routing problem

Edmund Craske edmund at m00is.net
Mon Sep 1 04:03:34 BST 2003


I believe I have experienced a similar, equally perplexing problem. =
After
wracking my brains as to what the problem could be, I decided to try
updating my router firmware, and the problem was cured. Fsck knows what =
the
router was doing!

BTW, my router was a Conexant AMX-CA61E (dabsvalue). Do you have the =
same
one?

Hope this helps,
Edmund Craske

-----Original Message-----
From: freebsd-users-admin at uk.freebsd.org
[mailto:freebsd-users-admin at uk.freebsd.org] On Behalf Of Simon Gray
Sent: 19 August 2003 13:00
To: freebsd-users at uk.freebsd.org
Subject: routing problem


Hi fbsd-users,

Got a quick routing question here, first of all i'll explain roughly how =
our
network is setup and hopefully if anyone can spot any obvious school boy
errors that would be greatly appreciated.

Block of 8 ip addresses assigned to ADSL.

(Using 10.0.0.x instead of the real external ip addresses)

ADSL ROUTER (10.0.0.1 - on both interfaces)
       |
     SWITCH --- WEB_SERVER(10.0.0.3) (other 3 ip's are to be assigned to
other servers shortly)
       |
     closedbsd (freebsd w/ipfw) firewall doing nat (outside:10.0.0.2,
inside:192.168.0.1)
       |
      SWITCH
        |
     workstaions (192.168.0.x)

The ipfw rules are quite (in fact VERY basic - once its working properly
i'll tweak these)

<>
divert natd ip from any to any via outside_iface
allow ip from any to any
</>

- Note that there are currently no packets being blocked on this box.

Thats the basic network design, we also have ids etc, but thats =
irrelevant
for this problem.

Ok now for some unknown reason, from the workstations I can not connect =
to
certain servers (e.g. my box on my dsl at home), however the web_server =
can.

If I perform a traceroute from the web_server goes through each hop =
fine. If
i perform a traceroute from one of the workstations, it gets to the =
first
hop fine (ipfw box), then times out on the rest, dns is all working =
fine.
There aren't any rules on the adsl router that blocks anything from the =
ipfw
box and isn't blocking outbound icmp/udp/tcp.

Now the bit that puzzels me, is that its only some ip ranges it doesn't =
work
for.. I can connect to a friends box then on to mine at home fine. Can
connect to mine from the web_server, just not to mine behind the nat'd
setup..

I would of thought if there were a problem with our setup then surely it
wouldn't do traceroutes/ssh etc.. wouldn't work at all, rather than just =
on
some ip ranges? The only thing I could think of could be the TTL's?

Anyone got any ideas why this is happening? And/or how I can fix this?

TIA

Simon


------ FreeBSD UK Users' Group  -  Mailing List ------
http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users





More information about the Ukfreebsd mailing list