Date: Tue, 14 Sep 1999 10:22:11 -0700 From: elazich@AlaskaAir.com To: elazich@AlaskaAir.com Cc: ru@ucb.crimea.ua, freebsd-questions@FreeBSD.ORG Subject: Re: IPFW & NATD Message-ID: <msg1223309.thr-894a72.4c526e@alaskaair.com> References: <msg1219643.thr-894a72.4c526e@alaskaair.com> <19990913210504.D88685@relay.ucb.crimea.ua> <msg1220105.thr-894a72.4c526e@alaskaair.com> <19990913212704.A98610@relay.ucb.crimea.ua> <msg1220314.thr-894a72.4c526e@alaskaair.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This morning I checked my arp table and find the following just after I have pinged (or do you say pung, proper english would seem to dictate the latter) 10.0.0.2 on my internal subnet; capricorn# arp -a ? (10.0.0.2) at (incomplete) static-134-129.dsl.cnw.net (207.149.134.129) at 0:0:c:6a:78:c ns1.loopback.com (207.149.134.143) at 0:80:29:68:52:c4 permanent capricorn# I also noticed in te results of a "dmesg" that 10.0.0.2 had resolved to a NIC card which I don't see on my local network, the actual message was something to the effect that the physical address for 10.0.0.2 was resolved by lnc1 (which is my ecternal NIC). Again, the other clients on my internal net can ping each other fine but my firewall box cannot ping or be pinged by the internal clients save for pinging itself. This appears to be HW address related but I'm not sure why, can anyone shed some light on this? My IPFW ruleset again is; >capricorn# ipfw sho >00100 9001 2506073 divert 8668 ip from any to any via lnc1 >00200 12293 2895085 allow ip from any to any >65535 45 7436 deny ip from any to any >capricorn# and my ifconfig output is; >capricorn# ifconfig -a >vx0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 > ether 00:a0:24:bd:f8:af >lnc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 207.149.134.143 netmask 0xffffffe0 broadcast >207.149.134.159 > ether 00:80:29:68:52:c4 >lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 >tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 >sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 >ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 >lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > inet 127.0.0.1 netmask 0xff000000 >capricorn# Any help is greatly appreciated. Eli elazich@AlaskaAir.com writes: >See below for tcpdump out put, I also included a capture of general >traffic, youoo can see 10.0.0.2 <-> 10.0.0.6 (which is the print >server) quite a bit. >Eli >ru@ucb.crimea.ua writes: >>On Mon, Sep 13, 1999 at 11:11:45AM -0700, elazich@AlaskaAir.com wrote: >>> Here is a copy of netstat -rn output, thanks for your help. >>> >>> >capricorn# netstat -rn >>> >Routing tables >>> >>> >Internet: >>> >Destination Gateway Flags Refs Use >>Netif >>> >Expire >>> >default 207.149.134.129 UGSc 48 65116 >lnc1 >>> >10/24 link#1 UC 0 0 >vx0 >>> >10.0.0.1 0:a0:24:bd:f8:af UHLW 0 10 >lo0 >>> >10.0.0.3 0:0:1b:4a:9e:35 UHLS 0 28 >vx0 >>> >10.0.0.4 0:0:c:3e:1f:d1 UHLW 0 18 >>vx0 >>> >1106 >>> >127.0.0.1 127.0.0.1 UH 0 24 >lo0 >>> >207.149.134.128/27 