192.168.10.2)
              FBSD Gateway
                   | (ed0 192.168.1.2)
                   |
                   |
              Internal LAN
                   |
                   |
                   | 192.168.1.3
         Win 2K Box I am testing from.

FBSD Gateway network config and routes:
blacksheep# ifconfig
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
        ether 00:40:05:66:b2:55
ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.10.2 netmask 0xffffff00 broadcast 192.168.10.255
        ether 00:40:05:66:b2:52
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000

blacksheep# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif
Expire
default            192.168.10.1       UGSc        2     7440    ed1
127.0.0.1          127.0.0.1          UH          3    27420    lo0
192.168.1          link#2             UC          3        0    ed0
192.168.1.2        0:40:5:66:b2:55    UHLW        0        2    lo0
192.168.1.3        0:a0:cc:5d:c3:70   UHLW        4     3864    ed0
1169
192.168.10         link#3             UC          2        0    ed1
192.168.10.1       0:c0:49:27:b2:b    UHLW        4     1111    ed1
1111
192.168.10.2       0:40:5:66:b2:52    UHLW        0       68    lo0


Win 2K network config:
IP Address. . . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.2

Active Routes:
Network Destination        Netmask          Gateway       Interface
Metric
          0.0.0.0          0.0.0.0      192.168.1.2     192.168.1.3
1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1
1
      192.168.1.0    255.255.255.0      192.168.1.3     192.168.1.3
1
      192.168.1.3  255.255.255.255        127.0.0.1       127.0.0.1
1
    192.168.1.255  255.255.255.255      192.168.1.3     192.168.1.3
1
        224.0.0.0        224.0.0.0      192.168.1.3     192.168.1.3
1
  255.255.255.255  255.255.255.255      192.168.1.3     192.168.1.3
1
Default Gateway:       192.168.1.2

For review from my previous message, here's what I know.  The gateway
can access the Internet.  Machines on the internal LAN can ping ed0
(1.2) and ed1 (10.2).  However they can not ping the 3Com (10.1) and
thus, can not access the Internet.  So I conclude that packets are not
being passed from ed0 to ed1 on the gateway, correct?

I set the following log options from ipfw on the gateway.  My attempt
is to see where the packets are being lost.  My goal here is to see
all ICMP traffic.  Here's the rule:

blacksheep# ipfw show
00100    140    10800 allow log icmp from any to any
65535 146722 45418124 allow ip from any to any

Is this correct?

Now with these rules in place, I monitor /var/log/security while I
attempt to ping.  I try to ping 192.168.10.1 from the Win 2K box.  I
get these entries in the ipfw log:

Apr 15 19:40:31 blacksheep /kernel: ipfw: 100 Accept ICMP:8.0
192.168.1.3 192.168.10.1 in via ed0
Apr 15 19:40:31 blacksheep /kernel: ipfw: 100 Accept ICMP:8.0
192.168.1.3 192.168.10.1 out via ed1

So I conclude that packets *ARE* passing through the gateway but I
don't understand why they aren't coming in. I'm stuck and don't know
what else to try.

Even comments confirming my finding, methods, etc. would at least let
me know that I'm not missing something obvious.  Like I said in my
first note, I used to have this working until the machine locked up a
few times and I couldn't shutdown properly causing me to suspect a
corrupt file.  But I've rebuilt my world and kernel.  Shouldn't this
remove the possibility of corrupt files?  If not, I will rebuild from
scratch but don't want to do that unless it's my last possibility.

Thanks for any comments,

Drew


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005301c1e4f2$b0132db0$0301a8c0>