edmund at m00is.net
Mon Sep 1 04:03:34 BST 2003
I believe I have experienced a similar, equally perplexing problem. =
wracking my brains as to what the problem could be, I decided to try
updating my router firmware, and the problem was cured. Fsck knows what =
router was doing!
BTW, my router was a Conexant AMX-CA61E (dabsvalue). Do you have the =
Hope this helps,
From: freebsd-users-admin at uk.freebsd.org
[mailto:freebsd-users-admin at uk.freebsd.org] On Behalf Of Simon Gray
Sent: 19 August 2003 13:00
To: freebsd-users at uk.freebsd.org
Subject: routing problem
Got a quick routing question here, first of all i'll explain roughly how =
network is setup and hopefully if anyone can spot any obvious school boy
errors that would be greatly appreciated.
Block of 8 ip addresses assigned to ADSL.
(Using 10.0.0.x instead of the real external ip addresses)
ADSL ROUTER (10.0.0.1 - on both interfaces)
SWITCH --- WEB_SERVER(10.0.0.3) (other 3 ip's are to be assigned to
other servers shortly)
closedbsd (freebsd w/ipfw) firewall doing nat (outside:10.0.0.2,
The ipfw rules are quite (in fact VERY basic - once its working properly
i'll tweak these)
divert natd ip from any to any via outside_iface
allow ip from any to any
- Note that there are currently no packets being blocked on this box.
Thats the basic network design, we also have ids etc, but thats =
for this problem.
Ok now for some unknown reason, from the workstations I can not connect =
certain servers (e.g. my box on my dsl at home), however the web_server =
If I perform a traceroute from the web_server goes through each hop =
i perform a traceroute from one of the workstations, it gets to the =
hop fine (ipfw box), then times out on the rest, dns is all working =
There aren't any rules on the adsl router that blocks anything from the =
box and isn't blocking outbound icmp/udp/tcp.
Now the bit that puzzels me, is that its only some ip ranges it doesn't =
for.. I can connect to a friends box then on to mine at home fine. Can
connect to mine from the web_server, just not to mine behind the nat'd
I would of thought if there were a problem with our setup then surely it
wouldn't do traceroutes/ssh etc.. wouldn't work at all, rather than just =
some ip ranges? The only thing I could think of could be the TTL's?
Anyone got any ideas why this is happening? And/or how I can fix this?
------ FreeBSD UK Users' Group - Mailing List ------
More information about the Ukfreebsd