link#2 UC 0 0 >lnc1 >>> >207.149.134.129 0:0:c:6a:78:c UHLW 47 0 >>lnc1 >>> > 587 >>> >207.149.134.143 0:80:29:68:52:c4 UHLW 1 467 >lo0 >>> >capricorn# >>> >>> Eli >>> >>> ru@ucb.crimea.ua writes: >>> >On Mon, Sep 13, 1999 at 10:01:40AM -0700, elazich@AlaskaAir.com >>wrote: >>> >> I have a FBSD box with 2 NICs (vx0 and lnc1) which I am running >>ipfw >>> >> and natd on. vx0 is on my internal net using a 10 block address >>and >>> >> lnc1 is on my external connection. I had compiled in support for >>IPFW >>> >> in the kernel and run natd -interface lnc1. My IPFW rules look >>like >>> >> this, >>> >> >>> >> capricorn# ipfw -a l >>> >> 00100 82838 9639926 divert 8668 ip from any to any via lnc1 >>> >> 00200 84517 9917180 allow ip from any to any >>> >> 65535 16 1696 deny ip from any to any >>> >> capricorn# >>> >> >>> >> Output of ifconfig -a is; >>> >> >>> >> capricorn# ifconfig -a >>> >> vx0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 >>> >> inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 >>> >> ether 00:a0:24:bd:f8:af >>> >> >>> >netmask on this interface is set for Class C network. Is this >>> >intentional? >>> >>> >> lnc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 >>> >> inet 207.149.134.143 netmask 0xffffffe0 broadcast >>> >> 207.149.134.159 >>> >> ether 00:80:29:68:52:c4 >>> >> lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 >>> >> tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 >>> >> sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 >>> >> ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 >>> >> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 >>> >> inet 127.0.0.1 netmask 0xff000000 >>> >> capricorn# >>> >> >>> >> I run natd -interface lnc1, this was all working fine for quite >>some >>> >> time but now I cannot seem to even ping anything on my loal >network >>> >> from the firewall box. Any other machine on my 10 net can talk to >>> >each >>> >> other (but they cannot reach the firewall), and what's even >>starnger >>> >is >>> >> that when I run tcpdump on my firewall it picks up traffic on the >>10 >>> >> network. Does anyone know what is going on here and how I can get >>> >> myself back to functional status? >>> >> >>> >What does `netstat -rn' produce? >>> >>Please run the following commands simulteneously (on two different >>terminals) from the `firewall' host: >># script tcpdump.out tcpdump -n -i vx0 host 10.0.0.3 and icmp >>Script started on Mon Sep 13 11:20:29 1999 >>tcpdump: listening on vx0 >>11:20:33.645297 10.0.0.1 > 10.0.0.3: icmp: echo request >>11:20:34.651820 10.0.0.1 > 10.0.0.3: icmp: echo request >>11:20:35.661825 10.0.0.1 > 10.0.0.3: icmp: echo request >>11:20:36.671940 10.0.0.1 > 10.0.0.3: icmp: echo request >>11:20:37.681858 10.0.0.1 > 10.0.0.3: icmp: echo request >>11:20:38.691873 10.0.0.1 > 10.0.0.3: icmp: echo request >>11:20:39.701883 10.0.0.1 > 10.0.0.3: icmp: echo request >>11:20:40.711903 10.0.0.1 > 10.0.0.3: icmp: echo request >>11:20:41.721918 10.0.0.1 > 