routing problem

Simon Simon
Thu Sep 4 09:40:27 BST 2003


FYI

I've fixed the problem. I think theres a bug in closedbsd gui. I redid all
the routes and defined interfaces manually, all works fine now.

Very strange.

Simon
----- Original Message ----- 
From: "Edmund Craske" <edmund at m00is.net>
To: "'Simon Gray'" <simong at desktop-guardian.com>; "FreeBSD Users UK Mailing
List" <freebsd-users at uk.freebsd.org>
Sent: Monday, September 01, 2003 4:03 AM
Subject: RE: routing problem


I believe I have experienced a similar, equally perplexing problem. After
wracking my brains as to what the problem could be, I decided to try
updating my router firmware, and the problem was cured. Fsck knows what the
router was doing!

BTW, my router was a Conexant AMX-CA61E (dabsvalue). Do you have the same
one?

Hope this helps,
Edmund Craske

-----Original Message-----
From: freebsd-users-admin at uk.freebsd.org
[mailto:freebsd-users-admin at uk.freebsd.org] On Behalf Of Simon Gray
Sent: 19 August 2003 13:00
To: freebsd-users at uk.freebsd.org
Subject: routing problem


Hi fbsd-users,

Got a quick routing question here, first of all i'll explain roughly how our
network is setup and hopefully if anyone can spot any obvious school boy
errors that would be greatly appreciated.

Block of 8 ip addresses assigned to ADSL.

(Using 10.0.0.x instead of the real external ip addresses)

ADSL ROUTER (10.0.0.1 - on both interfaces)
       |
     SWITCH --- WEB_SERVER(10.0.0.3) (other 3 ip's are to be assigned to
other servers shortly)
       |
     closedbsd (freebsd w/ipfw) firewall doing nat (outside:10.0.0.2,
inside:192.168.0.1)
       |
      SWITCH
        |
     workstaions (192.168.0.x)

The ipfw rules are quite (in fact VERY basic - once its working properly
i'll tweak these)

<>
divert natd ip from any to any via outside_iface
allow ip from any to any
</>

- Note that there are currently no packets being blocked on this box.

Thats the basic network design, we also have ids etc, but thats irrelevant
for this problem.

Ok now for some unknown reason, from the workstations I can not connect to
certain servers (e.g. my box on my dsl at home), however the web_server can.

If I perform a traceroute from the web_server goes through each hop fine. If
i perform a traceroute from one of the workstations, it gets to the first
hop fine (ipfw box), then times out on the rest, dns is all working fine.
There aren't any rules on the adsl router that blocks anything from the ipfw
box and isn't blocking outbound icmp/udp/tcp.

Now the bit that puzzels me, is that its only some ip ranges it doesn't work
for.. I can connect to a friends box then on to mine at home fine. Can
connect to mine from the web_server, just not to mine behind the nat'd
setup..

I would of thought if there were a problem with our setup then surely it
wouldn't do traceroutes/ssh etc.. wouldn't work at all, rather than just on
some ip ranges? The only thing I could think of could be the TTL's?

Anyone got any ideas why this is happening? And/or how I can fix this?

TIA

Simon


------ FreeBSD UK Users' Group  -  Mailing List ------
http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users







More information about the Ukfreebsd mailing list