10.0.0.3: icmp: echo request >>11:20:42.731939 10.0.0.1 > 10.0.0.3: icmp: echo request >>^C >>71 packets received by filter >>0 packets dropped by kernel >>Script done on Mon Sep 13 11:21:09 1999 >>capricorn# >># script ping.out ping -c 10 10.0.0.3 >>Script started on Mon Sep 13 11:20:33 1999 >>PING 10.0.0.3 (10.0.0.3): 56 data bytes >>--- 10.0.0.3 ping statistics --- >>10 packets transmitted, 0 packets received, 100% packet loss >>Script done on Mon Sep 13 11:20:53 1999 >>capricorn# >Script started on Mon Sep 13 11:30:20 1999 >tcpdump: listening on vx0 >11:30:20.541455 0.00:a0:c9:3d:fb:63.6002 > >0.ff:ff:ff:ff:ff:ff.452:ipx-sap-neare >st-req 4 '^J' >11:30:22.988484 0:0:c:3e:1f:d1 0:0:c:3e:1f:d1 9000 60: > 0000 0100 0000 0000 0000 0000 0000 0000 > 0000 0000 0000 0000 0000 0000 0000 0000 > 0000 0000 0000 0000 0000 0000 0000 >11:30:25.535257 0:a0:c9:3d:fb:63 > ff:ff:ff:ff:ff:ff sap e0 ui/C len=43 > ffff 0022 0004 0000 0000 ffff ffff ffff > 0452 0000 0000 00a0 c93d fb63 6002 0001 > 0004 0006 040f 008b 0049 96 >11:30:26.174703 10.0.0.2.1039 > 10.0.0.6.139: P 4823752:4823876(124) >ack 1679220 >8 win 8760 (DF) >11:30:26.183193 10.0.0.6.139 > 10.0.0.2.1039: . 1:444(443) ack 124 win >2920 >11:30:26.183517 10.0.0.2.1039 > 10.0.0.6.139: P 124:245(121) ack 444 >win 8317 (D >F) >11:30:26.192521 10.0.0.6.139 > 10.0.0.2.1039: . 444:884(440) ack 245 >win 2920 >11:30:26.341624 10.0.0.2.1039 > 10.0.0.6.139: . ack 884 win 7877 (DF) >11:30:29.710038 10.0.0.2.1039 > 10.0.0.6.139: P 245:369(124) ack 884 >win 7877 (D >F) >11:30:29.718528 10.0.0.6.139 > 10.0.0.2.1039: . 884:1327(443) ack 369 >win 2920 >11:30:29.718881 10.0.0.2.1039 > 10.0.0.6.139: P 369:490(121) ack 1327 >win 7434 ( >DF) >11:30:29.728734 10.0.0.6.139 > 10.0.0.2.1039: . 1327:1767(440) ack 490 >win 2920 >11:30:29.846718 10.0.0.2.1039 > 10.0.0.6.139: . ack 1767 win 8760 (DF) >11:30:30.526160 0:a0:c9:3d:fb:63 > ff:ff:ff:ff:ff:ff sap e0 ui/C len=43 > ffff 0022 0004 0000 0000 ffff ffff ffff > 0452 0000 0000 00a0 c93d fb63 6002 0001 > 0004 0a00 0002 008b 040f 01 >11:30:32.988835 0:0:c:3e:1f:d1 0:0:c:3e:1f:d1 9000 60: > 0000 0100 0000 0000 0000 0000 0000 0000 > 0000 0000 0000 0000 0000 0000 0000 0000 > 0000 0000 0000 0000 0000 0000 0000 >11:30:35.518538 0:a0:c9:3d:fb:63 > ff:ff:ff:ff:ff:ff sap e0 ui/C len=43 > ffff 0022 0004 0000 0000 ffff ffff ffff > 0452 0000 0000 00a0 c93d fb63 6002 0001 > 0004 0006 040f 008b 0049 98 >11:30:36.185780 10.0.0.2.1039 > 10.0.0.6.139: P 490:614(124) ack 1767 >win 8760 ( >DF) >11:30:36.193867 10.0.0.6.139 > 10.0.0.2.1039: . 1767:2210(443) ack 614 >win 2920 >11:30:36.194204 10.0.0.2.1039 > 10.0.0.6.139: P 614:735(121) ack 2210 >win 8317 ( >DF) >11:30:36.203191 10.0.0.6.139 > 10.0.0.2.1039: . 2210:2650(440) ack 735 >win 2920 >11:30:36.356141 10.0.0.2.1039 > 10.0.0.6.139: . ack 2650 win 7877 (DF) >11:30:39.713819 10.0.0.2.1039 > 10.0.0.6.139: P 735:859(124) ack 2650 >win 7877 ( >DF) >11:30:39.722317 10.0.0.6.139 > 10.0.0.2.1039: . 2650:3093(443) ack 859 >win 2920 >11:30:39.722656 10.0.0.2.1039 > 10.0.0.6.139: P 859:980(121) ack 3093 >win 7434 ( >DF) >11:30:39.731653 10.0.0.6.139 > 10.0.0.2.1039: . 3093:3533(440) ack 980 >win 2920 >11:30:40.511591 0.00:a0:c9:3d:fb:63.6002 > >0.ff:ff:ff:ff:ff:ff.452:ipx-sap-req 4 > '^J' >11:30:42.485769 10.0.0.1 > 10.0.0.3: icmp: echo request >11:30:42.989193 0:0:c:3e:1f:d1 0:0:c:3e:1f:d1 9000 60: > 0000 0100 0000 0000 0000 0000 0000 0000 > 0000 0000 0000 0000 0000 0000 0000 0000 > 0000 0000 0000 0000 0000 0000 0000 >11:30:43.490991 10.0.0.1 > 10.0.0.3: icmp: echo request >11:30:44.501003 10.0.0.1 > 10.0.0.3: icmp: echo request >11:30:45.503266 0.00:a0:c9:3d:fb:63.6002 > >0.ff:ff:ff:ff:ff:ff.452:ipx-sap-req 4 > '^J' >11:30:45.511019 10.0.0.1 > 10.0.0.3: icmp: echo request >11:30:46.191903 10.0.0.6.139 > 10.0.0.2.1039: . 3533:3976(443) ack 1104 >win 2920 >11:30:46.192244 10.0.0.2.1039 > 10.0.0.6.139: P 1104:1225(121) ack 3976 >win 8317 > (DF) >11:30:46.202099 10.0.0.6.139 > 10.0.0.2.1039: . 3976:4416(440) ack 1225 >win 2920 >11:30:46.370581 10.0.0.2.1039 > 10.0.0.6.139: . ack 4416 win 7877 (DF) >11:30:46.521037 10.0.0.1 > 10.0.0.3: icmp: echo request >11:30:47.531128 10.0.0.1 > 10.0.0.3: icmp: echo request >11:30:48.541097 10.0.0.1 > 10.0.0.3: icmp: echo request >11:30:49.551096 10.0.0.1 > 10.0.0.3: icmp: echo request >11:30:49.719466 10.0.0.2.1039 > 10.0.0.6.139: P 1225:1349(124) ack 4416 >win 7877 > (DF) >11:30:49.727973 10.0.0.6.139 > 10.0.0.2.1039: . 4416:4859(443) ack 1349 >win 2920 >11:30:49.728290 10.0.0.2.1039 > 10.0.0.6.139: P 1349:1470(121) ack 4859 >win 7434 > (DF) >11:30:49.737300 10.0.0.6.139 > 10.0.0.2.1039: . 4859:5299(440) ack 1470 >win 2920 >11:30:49.875674 10.0.0.2.1039 > 10.0.0.6.139: . ack 5299 win 8760 (DF) >11:30:50.495642 0.00:a0:c9:3d:fb:63.6002 > >0.ff:ff:ff:ff:ff:ff.452:ipx-sap-req 4 > '^J' >11:30:50.561109 10.0.0.1 > 10.0.0.3: icmp: echo request >11:30:51.571111 10.0.0.1 > 10.0.0.3: icmp: echo request >11:30:52.989604 0:0:c:3e:1f:d1 0:0:c:3e:1f:d1 9000 60: > 0000 0100 0000 0000 0000 0000 0000 0000 > 0000 0000 0000 0000 0000 0000 0000 0000 > 0000 0000 0000 0000 0000 0000 0000 >11:30:55.488696 0.00:a0:c9:3d:fb:63.6002 > >0.ff:ff:ff:ff:ff:ff.452:ipx-sap-req 4 > '' >11:30:56.196485 10.0.0.6.139 > 10.0.0.2.1039: . 5299:5742(443) ack 1594 >win 2920 >11:30:56.196793 10.0.0.2.1039 > 10.0.0.6.139: P 1594:1715(121) ack 5742 >win 8317 > (DF) >11:30:56.205642 10.0.0.6.139 > 10.0.0.2.1039: . 5742:6182(440) ack 1715 >win 2920 >11:30:56.384999 10.0.0.2.1039 > 10.0.0.6.139: . ack 6182 win 7877 (DF) >^C >54 packets received by filter >0 packets dropped by kernel >Script done on Mon Sep 13 11:30:56 1999 >capricorn# >>After ping(8) is finished, press <Control>+C on both terminals >>and send me tcpdump.out and ping.out files. >>-- >>Ruslan Ermilov Sysadmin and DBA of the >>ru@ucb.crimea.ua United Commercial Bank, >>ru@FreeBSD.org FreeBSD committer, >>+380.652.247.647 Simferopol, Ukraine >>http://www.FreeBSD.org The Power To Serve >>http://www.oracle.com Enabling The Information Age >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-questions" in the body of the message >>Received: from aag.alaskaair.com (aag.alaskaair.com [159.49.42.2]) by >>asnasta.alaskaair.com with SMTP id MSGIETZJ; Mon, 13 Sep 1999 18:34:54 >>GMT >>Received: from hub.FreeBSD.org ([204.216.27.18]) by aag.alaskaair.com >>via smtpd (for asnasta.alaskaair.com [159.49.42.21]) with SMTP; 13 Sep >>1999 18:35:14 UT >>Received: by hub.freebsd.org (Postfix, from userid 538) id AA8EC150A4; >>Mon, 13 Sep 1999 11:31:58 -0700 (PDT) >>Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org >>(Postfix) with SMTP id 84ECA1CD476; Mon, 13 Sep 1999 11:31:58 -0700 >>(PDT) (envelope-from owner-freebsd-questions) >>Received: by hub.freebsd.org (bulk_mailer v1.12); Mon, 13 Sep 1999 >>11:31:58 -0700 >>Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua >>[212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id E0DE014E86 >>for <freebsd-questions@FreeBSD.ORG>; Mon, 13 Sep 1999 11:30:30 -0700 >>(PDT) (envelope-from ru@ucb.crimea.ua) >>Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) >>id VAA00395; Mon, 13 Sep 1999 21:27:04 +0300 (EEST) (envelope-from ru) >>Message-ID: <19990913212704.A98610@relay.ucb.crimea.ua> >>References: <msg1219643.thr-894a72.4c526e@alaskaair.com> >><19990913210504.D88685@relay.ucb.crimea.ua> >><msg1220105.thr-894a72.4c526e@alaskaair.com> >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message >Received: from aag.alaskaair.com (aag.alaskaair.com [159.49.42.2]) by >asnasta.alaskaair.com with SMTP id MSGIYJZG; Mon, 13 Sep 1999 19:12:37 >GMT >Received: from hub.FreeBSD.org ([204.216.27.18]) by aag.alaskaair.com >via smtpd (for asnasta.alaskaair.com [159.49.42.21]) with SMTP; 13 Sep >1999 19:12:57 UT >Received: by hub.freebsd.org (Postfix, from userid 538) id D26AF15331; >Mon, 13 Sep 1999 12:08:48 -0700 (PDT) >Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org >(Postfix) with SMTP id 905951CD733; Mon, 13 Sep 1999 12:08:48 -0700 >(PDT) (envelope-from owner-freebsd-questions) >Received: by hub.freebsd.org (bulk_mailer v1.12); Mon, 13 Sep 1999 >12:08:48 -0700 >Received: from aag.alaskaair.com (outbound.alaskaair.com >[159.49.42.191]) by hub.freebsd.org (Postfix) with SMTP id 8772815364 >for <freebsd-questions@FreeBSD.ORG>; Mon, 13 Sep 1999 12:08:37 -0700 >(PDT) (envelope-from elazich@AlaskaAir.com) >Received: from OUTBOUND.alaskaair.com by aag.alaskaair.com via smtpd >(for hub.FreeBSD.org [204.216.27.18]) with SMTP; 13 Sep 1999 19:11:45 UT >Received: from asnasta (asnasta.alaskaair.com [159.49.42.21]) by >outbound.alaskaair.com (8.9.3/8.9.3) with SMTP id LAA29969; Mon, 13 Sep >1999 11:51:31 -0700 >Message-ID: <msg1220314.thr-894a72.4c526e@alaskaair.com> >References: <msg1219643.thr-894a72.4c526e@alaskaair.com> ><19990913210504.D88685@relay.ucb.crimea.ua> ><msg1220105.thr-894a72.4c526e@alaskaair.com> ><19990913212704.A98610@relay.ucb.crimea.ua> >Organization: Alaska Airlines To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?msg1223309.thr-894a72.4c526e>